Incident Handling and Detection
|
|
- Gloria Williams
- 6 years ago
- Views:
Transcription
1 Incident Handling and Detection Mohammed Fadzil Haron SSP-MPA GSEC GCIA MyCERT 5 th SIG July 19, Intel Corporation. All Rights Reserved.
2 Agenda Definition Threat and Trend Incident Response Overview Detection of Incidents Documentation Detection in Windows* and Unix* 2 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
3 Definitions Events An observable occurrence in an information system that actually happened at some point in time. Incident An event that might lead to an accident or an accident which is not too serious. Security Incident An event that involves a security violation. This may be an event that breaks a security policy, UAP, laws and jurisdictions, etc. 3
4 Threat Trend: Attack Sophistication increasing Intruder Technical Knowledge decreasing High Low Intruder Technical Knowledge Attack Sophistication back doors disabling audits packet spoofing sweepers burglaries exploiting known vulnerabilities password cracking sniffers self-replicating code password guessing hijacking sessions stealth / advanced scanning techniques denial of service DDoS attacks www attacks automated probes/scans GUI network mgmt. diagnostics Improved Tools Required Intruder Knowledge Source: Cert/CC Internet Security Trends
5 Security Incidents Source: CERT* Security incidents reported to CERT* Most frequently detected attacks or incidents percentage of respondents Source: 2002 CSI/FBI security survey Detected viruses, worms, malicious code Virus 300 Insider abuse of net access Laptop theft Denial of service The Wildlist* (worldwide) Systems Unauthorized penetration access by insiders Source: McAfee* Jan-99 Mar-99 May-99 Jul-99 Sep-99 Nov-99 Jan-00 Mar-00 May-00 Jul-00 Sep-00 Nov-00 Jan-01 Mar-01 Source: The Wildlist* May-01 Jul-01 Sep-01 Nov-01 Jan-02 * Other names and brands may be claimed as the property of others.
6 Difficulties in Assessing Computer Crime Most computer crimes go undetected by their victims Of those attacks which are detected, few are reported ** White Paper on Computer Crime Statistics, the International Computer Security Association 6
7 Simple Incident Handling Flow Resolution Incident Handling Flow Preparation Detection / Identification Response 7
8 Complete Incident Handling Flow Follow-Up Preparation Detection / Identification Incident Handling Flow Recovery Eradication Containment 8
9 Complete Incident Handling Flow Follow-Up Preparation Incident Handling Flow Recovery Detection / Identification Containment Eradication Shorten Detection/ Identification Time 9
10 Preparation for Detection Incident Response Team identified Processes and documentations in place Get buy-off from top management Build necessary skills from professional certifications or in-house training 10 This paper is for Informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESSED OR IMPLIED IN THIS PAPER.
11 The Response Team Employees Engineering Physical Security System Administrator (Firewall etc) Information Security Lawyer Human Resource Help Desk 11
12 Your Role as Incident Handler Detect an incident Evaluate it Report it Start incident response process 12
13 Who Detects an Incident? End User Intrusion Detection System Alert System Administrator Help Desk Security Human Resource Legal Public Knowledge e.g., a defacement mirror such as zone-h.org 13
14 Computer and Network Events Event Action Probe Scan Flood Authenticate Bypass Spoof Read Copy Steal Modify Delete Target Account Process Data Component Computer Network Internetwork Howard s Event 14
15 Computer and Network Attacks Attack Event Tool Vulnerability Action Target Unauthorized Result Physical Attack Design Probe Account Increased Access Info. Exchange Implementation Scan Process Disclosure of Info User Command Configuration Flood Data Corruption of Info Script or Program Authenticate Component Denial of Service Autonomous Agent Bypass Computer Theft of Resources Toolkit Spoof Network Distributed Tool Read Internetwork Data Tap Copy Steal Modify Delete Howard s Attacks 15
16 Computer and Network Incident Autonomy Attack Event Incident Attacker Hackers Spies Terrorists Tool Physical Attack Info. Exchange User Command Vulnerability Design Implementation Configuration Action Probe Scan Flood Target Account Process Data Unauthorized ResultObjectives Increased Access Disclosure of Info Corruption of Info Challenge, Status, Thrill Political Gain Corp. Raiders Script or Program Authenticate Component Denial of Service Financial Gain Pro. Criminals Autonomous Agent Bypass Computer Theft of Resources Damage Vandals Toolkit Spoof Network Voyeurs Distributed Tool Read Internetwork Data Tap Copy Steal Modify Delete Howard s Incidents 16
17 Event Documentation Record This Information When an Event Becomes an Incident: Date Time Source of event report (who or what?) Description of event 17
18 Event Documentation Reported by an IDS Additional Information to Obtain When an Event Is Reported by an IDS : The apparent source address(es) of the event The apparent target address(es) of the event The specific alert(s) that were raised by the IDS The sensor(s) which detected the event(s) Time when the first alert was triggered Time when the last alert was triggered Reverse DNS lookup such as nslookup Resolve the addresses using services such as whois from ARIN, APNIC and RIPE Correlate activity against other events from same source Assess if your systems could have been compromised by the activity or whether it was contained by existing security controls 18
19 What If Event Might Lead To Legal Prosecution? Do not perform direct reverse network activities such as Ping or Traceroute This might alert the intruder Only use non-intrusive methods, such as nslookup, whois 19
20 Classification Determine if an event should be classified as an incident by answering these questions: Is it a risk to data integrity? Is it a risk to the availability of the resource? Is it a risk to the confidentiality of the data? Is the activity abnormal? Does it violate company security policies? If the answer to any of the above questions is Yes, it is probable the event is an incident 20
21 What to Look For In Windows* Systems Unusual Processes Unusual Files Unusual Network Usage Unusual Schedule Tasks Unusual Accounts Unusual Log Entries 21 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
22 Unusual Processes in Windows* Look for unusual or unexpected processes: Using Task Manager (taskmgr.exe) On Windows XP* and Windows 2003*, focus on processes with username SYSTEM or Administrator or users in the Administrator s group Look for unusual network services C:\ net start You need to be familiar with normal processes and unusual processes Also look for: Processes running at unexpected times Processes terminating prematurely New, unexpected or previously disabled process or services Inactive user accounts that spawn processes and use CPU resources 22 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
23 Unusual Files in Windows* Check for sudden decreases in disk space Use GUI Explorer or type: C:\ dir c:\ Look for unusually big files (10MB) Start -> Search -> For Files or Folders Search Options -> Size -> At Least 10000KB 23 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
24 Unusual Network Usage in Windows* Check file shares C:\ net view Look at who has an open session with the machine C:\ net session Look at which sessions this machine has opened with other systems C:\ net use 24 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
25 Unusual Network Usage in Windows* Look at NetBIOS over TCP/IP activity C:\> nbtstat S Look for unusual listening TCP and UDP ports C:\> netstat na C:\> netstat na 5 (refresh every 5 sec) C:\> netstat nao 5 (-o flag showing process id) 25 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
26 Unusual Schedule Tasks in Windows* Look at scheduled tasks on local host C:\> at Also check the scheduled tasks using the Task Manager: Start -> Programs -> Accessories -> System Tools -> Scheduled Tasks Look for unusual scheduled tasks, especially with Administrator s privilege, as SYSTEM or a blank username 26 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
27 Unusual Accounts in Windows* Look for new, unexpected accounts in the Administrators group in Local User Manager: C:\> lusrmgr.msc Click on Groups, Double click on Administrators, and then check members of this group 27 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
28 Unusual Log Entries in Windows* Look at the logs from event viewer: C:\> eventvwr.msc Look for suspicious events like: Event log service was stopped Windows File Protection is not active on this system The MS Telnet Service has started successfully Look for large number of failed logon attempts or locked out accounts Look at application logs for unusual activities IIS* log at C:\>WINNT\System32\LogFiles\W3SVC1 28 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
29 How To Detect In Unix* Operating Systems Unusual Processes Unusual Files Unusual Network Usage Unusual Schedule Tasks Unusual Accounts Unusual Log Entries 29 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
30 Unusual Processes in Unix* Look for running processes # ps aux Get familiar with normal processes Look for unusual processes especially with root (UID 0) For unfamiliar processes, get detail by # lsof p [pid] This will show all the files and ports used by the process Also look for: Processes running at unexpected times Processes terminating prematurely New, unexpected or previously disabled process or services Inactive user accounts that are spawning processes and using CPU resources 30 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
31 Unusual Files in Unix* Look for unusual SUID root files: # find / -uid 0 perm print You need to know normal SUID files Look for unusual large files (Greater than 10MB) # find / -size k print You need to know normal large files 31 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
32 Unusual Files in Unix* Look for files named with dots and spaces such as,..,. and # find / -name name print # find / -name name.. print # find / -name name. print # find / -name name print 32 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
33 Unusual Files If RPM is installed (in Linux*, RedHat*, Mandrake*, etc.), run RPM tool to verify packages: # rpm Va Checks size, MD5 sum, permissions, type, owner, and group of each file with information from RPM database Pay special attention to changes associated with items in /sbin, /bin, /usr/sbin and /usr/bin 33 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
34 Unusual Files Output includes: S - File size differs M Mode differs (permissions) 5 MD5 sum differs D Device number mismatch L readlink path mismatch U user ownership differs G group ownership differs T modification time differs 34
35 Unusual Schedule Tasks in Unix* Look for cron jobs scheduled by root or any UID 0 accounts # crontab u root l Look for unusual system-wide cron jobs # cat /etc/crontab # ls /etc/cron.* 35 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
36 Unusual Network Usage in Unix* Look for promiscuous mode, which might indicate a sniffer # ip link grep PROMISC Look for unusual port listeners # lsof I # netstat nap Look for unusual ARP entries, for incorrect IP address to MAC address mapping for the LAN # arp -a 36 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
37 Unusual Accounts in Unix* Look in /etc/passwd for new account, especially UID 0 or GID 0 # less /etc/passwd # grep :0: /etc/passwd 37 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
38 Unusual Log Entries in Unix* Look for unusual and suspicious events in system logs Look at application logs for unusual activities Apache* log at /usr/local/apache/logs/access_log 38 Intel, the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others.
39 Key Mistakes in Detection Event not even detected (false negative) Event detected but not validated, causing false alarm (Don t jump to conclusions too quickly) Event not even reported Not asking for help Incomplete notes Mishandling or destroying evidence 39
40 Conclusion Detection is very important step in incident response handling after preparation Reduced detection time can result in faster containment Validate the detection Report it to start the incident handling process 40
41 Questions? 41
42 References
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 6 Intrusion Detection First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Intruders significant issue hostile/unwanted
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationOverview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter
Computer Network Lab 2017 Fachgebiet Technische Informatik, Joachim Zumbrägel Overview Security Type of attacks Firewalls Protocols Packet filter 1 Security Security means, protect information (during
More informationGCIH. GIAC Certified Incident Handler.
GIAC GCIH GIAC Certified Incident Handler TYPE: DEMO http://www.examskey.com/gcih.html Examskey GIAC GCIH exam demo product is here for you to test the quality of the product. This GIAC GCIH demo also
More informationHome Computer and Internet User Security
Home Computer and Internet User Security Lawrence R. Rogers Version 1.0.4 CERT Training and Education Networked Systems Survivability Software Engineering Institute Carnegie Mellon University Pittsburgh,
More informationIntrusion Detection. Comp Sci 3600 Security. Introduction. Analysis. Host-based. Network-based. Distributed or hybrid. ID data standards.
or Detection Comp Sci 3600 Security Outline or 1 2 3 4 5 or 6 7 8 Classes of or Individuals or members of an organized crime group with a goal of financial reward Their activities may include: Identity
More informationTestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified
TestOut Network Pro - English 4.1.x COURSE OUTLINE Modified 2017-07-06 TestOut Network Pro Outline - English 4.1.x Videos: 141 (18:42:14) Demonstrations: 81 (10:38:59) Simulations: 92 Fact Sheets: 145
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 22-1 1. Intruders 2. Intrusion
More informationTestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified
TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationChapter 4. Network Security. Part I
Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationINFORMATION SECURITY-SECURITY INCIDENT RESPONSE
Information Technology Services Administrative Regulation ITS-AR-1506 INFORMATION SECURITY-SECURITY INCIDENT RESPONSE 1.0 Purpose and Scope The purpose of the Security Response Administrative Regulation
More informationQuestion No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:
Volume: 75 Questions Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output: Which of the following is occurring? A. A ping sweep B. A port scan
More informationRaj Jain. Washington University in St. Louis
Intrusion Detection Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationDumpsTorrent. Latest dumps torrent provider, real dumps
DumpsTorrent http://www.dumpstorrent.com Latest dumps torrent provider, real dumps Exam : GCIH Title : GIAC Certified Incident Handler Vendor : GIAC Version : DEMO Get Latest & Valid GCIH Exam's Question
More informationDave McCurdy Executive Director Internet Security Alliance President Electronics Industry Alliance
Dave McCurdy Executive Director Internet Security Alliance President Electronics Industry Alliance Dmccurdy@eia.org 703-907-7508 The Internet Security Alliance The Internet Security Alliance is a collaborative
More informationAIIC Associazione Italiana esperti Infrastrutture Critiche AIIC (1)
AIIC Associazione Italiana esperti Infrastrutture Critiche AIIC (1) AIIC Associazione Italiana esperti Infrastrutture Critiche Non-governmental and non-profit scientific association legally registered
More informationChapter 12. Information Security Management
Chapter 12 Information Security Management We Have to Design It for Privacy... and Security. Tension between Maggie and Ajit regarding terminology to use with Dr. Flores. Overly technical communication
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationFRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months
FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES
More informationStrategic Infrastructure Security
Strategic Infrastructure Security Course Number: SCPSIS Length: Certification Exam There are no exams currently associated with this course. Course Overview This course picks up right where Tactical Perimeter
More informationCyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational
More informationNetwork Security Issues and New Challenges
Network Security Issues and New Challenges Brijesh Kumar, Ph.D. Princeton Jct, NJ 08550 Brijesh_kumar@hotmail.com A talk delivered on 11/05/2008 Contents Overview The problem Historical Perspective Software
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationSDR Guide to Complete the SDR
I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationA+ Guide to Managing & Maintaining Your PC, 8th Edition. Chapter 17 Windows Resources on a Network
Chapter 17 Windows Resources on a Network Objectives Learn how to support some client/server applications Learn how to share and secure files and folders on the network Learn how to troubleshoot network
More informationCross-site request forgery Cross-site scripting Man-in-the-browser Session hijacking Malware Man-in-the-middle DNS cache poisoning DNS spoofing DNS hijacking Dictionary attacks DDoS DDoS Eavesdropping
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationNetwork Security Platform Overview
Quick Tour Revision B McAfee Network Security Platform 8.1 Network Security Platform Overview McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]
s@lm@n ECCouncil Exam 312-50v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] Question No : 1 An Intrusion Detection System(IDS) has alerted the network administrator to a possibly
More informationSecurity Audit What Why
What A systematic, measurable technical assessment of how the organization's security policy is employed at a specific site Physical configuration, environment, software, information handling processes,
More informationPass Microsoft Exam
Pass Microsoft 98-367 Exam Number: 98-367 Passing Score: 700 Time Limit: 45 min File Version: 51.0 http://www.gratisexam.com/ Pass Microsoft 98-367 Exam Exam Name: Security Fundamentals Certdumps QUESTION
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationIS Today: Managing in a Digital World 9/17/12
IS Today: Managing in a Digital World Chapter 10 Securing Information Systems Worldwide losses due to software piracy in 2005 exceeded $34 billion. Business Software Alliance, 2006 Accessories for war
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationEthical Hacking. Content Outline: Session 1
Ethical Hacking Content Outline: Session 1 Ethics & Hacking Hacking history : How it all begin - Why is security needed? - What is ethical hacking? - Ethical Hacker Vs Malicious hacker - Types of Hackers
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationOverview Intrusion Detection Systems and Practices
Overview Intrusion Detection Systems and Practices Chapter 13 Lecturer: Pei-yih Ting Intrusion Detection Concepts Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More informationMcAfee Virtual Network Security Platform 8.4 Revision A
8.4.7.101-8.3.7.18 Manager-Virtual IPS Release Notes McAfee Virtual Network Security Platform 8.4 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions
More informationUsing CSC SSM with Trend Micro Damage Cleanup Services
APPENDIXD Using CSC SSM with Trend Micro Damage Cleanup Services Trend Micro InterScan for CSC SSM works with Trend Micro Damage Cleanup Services (DCS) as part of an enterprise protection strategy. The
More informationVulnerability Assessment. Detection. Aspects of Assessment. 1. Asset Identification. 1. Asset Identification. How Much Danger Am I In?
Detection Vulnerability Assessment Week 4 Part 2 How Much Danger Am I In? Vulnerability Assessment Aspects of Assessment Vulnerability Assessment is a systematic evaluation of asset exposure to threats
More informationPOLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents
POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND October 2005 Table of Contents Introduction... 1 Purpose Of This Policy... 1 Responsibility... 1 General Policy... 2 Data Classification Policy...
More informationComptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam
Comptia.Certkey.SY0-401.v2014-09-23.by.SANFORD.362q Number: SY0-401 Passing Score: 800 Time Limit: 120 min File Version: 18.5 Exam Code: SY0-401 Exam Name: CompTIA Security+ Certification Exam Exam A QUESTION
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationDesign your network to aid forensics investigation
18th Annual FIRST Conference Design your network to aid forensics investigation Robert B. Sisk, PhD, CISSP Senior Technical Staff Member IBM Baltimore, Maryland USA Master Outline Introduction Incident
More informationSANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.
SANS SEC504 Hacker Tools, Techniques, Exploits and Incident Handling http://killexams.com/exam-detail/sec504 QUESTION: 315 Which of the following techniques can be used to map 'open' or 'pass through'
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationVirtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE, T.J.S ENGINEERING COLLEGE
International Journal of Scientific & Engineering Research, Volume 4, Issue 4, April-2013 1492 Virtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE,
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More informationMcAfee Network Security Platform
Revision B McAfee Network Security Platform (8.1.7.5-8.1.3.43 M-series Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationAuthentication System
A Biologically Inspired Password Authentication System Dipankar Dasgupta and Sudip Saha Center for Information Assurance University of Memphis Memphis, TN 38152 Outline Motivation Position Authentication
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationNetwork Security. Course notes. Version
Network Security Course notes Version 2013.1 2 Contents 1 Firewalls 1 1.1 Location of a firewall................................... 2 2 Intrusion Detection 3 2.1 Concepts of Intrusion detection.............................
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationQuestion: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break.
1 ISC - SSCP System Security Certified Practitioner (SSCP) Question: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break. Question: 2 What is the main difference between computer
More informationSeqrite Endpoint Security
Enterprise Security Solutions by Quick Heal Integrated enterprise security and unified endpoint management console Enterprise Suite Edition Product Highlights Innovative endpoint security that prevents
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationECCouncil v9. ECCouncil Computer Hacking Forensic Investigator (V9)
ECCouncil 312-49v9 ECCouncil Computer Hacking Forensic Investigator (V9) https://killexams.com/pass4sure/exam-detail/312-49v9 QUESTION: 227 What is the target host IP in the following command? C:\> firewalk
More informationch02 True/False Indicate whether the statement is true or false.
ch02 True/False Indicate whether the statement is true or false. 1. No matter what medium connects computers on a network copper wires, fiber-optic cables, or a wireless setup the same protocol must be
More informationCybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls
Cybersecurity Hospitality Finance and Technology Professionals June 27, 2017 Presented by: Harvey Johnson, CPA Partner Overview Define Cyber Security Importance of Cyber Security 2017 Cyber Trends 1 About
More informationEXAM - CAS-002. CompTIA Advanced Security Practitioner (CASP) Exam. Buy Full Product.
CompTIA EXAM - CAS-002 CompTIA Advanced Security Practitioner (CASP) Exam Buy Full Product http://www.examskey.com/cas-002.html Examskey CompTIA CAS-002 exam demo product is here for you to test the quality
More informationAdvanced Security Measures for Clients and Servers
Advanced Security Measures for Clients and Servers Wayne Harris MCSE Senior Consultant Certified Security Solutions Importance of Active Directory Security Active Directory creates a more secure network
More informationISC2 EXAM - SSCP. Systems Security Certified Practitioner. Buy Full Product.
ISC2 EXAM - SSCP Systems Security Certified Practitioner Buy Full Product http://www.examskey.com/sscp.html Examskey ISC2 SSCP exam demo product is here for you to test the quality of the product. This
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationCorrelating IDS Alerts with Vulnerability Information
Correlating IDS Alerts with Vulnerability Information December 2002 (Updated January 2009) Ron Gula Chief Technology Officer Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 INTRUSION DETECTION
More informationWhy?
SEC 211 Incident Response Oh no, we ve been hacked! Now what do we do? Why? Typical incident response process 1. Oh no, we got hacked! 2. Look for the easy solution 3. Failing that, observe the damage
More informationISSP Network Security Plan
ISSP-000 - Network Security Plan 1 CONTENTS 2 INTRODUCTION (Purpose and Intent)... 1 3 SCOPE... 2 4 STANDARD PROVISIONS... 2 5 STATEMENT OF PROCEDURES... 3 5.1 Network Control... 3 5.2 DHCP Services...
More informationObjectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Enterprise Network Security Describe the general methods used to mitigate security threats to Enterprise networks
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationModule 20: Security. The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption. Operating System Concepts 20.
Module 20: Security The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption 20.1 The Security Problem Security must consider external environment of the system,
More informationMonitoring the Device
The system includes dashboards and an Event Viewer that you can use to monitor the device and traffic that is passing through the device. Enable Logging to Obtain Traffic Statistics, page 1 Monitoring
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationInformation Security Training Needs Assessment Study. Dr. Melissa Dark CERIAS Assistant Professor Continuing Education Director
Information Security Training Needs Assessment Study Dr. Melissa Dark CERIAS Assistant Professor Continuing Education Director Copyright Melissa J. Dark, 2001. This work is the intellectual property of
More informationIntrusion prevention systems are an important part of protecting any organisation from constantly developing threats.
Network IPS Overview Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. By using protocol recognition, identification, and traffic analysis
More informationLab1. Definition of Sniffing: Passive Sniffing: Active Sniffing: How Does ARP Spoofing (Poisoning) Work?
Lab1 Definition of Sniffing: A program or device that captures vital information from the network traffic specific to a particular network. Passive Sniffing: It is called passive because it is difficult
More information5. Execute the attack and obtain unauthorized access to the system.
Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and
More informationMcAfee Network Security Platform
McAfee Network Security Platform 9.2 (Quick Tour) McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and software that accurately detects and prevents
More informationGrid-CERT Services. Modification of traditional and additional new CERT Services for Grids
Grid-CERT Services Modification of traditional and additional new CERT Services for Grids Presentation at the Annual FIRST Conference Vancouver, Canada June 26, 2008 Antonio Liu 2000-2008 by PRESECURE
More information