Securing AWS with HIDS. Gaurav Harsola Mayank Gaikwad
|
|
- Spencer Casey
- 6 years ago
- Views:
Transcription
1 Securing AWS with HIDS» Gaurav Harsola Mayank Gaikwad
2 IDS What? Why? How?
3 Intrusion Detection System An IDS is a software application that monitors network or system activities for malicious activities.
4 An IDS is not a Firewall
5 NIDS and HIDS HIDS A host-based intrusion detection system (HIDS) is a system that run on individual hosts and monitors a computer system Detect an intrusion and/or misuse, and responds by logging the activity It is an agent that monitors and analyzes whether anything or anyone, whether internal or external, has bypass the system s security policy. Tools like : Samhain, Ossec NIDS NIDS is placed within the network to monitor traffic to and from all devices on network NIDS scan all inbound and outbound traffic NIDS tools operate by inspecting traffic that occurs between hosts. Various Tools like Snort, Suricata, Bro, Kismet
6 Available HIDS OSSEC: OpenSource Wazuh : OpenSource, Wrapper Over OSSEC with API, ELK, And Signature DB AlianVault: Licenced, USM (Unified Security Management) is based OSSEC MicroTrend: Licenced AlertLogic: Licenced,
7 OSSEC? OSSEC is an Open Source Host-based Intrusion Detection System. Key Features: Log analysis File Integrity checking (Unix and Windows) Registry Integrity checking (Windows) Host-based anomaly detection (for Unix rootkit detection) Active response Ossec is mainly used for three things: See what is going on Stop brute-force attacks ( ftp, ssh, web )
8 Ossec Benefits Open-Source Log Analysis Easy to install Easy to customize (rules and config in XML format) Scalable (client/server architecture) High Availability (Can have multiple OSSEC Server) Multi-Platform Ossec comes with existing standard decoders /rules which analyse our logs like telnetd, Sudo, SSH, FTP etc PCI DSS Compliance at some extent.
9 Ossec Agent/Server Flow
10 Ossec Internal Components Analysisd Does all the analysis (main process) Remoted Receives remote logs from agents Logcollector Reads log files (syslog, Flat files, Windows event log, IIS, etc) Agentd Forwards logs to the server Maild Sends alerts Execd Executes the active responses Monitord Monitors agent status, compresses and signs log files, etc Integratord - Integrating OSSEC with Slack and PagerDuty Authd - Daemon will automatically add an agent to an OSSEC manager
11 Wazuh Wazuh, A wrapper over OSSEC that provide additonal fucntionality like Restful API, ELK integration.
12 Ossec Server/Client Installtion Firstly, Install necessary package required sudo apt-get install gcc make git sudo apt-get install libssl-dev After this clone our Github repository mkdir ossec_tmp && cd ossec_tmp git clone -b stable cd ossec-wazuh sudo./install.sh Choose server for server installation and agent for client installation when being asked about the installation type and answer the rest of questions as desired. Once installed, you can start your OSSEC manager running: sudo /var/ossec/bin/ossec-control start Check the service : ps aux grep ossec
13 Connect Client with Server After Setting up agent we need to Connect it with OSSEC-Server. To make life easier, OSSEC added a new daemon on the server, called ossec-authd. it is a daemon you run on the server when you deploy your agent; it will populate your agents key; when you have finished to deploy, you stop it. Once the keys are created, you can start the ossec-authd: /var/ossec/bin/ossec-authd -p 1515 Setting up the agents On the agents, the work is minimal. All you have to do is to run the following command: /var/ossec/bin/agent-auth -m <ServerIP> -p A <agent-name> That s it. The keys are now exchanged and you can start your agent. sudo /var/ossec/bin/ossec-control start
14 Sample of Alerts.json
15 Ossec Integration with ELK OSSEC HIDS integration with ELK Stack provides a real-time alerts managemnet console, as well as flexible way to store data for as long as needed.
16 Ossec Directory Structure
17 Internal log flow
18 Log pre-decoding (1) Decoding of a SSHD message: After pre-decoding by OSSEC? time/date -> Apr 14 17:32:06 hostname -> ubuntu program_name -> sshd log -> Accepted password for root from port...
19 Log Decoding (2) Process to identify key information from logs OSSEC comes with hundreds of decoders Generally we want to extract source ip, user name, id After Decode by OSSEC : time/date -> Apr 14 17:32:06 hostname -> ubuntu program_name -> sshd log -> Accepted password for root from port srcip -> user -> root
20 Writing decoders Writing a decoder. What it requires? sshd example: We want to extract the user name and source ip If program name was pre-decoded as sshd (remember predecoding?), try this regular expression
21 Log Rules Next step after decoding is to check the rules User-defined XML Very easy to write! Allows to match based on decoded information OSSEC comes with more than 400 rules by default! What it requires? A Rule id (any integer) A Level - from 0 (lowest) to 15 (highest) Level 0 is ignored, not alerted at all Pattern - anything from regex, to srcip, id, user, etc
22 Writing your own rules
23 PCI DSS Payment Card industry Data Security Standard. Visa, MasterCard and other card brands create common industry security requirements Intended to protect cardholders data wherever it resides compliance is mandated for all organization handling credit card data 12 Steps that we need to take to achieve PCI DSS compliance are Firewall, password, storage, Encrypt, anti-virus, uniquid, track and monitor etc OSSEC helps to implement PCI DSS by performing log analysis, file integrity checking, policy monitoring, intrusion detection, real-time alerting and active response.
24 Monitor AWS logs Cloudtrail pushes data to s3 bucket and then using python script we store that log on ossec server
25 Alerting and Notification Slack Integration: Integration of logs with slack and set alert level so that only particular message come in slack. <integration> <name>slack</name> <hook_url> <level>7</level> </integration> Integration: Integration with .Send granule alert based on the level/rulegroups/rule_id to different recipient. < _alerts> <group>sql_injection authentication_failed authentication_failures</group> <level>6</level> <format>sms</format> </ _alerts>
26 HIDS Implementation Testing Tested FTP, SSH brute force attack using HYDRA as penetration testing tool. Example: hydra -L /home/ubuntu/user.txt -P /home/ubuntu/pwd.txt -s 22 <IP> <servicename> -L file which contain list of username -P file which contain list of password service-name : it may be ssh,ftp,mysql,telnet -s port Number for service
27 Elasticsearch UI
28 Kibana UI
29 Thanks & Questions?
OSSEC and PCI DSS Compliance
OSSEC and PCI DSS Compliance Casey Priester CISSP CISA SSCP CEH Vice President Prometheus Global Corporation April 5, 2018 Casey Priester CISSP CISA SSCP CEH 20 years InfoSec experience Penetration Testing
More informationFor Internet Facing and Private Data Systems. Functionality and Purpose
For Internet Facing and Private Data Systems Functionality and Purpose 1 Audience Prerequisites Introductions why do you want to run OSSEC? Course Overview Section 1: Functionality and Purpose Section
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationNew Generation SIEM. Solution Development
New Generation SIEM Solution Development Big Picture of Solution Actions Flow NewGen SIEM Agents Events/Artifacts Data Flow vciso Indicator of Compromise Сollector Solution/Service Title Indicator of Compromise
More informationowlh_documentation Documentation
owlh_documentation Documentation Release 0.4 - Cloud and Bro owlh team Sep 13, 2018 Contents 1 What is OwlH? 1 2 A few topics 3 i ii CHAPTER 1 What is OwlH? This is OwlH, open source solution. OwlH is
More informationSharing is Caring: Improving Detection with Sigma
SANS Tactical Detection and Data Analytics Summit 2018 Sharing is Caring: Improving Detection with Sigma John Hubbard (@SecHubb) The Blue Team's Journey Sharing is Caring - John Hubbard @SecHubb 2 Blue
More informationSimple and Powerful Security for PCI DSS
Simple and Powerful Security for PCI DSS The regulations AccessEnforcer helps check off your list. Most merchants think they are too small to be targeted by hackers. In fact, their small size makes them
More informationCloud Security (WS 2015/16)
Cloud Security (WS 2015/16) 8. OpenNebula, Intrusion Detection, Honeypots Hans P. Reiser Winter semester 2015/2016, 2015-12-03 Hans P. Reiser Vervielfältigung nur mit Genehmigung Overview: today s class
More informationMagento Commerce Architecture and Security Model Last updated: Aug 2017
Magento Commerce Architecture and Security Model Last updated: Aug 2017 Architecture The Magento Commerce architecture is designed to provide a highly secure environment. Each customer is deployed into
More informationHow can OSSIM help you with your PCI DSS Wireless requirements?
How can OSSIM help you with your PCI DSS Wireless requirements? Topics PCI DSS How PCI applies to Wireless What is OSSIM? The advantages of Open Source The Open Source approach PCI DSS PCI DSS is a security
More informationGIT. A free and open source distributed version control system. User Guide. January, Department of Computer Science and Engineering
GIT A free and open source distributed version control system User Guide January, 2018 Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Table of Contents What is
More informationIntrusion Detection. Comp Sci 3600 Security. Introduction. Analysis. Host-based. Network-based. Distributed or hybrid. ID data standards.
or Detection Comp Sci 3600 Security Outline or 1 2 3 4 5 or 6 7 8 Classes of or Individuals or members of an organized crime group with a goal of financial reward Their activities may include: Identity
More informationTotal Security Management PCI DSS Compliance Guide
Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to
More informationPCI DSS and VNC Connect
VNC Connect security whitepaper PCI DSS and VNC Connect Version 1.2 VNC Connect security whitepaper Contents What is PCI DSS?... 3 How does VNC Connect enable PCI compliance?... 4 Build and maintain a
More informationCN!Express CX-6000 Single User Version PCI Compliance Status Version June 2005
85 Grove Street - Peterboro ugh, N H 0345 8 voice 603-924-6 079 fax 60 3-924- 8668 CN!Express CX-6000 Single User Version 3.38.4.4 PCI Compliance Status Version 1.0 28 June 2005 Overview Auric Systems
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationSecuring CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More informationScalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and Deployment in a Honeypot Environment
Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and Deployment in a Honeypot Environment Eric Badger Master s Student Computer Engineering 1 Overview Introduction/Motivation
More information12 Habits of Highly Secured Magento Merchants
12 Habits of Highly Secured Magento Merchants Jeries (Jerry) Eadeh VP of Channel Sales 5 years at Nexcess Speaker at Magento Events Small business owner @ibnwadie Have you ever left the doors unlocked?
More informationEveBox Documentation. Release. Jason Ish
EveBox Documentation Release Jason Ish Jan 25, 2018 Contents: 1 Installation 1 2 Server 3 2.1 Running................................................. 3 2.2 Oneshot Mode..............................................
More informationHackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm
whitepaper Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm When your company s infrastructure was built on the model of a traditional on-premise data center, security was pretty
More informationSUB1X Masternode Setup Guide: LINUX Version
SUB1X Masternode Setup Guide: LINUX Version What you will need for this guide: 1) Local computer with Windows, MacOS or Linux. 2) Remote server VPS [Vultr.com or AWS for instance] 3) PuTTY to configure
More informationWHITE PAPERS. INSURANCE INDUSTRY (White Paper)
(White Paper) Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to ensure enterprise compliance
More informationSetting up a Chaincoin Masternode
Setting up a Chaincoin Masternode Introduction So you want to set up your own Chaincoin Masternode? You ve come to the right place! These instructions are correct as of April, 2017, and relate to version
More informationEveBox Documentation. Jason Ish
Jason Ish May 29, 2018 Contents: 1 Installation 1 2 Server 3 2.1 Running................................................. 3 2.2 Oneshot Mode.............................................. 4 2.3 Authentication..............................................
More informationCROWDCOIN MASTERNODE SETUP COLD WALLET ON WINDOWS WITH LINUX VPS
CROWDCOIN MASTERNODE SETUP COLD WALLET ON WINDOWS WITH LINUX VPS This tutorial shows the steps required to setup your Crowdcoin Masternode on a Linux server and run your wallet on a Windows operating system
More informationIntrusion Detection Systems
Intrusion Detection Systems Dr. Ahmad Almulhem Computer Engineering Department, KFUPM Spring 2008 Ahmad Almulhem - Network Security Engineering - 2008 1 / 15 Outline 1 Introduction Overview History 2 Types
More informationOSSEC 3.0 Preview OSSEC CON Scott Shinn OSSEC Project Manager
OSSEC 3.0 Preview OSSEC CON 2018 Scott Shinn OSSEC Project Manager WHAT S NEW WITH OSSEC 3.0 A Preview of the Latest Release What s New in OSSEC 3.0 New linux distribution, snapshot and docker repo support
More informationTutorial: Automating OSSEC HIDS Deployment on Modern Infrastructure Pipelines for Security at a Touch
Tutorial: Automating OSSEC HIDS Deployment on Modern Infrastructure Pipelines for Security at a Touch The more cloud services grow in complexity, size and reach, the more security and automation need to
More informationDaxko s PCI DSS Responsibilities
! Daxko s PCI DSS Responsibilities According to PCI DSS requirement 12.9, Daxko will maintain all applicable PCI DSS requirements to the extent the service prov ider handles, has access to, or otherwise
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationUSER MANUAL OF OSSEC (Open Source Security)
Asia Pacific College School of Computer Science & Information Technology USER MANUAL OF OSSEC (Open Source Security) Leader: Arroyo, Jayson Members: Bausas, Christian Cruz, Keano Daswani, Syam Villacorta,
More informationLOGmanager and PCI Data Security Standard v3.2 compliance
LOGmanager and PCI Data Security Standard v3.2 compliance Whitepaper how deploying LOGmanager helps to maintain PCI DSS regulation requirements Many organizations struggle to understand what and where
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCisco Stealthwatch Cloud. Private Network Monitoring Advanced Configuration Guide
Cisco Stealthwatch Cloud Private Network Monitoring Advanced Configuration Guide TOC About Stealthwatch Cloud Private Network Monitor Sensor 3 Checking Your Sensor Version 4 Manually Installing the Package
More informationVANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER
VANGUARD INSURANCE INDUSTRY WHITEPAPER Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to
More informationIJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology
ISSN 2229-5518 321 Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology Abstract - Nowadays all are working with cloud Environment(cloud
More informationFirewall Configuration and Management Policy
Firewall Configuration and Management Policy Version Date Change/s Author/s Approver/s 1.0 01/01/2013 Initial written policy. Kyle Johnson Dean of Information Services Executive Director for Compliance
More informationTitle: Planning AWS Platform Security Assessment?
Title: Planning AWS Platform Security Assessment? Name: Rajib Das IOU: Cyber Security Practices TCS Emp ID: 231462 Introduction Now-a-days most of the customers are working in AWS platform or planning
More informationHoneynet Weekly Report Canadian Institute for Cybersecurity (CIC)
Report (11) Captured from 04-05-2018 to 18-05-2018 1-Introduction The first honeypot studies released by Clifford Stoll in 1990, and from April 2008 the Canadian Honeynet chapter was founded at the University
More informationEnforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy
Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy 2008 Cisco Systems, Inc. All rights reserved. 1 1 The PCI Data Security
More informationGUIDE TO STAYING OUT OF PCI SCOPE
GUIDE TO STAYING OUT OF PCI SCOPE FIND ANSWERS TO... - What does PCI Compliance Mean? - How to Follow Sensitive Data Guidelines - What Does In Scope Mean? - How Can Noncompliance Damage a Business? - How
More informationWHITE PAPER. PCI and PA DSS Compliance with LogRhythm
PCI and PA DSS Compliance with LogRhythm April 2011 PCI and PA DSS Compliance Assurance with LogRhythm The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance
More informationThis guide assumes that you are setting up a masternode for the first time. You will need:
KRT MN Guide Setting up a masternode requires a basic understanding of Linux and blockchain technology, as well as the ability to follow instructions closely. It also requires regular maintenance and careful
More informationCommerce PCI: A Four-Letter Word of E-Commerce
Commerce PCI: A Four-Letter Word of E-Commerce Presented by Matt Kleve (vordude) http://www.flickr.com/photos/shawnzlea/527857787/ Who is this guy? 5 years of Drupal Been in the PCI 'trenches' Drupal Security
More informationTizen TCT User Guide
Tizen 2.3.1 TCT User Guide Table of Contents 1. Environment setup... 3 1.1. Symbols and abbreviations... 3 1.2. Hardware Requirements... 3 1.3. Software Requirements... 3 2. Getting TCT-source and TCT-manager...
More informationIntegrate Viper business antivirus EventTracker Enterprise
Integrate Viper business antivirus EventTracker Enterprise Publication Date: June 2, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions
More informationIntrusion Detection - Snort
Intrusion Detection - Snort 1 Sometimes, Defenses Fail Our defenses aren t perfect Patches aren t applied promptly enough AV signatures not always up to date 0-days get through Someone brings in an infected
More informationVANGUARD WHITE PAPER VANGUARD GOVERNMENT INDUSTRY WHITEPAPER
VANGUARD GOVERNMENT INDUSTRY WHITEPAPER Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to
More informationBenefits. Centrally managed protection of corporate networks
Defend what you create Centrally managed protection of corporate networks Benefits Centrally managed protection of Windows workstations, Windows file servers and Unix mail servers High scalability Grouping
More informationin PCI Regulated Environments
in PCI Regulated Environments JULY, 2018 PCI COMPLIANCE If your business accepts payments via credit, debit, or pre-paid cards, you are required to comply with the security requirements of the Payment
More informationAnnexure E Technical Bid Format
Annexure E Technical Bid Format ANTIVIRUS SOLUTION FOR MAIL SERVER SECURITY AND SERVER SECURITY FOR DESKTOP,LAPTOP Sr. No Description Compliance (Y/N) Remark 01 Must offer comprehensive client/server security
More informationAdministration of Symantec Cyber Security Services (July 2015) Sample Exam
Administration of Symantec Cyber Security Services (July 2015) Sample Exam Contents SAMPLE QUESTIONS... 1 ANSWERS... 6 Sample Questions 1. Which DeepSight Intelligence Datafeed can be used to create a
More informationHoneynet Weekly Report Canadian Institute for Cybersecurity (CIC)
Report (13) Captured from 01-06-2018 to 15-06-2018 1-Introduction The first honeypot studies were released by Clifford Stoll in 1990 in his book The Cuckoo s Egg. Since then the demand for honeypot technology
More informationOptiSol FinTech Platforms
OptiSol FinTech Platforms Payment Solutions Cloud enabled Web & Mobile Platform for Fund Transfer OPTISOL BUSINESS SOLUTIONS PRIVATE LIMITED #87/4, Arcot Road, Vadapalani, Chennai 600026, Tamil Nadu. India
More informationCNIT 50: Network Security Monitoring. 6 Command Line Packet Analysis Tools
CNIT 50: Network Security Monitoring 6 Command Line Packet Analysis Tools Topics SO Tool Categories Running Tcpdump Using Dumpcap and Tshark Running Argus and the Ra Client SO Tool Categories Three Types
More informationHANDS UP IF YOU DON T HAVE A VM OR IF YOU DON T REMEMBER YOUR PASSWORDS. Or something broke
HANDS UP IF YOU DON T HAVE A VM OR IF YOU DON T REMEMBER YOUR PASSWORDS Or something broke Securing your VM 101 Getting Comfy in Linux -> Comfort ++ You After This Talk Quick recap from last week. Setup
More informationAnsible Tower Quick Setup Guide
Ansible Tower Quick Setup Guide Release Ansible Tower 2.4.5 Red Hat, Inc. Jun 06, 2017 CONTENTS 1 Quick Start 2 2 Login as a Superuser 3 3 Import a License 4 4 Examine the Tower Dashboard 6 5 The Setup
More informationBitcoinMonster Masternode Linux VPS Tutorial - Vultr VPS Created By : Samshak Donet Mon: MKX8PFz1uvBkwNDTXtUuj6KinudhsKZh1K
BitcoinMonster Masternode Linux VPS Tutorial - Vultr VPS Created By : Samshak Donet Mon: MKX8PFz1uvBkwNDTXtUuj6KinudhsKZh1K Step 1 Download, install and sync latest BitcoinMonster Windows s wallet on both
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationStreamline AWS Security Incidents
IMF 2018 Streamline AWS Security Incidents Asif Matadar @d1r4c #whoami Director of Endpoint Detection & Response (EDR), EMEA at Tanium Seasoned Incident Response professional with over 7 years experience
More informationOSSEC. Intrusion detection and response System and log analysis of Drupal sites and servers
OSSEC Intrusion detection and response System and log analysis of Drupal sites and servers Accidental surprises November 2012 33.44.55.66 - - [04/Nov/2012:05:48:59 +1100] "POST http://www.example.com/?q=fckeditor
More informationLab Exercises: Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools
Lab Exercises: Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools Fill in the details of your MHN Server info. If you don t have this, ask your instructor. These details
More informationReal-Time PCI Compliance Monitoring
Real-Time PCI Compliance Monitoring Leveraging Asset-Based Configuration and Vulnerability Analysis with Real-Time Event Management January 28, 2010 (Revision 6) Ron Gula Chief Technology Officer Table
More informationConfiguring Antivirus Devices
CHAPTER 9 Revised: November 11, 2007 Antivirus (AV) devices provide detection and prevention against known viruses and anomalies. This chapter describes how to configure and add the following devices and
More informationIntrusion Detection - Snort
Intrusion Detection - Snort Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 Sometimes, Defenses Fail Our defenses aren t perfect Patches aren t applied promptly enough AV signatures
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationWho done it: Gaining visibility and accountability in the cloud
Who done it: Gaining visibility and accountability in the cloud By Ryan Nolette Squirrel Edition $whoami 10+ year veteran of IT, Security Operations, Threat Hunting, Incident Response, Threat Research,
More informationMarketC - Masternode Setup Guide
MarketC - Masternode Setup Guide Preface In this guide we will be focusing on setting up a masternode for Marketc (CMK). This guide will focus on a typical "hot node" / "cold wallet" scenario. The "hot
More informationOn Assessing the Impact of Ports Scanning on the Target Infrastructure
2018 On Assessing the Impact of Ports Scanning on the Target Infrastructure Dr Mahdi Aiash 4/24/2018 1. Introduction A port scan is a method for determining which ports on a network are open. As ports
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationPayment Card Industry Data Security Standard (PCI DSS) Incident Response Plan
1. Introduction This defines what constitutes a security incident specific to Yonder s Cardholder Data Environment (CDE) and outlines the incident response phases. For the purpose of this Plan, an incident
More informationPCI DSS and the VNC SDK
RealVNC Limited 2016. 1 What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) compliance is mandated by many major credit card companies, including Visa, MasterCard, American Express,
More informationWhat s New in Version 3.5 Table of Contents
MARCH 2011 Table of Contents BitDefender Business Solutions v3.5 at a Glance:... 3 1. Why Network Defense, System Audit and Operational Management?... 4 2. Integrated Network Security, Audit and System
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Version 1.0 Release: December 2004 How to Complete the Questionnaire The questionnaire is divided into six sections. Each
More informationDEFENSE-IN-DEPTH. Shankar Chebrolu. Security Architecture Strategy for Deploying Apps and Services in IaaS Hybrid Cloud
DEFENSE-IN-DEPTH Security Architecture Strategy for Deploying Apps and Services in IaaS Hybrid Cloud Shankar Chebrolu Enterprise Security Architect, Red Hat schebrol@redhat.com 10/08/2015 AGENDA ² HYBRID
More informationEnhancedEndpointTracker Documentation
EnhancedEndpointTracker Documentation Release 1.0 agccie Jul 23, 2018 Contents: 1 Introduction 1 2 Install 3 2.1 ACI Application............................................. 3 2.2 Standalone Application.........................................
More informationDuring security audits, over 15,000 vulnerability assessments are made, scanning the network IP by IP.
Features LAN Guard Vulnerability scanning and Management Patch Management and Remediation Network and software Auditing Why Choose? 1. Powerful network, security and port scanner with network auditing
More informationOn-Line Password Breaks CSC 193 WAKE FOREST. U N I V E R S I T Y Department of Computer Science. Spring 2014
On-Line Password Breaks CSC 193 WAKE FOREST U N I V E R S I T Y Department of Computer Science Spring 2014 Breaking Passwords We have focused on breaking system passwords Take the password file and run
More informationHoneynet Weekly Report Canadian Institute for Cybersecurity (CIC)
Report (20) Captured from 21-09-2018 to 05-10-2018 1-Introduction The first honeypot studies were released by Clifford Stoll in 1990 in his book The Cuckoo s Egg. Since then the demand for honeypot technology
More informationAudience. Overview. Enterprise Protection Platform for PCI DSS & HIPAA Compliance
Enterprise Protection Platform for PCI DSS & HIPAA Compliance Overview Sen$nelOne was founded in 2013 with a vision to develop new and groundbreaking, next genera$on endpoint protec$on solu$ons for enterprises.
More informationEyes Everywhere: Monitoring Today's Borderless Landscape
SESSION ID: CMI1-R09 Eyes Everywhere: Monitoring Today's Borderless Landscape Bill Shinn Principal Security Architect Amazon Web Services @packet791 What we ll cover today Event & Finding Reference Architecture
More informationWHITE PAPER. Achieve PCI Compliance and Protect Against Data Breaches with LightCyber
WHITE PAPER Achieve PCI Compliance and Protect LightCyber Magna Validated for PCI DSS Requirement #11.4 Executive Summary LightCyber engaged HALOCK Security Labs, a PCI Qualified Security Assessor (QSA),
More informationGit. Charles J. Geyer School of Statistics University of Minnesota. Stat 8054 Lecture Notes
Git Charles J. Geyer School of Statistics University of Minnesota Stat 8054 Lecture Notes 1 Before Anything Else Tell git who you are. git config --global user.name "Charles J. Geyer" git config --global
More informationContents User Guide... 1 Overview... 1 Create a New Report... 3 Create Report... 3 Select Devices... 3 Report Generation... 4 Your Audit Report...
User Guide Version 3.4 (Paws Studio 3.0.0) Titania Limited 2015. All Rights Reserved This document is intended to provide advice and assistance for the installation and running of Paws Studio. While Titania
More informationComplete Guide to Setting Up Linda on Ubuntu 16 For Staking
Complete Guide to Setting Up Linda on Ubuntu 16 For Staking By Chris T. aka lagwag0n Join Us on Discord: https://discord.gg/8evurqx Table of Contents: 1. Introduction 2. Purchasing a VPS from Vultr 3.
More informationAutopology Installation & Quick Start Guide
Autopology Installation & Quick Start Guide Version 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. You
More informationPCI DSS v3.2 Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD PCI DSS
v3.2 Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence
More informationMASTERNODE Setup Guide
MASTERNODE Setup Guide Version 1.0 February 2018 Page 1 / 13 Table of Contents Table of Contents... 2 Linux Setup... 3 Prerequisites... 3 Updates and dependencies... 3 Building the wallet... 4 Starting
More informationIDS / SNORT. Matsuzaki maz Yoshinobu stole slides from Fakrul Alam
IDS / SNORT Matsuzaki maz Yoshinobu stole slides from Fakrul Alam 1 Sometimes, Defenses Fail Our defenses aren t perfect Patches weren t applied promptly enough Antivirus signatures not
More informationHoneynet Weekly Report Canadian Institute for Cybersecurity (CIC)
Report (14) Captured from 15-06-2018 to 29-06-2018 1-Introduction The first honeypot studies were released by Clifford Stoll in 1990 in his book The Cuckoo s Egg. Since then the demand for honeypot technology
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationSafeguarding Cardholder Account Data
Safeguarding Cardholder Account Data Attachmate Safeguarding Cardholder Account Data CONTENTS The Twelve PCI Requirements... 1 How Reflection Handles Your Host-Centric Security Issues... 2 The Reflection
More informationKINGSTON COIN VPS MASTERNODE SETUP GUIDE
KINGSTON COIN VPS MASTERNODE SETUP GUIDE UBUNTU 16.04 x64 ** THIS GUIDE ASSUMES YOU HAVE PURCHASED A VPS THROUGH A SERVICE LIKE DIGITALOCEAN. COM OR VULTR.COM AND HAVE CONNECTED TO YOUR VPS THROUGH SSH/TERMINAL**
More informationContents. Crave Masternode Setup Guides. Single / Multiple Local Masternode(s) Single Masternode using a VPS. Multiple Masternodes using a VPS
Contents Crave Masternode Setup Guides Single / Multiple Local Masternode(s) 1 Requirements...1 2 Preparing Masternodes...1 3 Preparing Controller Wallet...2 4 Masternode Configuration...3 5 Starting Masternodes...3
More informationVenusense UTM Introduction
Venusense UTM Introduction Featuring comprehensive security capabilities, Venusense Unified Threat Management (UTM) products adopt the industry's most advanced multi-core, multi-thread computing architecture,
More informationOSSEC Wazuh documentation
OSSEC Wazuh documentation Release 0.1 Wazuh, Inc. Oct 30, 2017 Contents 1 About this documentation 1 2 Installation guide 3 2.1 OSSEC HIDS.............................................. 3 2.2 Wazuh HIDS...............................................
More informationProject #3: Implementing NIS
Project #3: Implementing NIS NIS Daemons Limitations of NIS How We Will Use NIS NIS Domain Name NIS Software Setting Up NIS on it20 /etc/nsswitch.conf Creating New Accounts on Ubuntu /etc/passwd /etc/shadow
More information