CIT 480: Securing Computer Systems. Incident Response and Honeypots
|
|
- Beatrix Sullivan
- 6 years ago
- Views:
Transcription
1 CIT 480: Securing Computer Systems Incident Response and Honeypots
2 Incident Response What is an Incident? Phases of Incident Response 1. Preparation 2. Identification 3. Containment 4. Damage Assessment 5. Preserve Evidence 6. Eradication 7. Recovery 8. Follow-up
3 What is an Incident? Violation of security policy: Unauthorized access of information Unauthorized access to machines Embezzlement Virus or worm attack Denial of service attacks spam or harassment
4 Detecting an Incident Catching perpetrator in the act Unauthorized logins, network connections, NIDS alerts. Noticing unauthorized system changes. Notification from another entity Customer Partner Law enforcement Victim of attack launched from your IP range Strange activities on system: crashes, random reboots, slow performance.
5 Incident Response Restoring system to satisfy site security policy Phases: 1. Preparation for attack (before attack detected) 2. Identification of attack 3. Containment of attack (confinement) 4. Damage assessment 5. Preserve evidence (if necessary) 6. Eradication of attack (stop attack) 7. Recovery from attack (restore system to secure state) 8. Follow-up to attack (analysis and other actions)
6 Preparation 1. Configure intrusion detection systems. 2. Determine your response goals. 3. Document incident response procedures. Who to contact? What to do? 4. Organizing a CSIRT Finding and training personnel. Hardware/software necessary for investigation.
7 Incident Response Goals 1. Identify what happened. 2. Contain intrusion to prevent further damage. 3. Recover systems and data. 4. Prevent future intrusions of same kind. 5. Investigate and/or prosecute intrusion. 6. Prevent public knowledge of incident.
8 Identification Who/what reported incident. Date and time of the incident. Nature of the intrusion. What level of unauthorized access was attained? Is it known to the public? Hardware/software involved How critical are the affected systems? Assemble CSIRT Team membership may vary based on nature of incident
9 Containment Limit access of attacker to system resources. Containment method depends on criticality of systems and extent of intrusion. Monitoring intruder Reducing intruder s access Deception De-activating the affected account Need to kill active processes too Blocking access to system via firewall Pulling network/phone cable Powering down system
10 Monitoring Records attacker s actions; does not interfere with attack: Idea is to find out what the attacker is after and/or methods the attacker is using. Problem: attacked system is vulnerable throughout Attacker can also attack other systems. Example: type of OS can be derived from settings of TCP and IP packets of incoming connections Passive IDS tools like Bro and p0f work this way. Analyst draws conclusions about source of attack.
11 Reducing Access Reduce protection domain of attacker. Problem: if defenders do not know what attacker is after, reduced protection domain may contain what the attacker is after. Stoll created document that attacker d/led. Download took several hours, during which the phone call was traced to Germany.
12 Deception Honeypot: a system designed solely for intruders to attack in order to accomplish one or more of the following goals. Also known as a honeynet. 1. Detect intrusions with very few false positives, since legitimate users have no reason to access honeypot. 2. Monitor attacker activities to determine targeted assets, origin, motivation, capabilities, etc. 3. Waste intruder time attacking honeypot, so that defender has time to respond to incident.
13 Low Interaction Honeypots honeyd: responds to probes on a set of unused IP addresses via shell scripts that can return banners for simple scans like nmap sv. nepenthes: emulates vulnerable Windows services to collect exploits and malware. Dionaea: scriptable honeypot designed to be able to emulate wide variety of vulnerable services to collect exploits and malware. Fakenet: simulates DNS, HTTP, HTTPS to dynamically analyze malware. Returns reasonable responses to malware requests.
14 Medium Interaction Honeypots Kippo is a medium interaction ssh honeypot designed to log brute force attacks and attacker shell commands. Inspired by Kojoney, a LI ssh honeypot. Fake filesystem with the ability to add/remove files. Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included. Saves files downloaded with wget for later inspection Deception: ssh pretends to connect, apt-get pretends to install, etc.
15 High Interaction Honeypots
16 Honeymonkey Thug Client Honeypots Strider Microsoft Research project. Network of VMs running IE crawling the web in search of malicious sites that attempt to exploit browsers and distribute malware. Multiple versions of Windows and IE used. Low interaction client honeypot. Emulates multiple browsers and OSes.
17 Honeytokens A honeytoken is data that is designed solely for attackers to abuse. Any access to the data is an indication of unauthorized use. Attempts to download honeytoken files or database records can be identified by NIDS. Medical record systems will sometimes create fake records for celebrities and politicians. Mailing lists may contain addresses published nowhere else that point to accounts that accept mail and record sender information. Maps contain fake streets, towns, or islands to identify when competitors copy the map.
18 Damage Assessment: Data System date and time when assessment began. List of users currently logged in. Time/date stamps for filesystem. List of processes List of open network sockets Associated applications Associated systems System configuration files. Log and accounting files. System date and time when assessment complete.
19 Preserve Evidence In-depth live system investigation. Construct a bit-level copy of entire hard disk or partition for forensic examination. Create image in single-user mode if possible: md5sum /dev/hda dd if=/dev/hda conv=noerror,sync ssh desthost cat >disk.img desthost> md5sum disk.img
20 Eradication 1. Do nothing. 2. Kill attacker s processes and/or accounts. 3. Block attacker s network access to system. 4. Patch and repair what you think was changed, then resume operation. 5. Investigate until root cause discovered, then restore system from backups and patch security holes. 6. Call law enforcement before proceeding further.
21 Follow-Up 1. File reports with law enforcement, vendor, or regulatory agency. 2. File insurance claims if relevant. 3. Notify administrators of other affected systems. 4. Disciplinary actions against employees for internal attacks. 5. Update security of computer networks/systems. 6. Review handling of the incident. 7. Update incident handling policy/training.
22 Counterattacking Use legal procedures Collect chain of evidence so legal authorities can establish attack was real. Check with lawyers for this Rules of evidence very specific and detailed. If you don t follow them, expect case to be dropped. Technical attack Goal is to damage attacker seriously enough to stop current attack and deter future attacks. Active Defense Harbinger Distribution Linux.
23 Consequences 1. Counterattack may harm innocent party. Attacker may have broken into source of attack or may be impersonating innocent party. 2. Counterattack may have side effects. If counterattack is DoS, may block legitimate use of network. 3. Counterattack antithetical to shared use of network. Counterattack absorbs network resources and makes threats more immediate. 4. Counterattack may be legally actionable.
24 Example: Counterworm Counterworm given signature of worm. Counterworm spreads rapidly, deleting all occurrences of original worm. ex: Welchia/Nachi hunts Blaster/MyDoom worms. Issues Can counterworm delete only targeted worm? What if infected system gathering worms for research? How do originators of counterworm know it will not cause problems for any system? And are they legally liable if it does?
25 Key Points 1. Incident response procedure. 2. Prepare for an incident before one occurs. 3. Don t trust the affected system in any way. 4. Contain, then prepare detailed response. 5. Legal issues of counterattacks. 6. Use honeypots to deceive attackers 1. Goals: intrusion detection, monitoring, slow 2. Interaction levels: low, medium, high 3. Honeyclients and honeytokens
26 References 1. Matt Bishop, Introduction to Computer Security, Addison-Wesley, N. Brownlee and E. Guttman,, RFC Expectations for Computer Security Incident Response, CERT, Computer Security Incident Response Team (CSIRT) FAQ, 4. William Cheswick, Steven Bellovin, Steven, and Avriel Rubin, Firewalls and Internet Security, 2 nd edition, Addison-Wesley, Fraser (ed.), RFC Site Security Handbook, Garfinkel, Simson, Spafford, Gene, and Schartz, Alan, Practical UNIX and Internet Security, 3 rd edition, O Reilly & Associates, Kevin Mandia, Chris Prosise, and Matt Pepe, Incident Response & Computer Forensics, 2 nd edition, McGraw-Hill, 2003.
27 Released under CC BY-SA 3.0 This presentation is released under the Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license You are free: to Share to copy and redistribute the material in any medium to Adapt to remix, build, and transform upon the material to use part or all of this presentation in your own classes Under the following conditions: Attribution You must attribute the work to James Walden, but cannot do so in a way that suggests that he endorses you or your use of these materials. Share Alike If you remix, transform, or build upon this material, you must distribute the resulting work under this or a similar open license. Details and full text of the license can be found at
CIT 380: Securing Computer Systems
CIT 380: Securing Computer Systems Incident Response and Honeypots CIT 380: Securing Computer Systems Slide #1 Incident Response What is an Incident? Phases of Incident Response 1. Preparation 2. Identification
More informationIncident Response. What is an Incident? Incident Response. 1. What is an Incident? 2. Phases of Incident Response. Violation of security policy
Incident Response Incident Response 1. What is an Incident? 2. Phases of Incident Response 1. Preparation 2. Identification 3. Containment 4. Damage Assessment 5. Preserve Evidence 6. Eradication 7. Recovery
More informationCIT 480: Securing Computer Systems. Putting It All Together
CIT 480: Securing Computer Systems Putting It All Together Assurance 1. Asset identification 1. Systems and information assets. 2. Infrastructure model and control 1. Network diagrams and inventory database.
More informationIntroduction to Honeypot Technologies
Introduction to Honeypot Technologies A Tool For Improving Network Forensic Analysis Alexandre Dulaunoy alexandre.dulaunoy@circl.lu January 13, 2012 Introduction and Source of Honeynet Research With the
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationFirewall Identification: Banner Grabbing
Honey POt Firewall Identification: Banner Grabbing Banners are messages sent out by network services during the connection to the service. Banners announce which service is running on the system. Banner
More informationComparative Study of Different Honeypots System
International Journal of Engineering Research and Development e-issn: 2278-067X, p-issn: 2278-800X, www.ijerd.com Volume 2, Issue 10 (August 2012), PP. 23-27 Ashish Girdhar 1, Sanmeet Kaur 2 1 Student
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationCIT 470: Advanced Network and System Administration. Topics. Risk Management. Security
CIT 470: Advanced Network and System Administration Security CIT 470: Advanced Network and System Administration Slide #1 Topics 1. Risk Management 2. Security Policies 3. OS Hardening 4. Authentication
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationHoney Pot Be afraid Be very afraid
Honey Pot Be afraid Be very afraid Presented By Shubha Joshi M.Tech(CS) Problems with internet Why? Problems The Internet security is hard New attacks every day Our computers are static targets What should
More informationReal-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant
Real-world Practices for Incident Response Feb 2017 Keyaan Williams Sr. Consultant Agenda The Presentation Beginning with the end. Terminology Putting it into Action Additional resources and information
More informationThe State of the Hack. Kevin Mandia MANDIANT
The State of the Hack Kevin Mandia MANDIANT Who Am I? Adjunct Professor Carnegie Mellon University 95-856 Incident Response Master of Information System Management The George Washington University Computer
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationHoneypots. Security on Offense. by Kareem Sumner
Honeypots Security on Offense by Kareem Sumner Agenda Introduction What Are Honeypots? Objectives Successful Deployment Advantages And Disadvantages Types Of Honeypots Honeypot Software Future of Honeypots/Honeynets
More informationIntroduction Honeynets/pots - Types and variation Honeynets/pots - Advantages/Disadvantages Conclusion Q and A Diagrams. Honeynets
Introduction /pots - Types and variation /pots - Advantages/Disadvantages Conclusion Q and A Diagrams Introduction to Honeypot/Honeynet technologies and Its Historical Perspective January 21, 2011 Introduction
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationINFORMATION SECURITY-SECURITY INCIDENT RESPONSE
Information Technology Services Administrative Regulation ITS-AR-1506 INFORMATION SECURITY-SECURITY INCIDENT RESPONSE 1.0 Purpose and Scope The purpose of the Security Response Administrative Regulation
More informationCIT 480: Securing Computer Systems. Authentication
CIT 480: Securing Computer Systems Authentication Topics 1. Digital Identity and Groups 2. Authentication 3. Formal Definition 4. Authentication Types 5. Tokens 6. Biometrics 7. UNIX Authentication Digital
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationCIT 480: Securing Computer Systems. Operating System Concepts
CIT 480: Securing Computer Systems Operating System Concepts Topics 1. What is an OS? 2. Processes 3. Memory management 4. Filesystems 5. Virtual machines A Computer Model An operating system has to deal
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationVulnerability Assessment. Detection. Aspects of Assessment. 1. Asset Identification. 1. Asset Identification. How Much Danger Am I In?
Detection Vulnerability Assessment Week 4 Part 2 How Much Danger Am I In? Vulnerability Assessment Aspects of Assessment Vulnerability Assessment is a systematic evaluation of asset exposure to threats
More informationAssessing Your Incident Response Capabilities Do You Have What it Takes?
Assessing Your Incident Response Capabilities Do You Have What it Takes? March 31, 2017 Presenters Tim L. Bryan, CPA/CFF/CITP, CISA, EnCE Director, Advisory Services Forensic Technology & Investigation
More informationPass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores
Pass4suresVCE http://www.pass4suresvce.com Pass4sures exam vce dumps for guaranteed success with high scores Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version :
More informationVirtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE, T.J.S ENGINEERING COLLEGE
International Journal of Scientific & Engineering Research, Volume 4, Issue 4, April-2013 1492 Virtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE,
More informationAcceptable Use Policy
Acceptable Use Policy Jackson Energy Authority 731.422.7500 INTRODUCTION Jackson Energy Authority ( JEA ) has formulated this Acceptable Use Policy ( AUP ), in order to set forth terms regarding the responsible
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationWhy?
SEC 211 Incident Response Oh no, we ve been hacked! Now what do we do? Why? Typical incident response process 1. Oh no, we got hacked! 2. Look for the easy solution 3. Failing that, observe the damage
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationSECURING INFORMATION SYSTEMS
SECURING INFORMATION SYSTEMS (November 7, 2016) BUS3500 - Abdou Illia - Fall 2016 1 LEARNING GOALS Understand security attacks preps Discuss the major threats to information systems. Discuss protection
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationMANAGEMENT OF INFORMATION SECURITY INCIDENTS
MANAGEMENT OF INFORMATION SECURITY INCIDENTS PhD. Eng Daniel COSTIN Polytechnic University of Bucharest ABSTRACT Reporting information security events. Reporting information security weaknesses. Responsible
More informationCybersecurity: Incident Response Short
Cybersecurity: Incident Response Short August 2017 Center for Development of Security Excellence Contents Lesson 1: Incident Response 1-1 Introduction 1-1 Incident Definition 1-1 Incident Response Capability
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationDefining Computer Security Incident Response Teams
Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that
More informationIntrusion Attempt Who's Knocking Your Door
10 Intrusion Attempt Who's Knocking Your Door By Kilausuria binti Abdullah Introduction: An intrusion attempt is a potential for a deliberate unauthorized attempt to enter either a computer, system or
More informationComputer forensics Aiman Al-Refaei
Computer forensics Aiman Al-Refaei 29.08.2006 Computer forensics 1 Computer forensics Definitions: Forensics - The use of science and technology to investigate and establish facts in criminal or civil
More informationIncident Response. Is Your CSIRT Program Ready for the 21 st Century?
Incident Response Is Your CSIRT Program Ready for the 21 st Century? Speaker Bio Traditional Response Concepts Technical Incidents Requiring Technical Responses Virus/ Malware Network Intrusion Disaster
More informationIncident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More informationCE Advanced Network Security Honeypots
CE 817 - Advanced Network Security Honeypots Lecture 12 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
More informationFeasibility study of scenario based self training material for incident response
24th Annual FIRST Conference Feasibility study of scenario based self training material for incident response June 21, 2012 Hitachi Incident Response Team Chief Technology and Coordination Designer Masato
More informationKevin Mandia MANDIANT. Carnegie Mellon University Incident Response Master of Information System Management
The State of the Hack Kevin Mandia MANDIANT Who Am I? Adjunct Professor Carnegie Mellon University 95-856 Incident Response Master of Information System Management The George Washington University Computer
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationitexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공
itexamdump 최고이자최신인 IT 인증시험덤프 http://www.itexamdump.com 일년무료업데이트서비스제공 Exam : CISA Title : Certified Information Systems Auditor Vendor : ISACA Version : DEMO Get Latest & Valid CISA Exam's Question and
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems Tunneling and VPNs CIT 480: Securing Computer Systems Slide #1 Topics 1. Tunneling 1. Encapsulation 2. Security 3. SSH 2. Virtual Private Networks 1. Site-to-site 2.
More informationA Distributed Intrusion Alert System
A Distributed Intrusion Alert System Chih-Yao Lin, Hsiang-Ren Shih, and Yomin Hou Taiwan National Computer Emergency Response Team {chinyao, shr, yominhou}@twncert.org.tw Abstract In this paper, a distributed
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationDetecting Lateral Movement in APTs ~Analysis Approach on Windows Event Logs~ June 17, 2016 Shingo ABE ICS security Response Group JPCERT/CC
Detecting Lateral Movement in APTs ~Analysis Approach on Windows Event Logs~ June 17, 2016 Shingo ABE ICS security Response Group JPCERT/CC Agenda Introduction to JPCERT/CC About system-wide intrusions
More informationUTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution
UTM Firewall Registration & Activation Manual DFL-260/ 860 Ver 1.00 curitycu Network Security Solution http://security.dlink.com.tw 1.Introduction...02 2.Apply for a D-Link Membership...03 3.D-Link NetDefend
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationIncident Response. Figure 10-1: Incident Response. Figure 10-2: Program and Data Backup. Figure 10-1: Incident Response. Figure 10-2: Program and Data
Figure 10-1: Incident Response Incident Response Chapter 10 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Incidents Happen Protections sometimes break down Incident Severity
More informationTestBraindump. Latest test braindump, braindump actual test
TestBraindump http://www.testbraindump.com Latest test braindump, braindump actual test Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version : DEMO Get Latest & Valid
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationTraining for the cyber professionals of tomorrow
Hands-On Labs Training for the cyber professionals of tomorrow CYBRScore is a demonstrated leader in professional cyber security training. Our unique training approach utilizes immersive hands-on lab environments
More informationQuestion 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:
Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,
More informationUsage of Honeypot to Secure datacenter in Infrastructure as a Service data
Usage of Honeypot to Secure datacenter in Infrastructure as a Service data Ms. Priyanka Paliwal M. Tech. Student 2 nd yr.(comp. Science& Eng.) Government Engineering College Ajmer Ajmer, India (Erpriyanka_paliwal06@rediffmail.com)
More informationChapter 22: Intrusion Detection
Chapter 22: Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Organization Incident Response Slide #22-1 Principles of Intrusion Detection Characteristics of systems
More informationCERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES
CERT-In Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES Department of Information Technology Ministry of Communications and Information Technology Government of India Anti Virus
More informationActive defence through deceptive IPS
Active defence through deceptive IPS Authors Apostolis Machas, MSc (Royal Holloway, 2016) Peter Komisarczuk, ISG, Royal Holloway Abstract Modern security mechanisms such as Unified Threat Management (UTM),
More informationCIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems Scanning CIT 480: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting CIT 480: Securing Computer
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationCIRT: Requirements and implementation
CIRT: Requirements and implementation By : Muataz Elsadig Sudan CERT Joint ITU-ATU Workshop on Cyber-security Strategy in African Countries Khartoum, Republic of Sudan, 24 26 July 2016 There is no globally
More informationVulnerabilities. To know your Enemy, you must become your Enemy. Information security: Vulnerabilities & attacks threats. difficult.
Vulnerabilities To know your Enemy, you must become your Enemy. "The Art of War", Sun Tzu André Zúquete Security 1 Information security: Vulnerabilities & attacks threats Discouragement measures difficult
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationWhat a Honeynet Is H ONEYPOTS
79_HONEY.ch02 Page 9 Thursday, August 9, 2001 10:17 AM 2 What a Honeynet Is H ONEYPOTS The concept of honeypots has been around for years. Simply put, honeypots are systems designed to be compromised by
More informationCNIT 121: Computer Forensics. 9 Network Evidence
CNIT 121: Computer Forensics 9 Network Evidence The Case for Network Monitoring Types of Network Monitoring Types of Network Monitoring Event-based alerts Snort, Suricata, SourceFire, RSA NetWitness Require
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationSeqrite Endpoint Security
Enterprise Security Solutions by Quick Heal Integrated enterprise security and unified endpoint management console Enterprise Suite Edition Product Highlights Innovative endpoint security that prevents
More informationCIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems Intrusion Detection CIT 480: Securing Computer Systems Slide #1 Topics 1. Definitions and Goals 2. Models of Intrusion Detection 3. False Positives 4. Architecture of
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 6 Intrusion Detection First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Intruders significant issue hostile/unwanted
More informationCyber Security For Business
Cyber Security For Business In today s hostile digital environment, the importance of securing your data and technology cannot be overstated. From customer assurance, liability mitigation, and even your
More informationHoneypot Hacker Tracking and Computer Forensics
Honeypot Hacker Tracking and Computer Forensics Manfred Hung manfred.hung@pisa.org.hk Agenda Honeypot History Value of Honeypot Honeypot Technology Common Honypot products/solutions Honeypot deployment
More informationHands-On Ethical Hacking and Network Defense 3 rd Edition
Hands-On Ethical Hacking and Network Defense 3 rd Edition Chapter 13 Network Protection Systems Last modified 1-11-17 Objectives Explain how routers are used to protect networks Describe firewall technology
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Palindrome Technologies 100 Village Court Suite 102 Hazlet, NJ 07730 www.palindrometech.com Peter Thermos President & CTO Tel: (732)
More informationCS0-001.exam. Number: CS0-001 Passing Score: 800 Time Limit: 120 min File Version: CS0-001
CS0-001.exam Number: CS0-001 Passing Score: 800 Time Limit: 120 min File Version: 1.0 CS0-001 CompTIA CSA+ Certification Exam Version 1.0 Exam A QUESTION 1 An analyst was tasked with providing recommendations
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationSecuring Information Systems
Introduction to Information Management IIM, NCKU System Vulnerability and Abuse (1/6) Securing Information Systems Based on Chapter 8 of Laudon and Laudon (2010). Management Information Systems: Managing
More informationSystem Security Administration
UNCLASSIFIED System Security Administration Duties of the Security System Administrator (SSA) The SSA must be extremely knowledgeable about the configuration of the system, the inherent security weaknesses
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More informationHoneynet Weekly Report Canadian Institute for Cybersecurity (CIC)
Report (11) Captured from 04-05-2018 to 18-05-2018 1-Introduction The first honeypot studies released by Clifford Stoll in 1990, and from April 2008 the Canadian Honeynet chapter was founded at the University
More informationBeyond a sensor. Towards the Globalization of SURFids. FIRST 20 th Annual Conference Vancouver, Canada
Beyond a sensor Towards the Globalization of SURFids Wim.Biemolt@surfnet.nl FIRST 20 th Annual Conference Vancouver, Canada 1 SURFnet6 2 SURFcert 3 18 th Annual FIRST Conference Goals - Understanding:
More informationData Breach Preparedness & Response
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationData Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationFunction Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The
More informationMake IR Effective with Risk Evaluation and Reporting
SESSION ID: AIR-R02 Make IR Effective with Risk Evaluation and Reporting Mischel Kwon President/CEO MKA Cyber @mkacyber Justin Monti Sr. VP Security Engineering MKA Cyber You ve Got an Incident Now What?
More informationAdvanced Computer Networking. CYBR 230 Jeff Shafer University of the Pacific. Honeypots
CYBR 230 Jeff Shafer University of the Pacific Honeypots 2 Challenge: My resources (network, service, file, etc..) have a blizzard of legitimate requests each day. How do I identify malicious actors in
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 Copyright 2011 Pearson Education, Inc. STUDENT LEARNING OBJECTIVES Why are information systems vulnerable to destruction, error, and abuse? What is the business
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Professor, SIS Lecture 12 2016 Intrusion Detection, Auditing System Firewalls & VPN 1 Intrusion Detection 2 Intrusion Detection/Response Denning:
More information