ProCurve Network Immunity
|
|
- Henry Hawkins
- 6 years ago
- Views:
Transcription
1 ProCurve Network Immunity Hans-Jörg Elias Key Account Manager 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Agenda ProCurve Security Framework Network Immunity Solution Overview Network Immunity Features Network Behavioral Anomaly Detection Network Immunity User Interface 2 1
2 Network Security Framework Access Control Prevents security breaches by controlling which users have access to systems and how they connect in a wired/wireless network Secure Infrastructure Protection of network components, prevention of unauthorized overrides of mandated security provisions, and privacy measures Network Immunity Defends the network from malicious attacks, monitors behavior, and applies security information intelligence Access Control ProActive Defense Network Immunity Secure Infrastructure Regulatory Compliance ProActive Defense emphasizes a standards-based foundation Adaptive EDGE Architecture 14 3 ProCurve ProActive Defense The network contains valuable resources which require many types of access...all of which need to be secure Access Control proactively identifies and assesses users and devices connecting to the network Network Immunity provides defense by monitoring sensors throughout the network and responding to threats Uncontrolled Access Integrated Access and Infrastructure Management Business Policy Policy Control Validation Forensics Statistics Alerts Command from the Center provides centralized control for the intelligent edge Authenticated Access COMMAND FROM THE CENTER Trusted Access 4 2
3 ProCurve Security Architecture Before a security breach Prevent/ Protect Mitigate a security breach Respond Centralized Management Detect During a security breach 5 Network Immunity Solution Overview Edge Defense Q uarantine Bandwidth Rate limiting Attacker MAC lockout Attacker Port Shutdown Copy suspicious traffic to IDS Alert Notification ProCurve PCM v2.2 Plus w/ni Manager Intrusion Response Intrusion Detection Security Activity Dashboard Location based Policy Enforcement Built-in Network Behavior Anomaly Detection (NBAD) Alert Suppression Offender Tracking Security Heat Map Threat Mitigation Reporting Inline Prevention Passive Detection UTM Suspect Traffic ProCurve Network Edge Third Party Security Devices 6 3
4 Network Immunity Terminology Network Behavioral Anomaly Detection (NBAD): Analysis is performed on traffic metrics such as those from sflow, XRMON, and counters in ProCurve devices to detect internal threats Traffic Metrics: Consists of sflow, XRMON and Port Statistics data complied from the traffic manager from within PCM v2.2 False Positives: Valid network traffic that often looks to a network management product like an anomaly; such as with the activity of a virus or worm. ProCurve False Positive Avoidance (FPA) algorithms within the NBAD engine assist NI Manager in lessening the false positives. Security Heat Map: Displays the number of security alerts for each device in the map 7 Network Immunity Terminology Continued Intrusion Detection System (IDS): An intrusion detection system is used to detect all types of malicious network traffic and computer usage that can't be detected by a conventional firewall. Intrusion Prevention System (IPS): An extension of intrusion detection (IDS) technology but it is actually another form of access control, like an application layer firewall Unified Threat Management (UTM): A term used to describe network firewalls that have many features in one box, including junk filtering, anti-virus capability, an intrusion detection (or prevention) system (IDS or IPS), and World Wide Web content filtering, along with the traditional activities of a firewall 8 4
5 Network Immunity Manager Overview Continued The core functionalities are Threat Detection, Threat Mitigation and Security Management The Network Immunity Manager requires PCM+ 2.2 Bundled on the PCM+ 2.2 CD, the Network Immunity Manager is enabled with a separately purchased license key NI Manager is available for free with PCM+ 2.2 for 30 day trial period 9 NI Solution Components ProCurve Network Immunity Solution is comprised of the combination of ProCurve products: ProCurve Manger Plus 2.2 ProCurve Network Immunity Manager 1.0 ProCurve switches from the intelligent switch series Implemented together with third party UTM/IPS/IDS devices such as: Cisco IPS 4200 series (supported in May 2007) Fortinet UTM appliances (supported in June 2007) Sonicwall UTM products (supported in July 2007)
6 NI Manager Features Threat Detection Network Visibility Multiple Intrusion Detection Methods Offender Tracking Remote Monitoring Security Heat Map Threat Mitigation Internal threat detection Group Based Policy Enforcement Multiple Threat Mitigations Reduces False Positives Chain of Actions Wireless Support 11 NI Manager Features Continued Security Management Policy Management Security Event Aggregation and Suppression Security Dashboard Exempt List Configuration Cleanup Security Auditing Group Based Policy Enforcement ProCurve Manager Integration Reports
7 How NI Manager Works Refine Policy Incident Investigation & Auditing Reports Define Security Policy Security Management Lifecycle Traffic Monitoring & Traffic Alerts Threat Detection Network Discovery & Topology Mapping ProCurve Wired & Wireless Devices Built-in NBAD 3 rd Party Security Devices Security Activity Reporting Threat Mitigation (Edge Defense) Policy Compliance 13 NBAD Overview Network behavior anomaly detection (NBAD) is the continuous monitoring of a network for unusual events or trends NBAD tracks critical network characteristics in real time and generates an alert if a strange event or trend is detected Analysis is performed on traffic metrics from ProCurve switches to detect internal threats Accepts attack alerts from Virus Throttle technology embedded in select ProCurve switches Accepts alerts from select 3 rd party IDS/IPS/UTM security devices
8 How NBAD Works 15 How NBAD Works Continued
9 How NBAD Works Continued 17 NBAD Malicious Behavior Table Behavior Name Duplicate IP Spoofed IP Data Points Violation Triggering Condition MAC Address IP Address Time Window MAC Address IP Address Time Window One IP appearing from more than one MAC appearing in the specified time window. One MAC with more than one IP appearing within the specified time window. Sensitivity Time Window 1 O min min min. 4 3 hrs hrs. Sensitivity Time Window 1 O min min min. 4 3 hrs hrs. IP Fan-Out Source IP Address Destination IP Address One source IP communicating with X other ports on a given destination IP and/or one source IP communicating with a statistically unusual number of destination ports on a given destination IP in the specified time window. Sensitivity Fan-Out Size IPs
10 NBAD Malicious Behavior Table Continued Behavior Name TCP/UDP Fan- Out Average Packet Size Deviation Protocol Anomaly Data Points Violation Triggering Condition Source IP Address Destination TCP/UDP Ports (Per Destination IP Address) Host IP Address Average Packet Payload Size In Bytes Host IP Address Host Packet Contents One source IP communicating with X other ports on a given destination IP and/or one source IP communicating with a statistically unusual number of destination ports on a given destination IP in the specified time window. Occurs when the engine detects a statistically unusual change in the average size of sent and/or received packets. Occurs when the host sends traffic containing unusual properties that would not normally be expected to occur on the network. Sensitivity Fan-Out Size IPs Triggers when the new average packet size is > 3 S.D. units away from the current average packet size. Any packet matching the approx. 30 anomalous behaviors defined for this engine immediately creates an event. 19 What NI Manager Detects The Network Immunity Manager has been tested to detect the following: Protocol Anomalies Port scanning techniques: Xmas Tree Scan Sends a TCP frame to a remote device with the URG, PUSH, and FIN flags set NULL Scan Turns off all flags, creating a lack of TCP flags FIN Scan - The FIN scan's "stealth" frames are unusual because they are sent to a device without first going through the normal TCP handshaking Denial of Service: UDP Bomb - An illegal sent User Datagram Protocol (UDP) packet Land Attack An attack involving IP packets where the source and destination address are set to address the same device Ping of Death Sends a malformed or otherwise malicious ping to a computer
11 What NI Manager Detects Continued Reconnaissance before an attack: Tools: Nessus NMAP Port Scanners and Ping tools Network Based attacks Tested to detect: DNS Tunneling Unauthorized Network Mapping IP Spoofing Various Worm Propagation techniques Anomalous Packet Size Designed to inform NI to: Sample suspicious traffic Detect some covert channels Mis-Configured devices Tested to detect: Duplicate IP s Rogue Routers Rogue Proxies 21 NI Manager Device Support Matrix Switch/AP Detection capabilities Mitigation actions NI can take on a switch/ap Device sflow/ XRMon VT Basic Local Mirror Intel. Remote Mirror Port Shutdown MAC Lockout Rate Limit VLAN Reconfigure Basic Local Mirror 1600/2400/4000/ , , 2650, , /5300* 2800, / /5400/ Access Point (est. June 2007) 5300 WESM (est. May 2007) 5400 WESM (est. May 2007) 7000 WAN Router
12 Range of IDM/NI Policy Actions IDM Policy Actions: Network Immunity Policy Actions: Port Shutdown Block User VLAN Rate Limit QoS ACL MAC Lockout VLAN Rate Limit Configuration Rules: 1. Users should configure only one Policy Control (IDM or NI) for any Policy Action 2. If User configures both IDM and NI to control the same Policy Action, IDM Policy takes precedence (NI action will not be taken, but conflict will be logged) 23 Creating A NI Policy Policies Alerts Actions
13 Configuring Policy Times 25 Configuring Policy Locations
14 Configuring Policy Targets 27 Creating Policy Alert
15 Assigning Policy Action 29 Viewing Policies
16 Viewing Policy History 31 Viewing Events
17 Viewing Alternate Action 33 Network Immunity Dashboard
18 NI Security Activity Tab 35 NI Security Activity Tab Offenders
19 NI Heat Map Mapping by Severity Total Security Alerts by Severity: Critical Major Minor Warning 37 Regulatory Compliance Assistance Built in comprehensive reports provide immediate visibility and assistance with regulatory compliance (available July 2007) ProCurve Manager Plus Reports Device Security History Report Device Access Security Report Port Access Security Report Password Policy Compliance Current credentials Report Network Immunity Manager Reports Security Policy Action Report Security Events History Report Security Heat Map Report Offenders Tracking Report Identity Driven Manager Reports User Unsuccessful Login Report User Session History User MAC address Report For a full list of reports planned for availability in Summer 2007, please refer to the ProCurve Network Immunity Manager Solutions Guide
20 Summary of Key Features ProCurve Network Immunity Manager v1.0 provides: An affordable, scalable, and easily manageable solution delivering per port intrusion detection Responses to stop malicious network traffic at the EDGE of both the wired and wireless networks Allows users to define policies, collect security events, monitor threats and automate mitigations
HP0-Y16. ProCurve Network Immunity Solutions. Download Full Version :
HP HP0-Y16 ProCurve Network Immunity Solutions Download Full Version : http://killexams.com/pass4sure/exam-detail/hp0-y16 Which challenges does a unified NIM + IDS deployment meet? (Select two.) A. Reducing
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : HP0-Y24 Title : Securing HP ProCurve Networks Vendors : HP Version : DEMO Get Latest
More informationIntroduction to sflow
More From Your Network Introduction to sflow Holger Hasenaug, Technical Consultant HP ProCurve Networking CCIE#6343 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject
More information9. Security. Safeguard Engine. Safeguard Engine Settings
9. Security Safeguard Engine Traffic Segmentation Settings Storm Control DoS Attack Prevention Settings Zone Defense Settings SSL Safeguard Engine D-Link s Safeguard Engine is a robust and innovative technology
More informationRelease Notes: ProCurve Manager Version 2.2/2.2.1, Update 5
Release Notes: ProCurve Manager Version 2.2/2.2.1, Update 5 PCM version 2.2/2.2.1, Update 5 supports these products: J9056A ProCurve Manager Plus 2.2 - upgrade from PCM 1.6 license to PCM Plus 2.2 50-device
More informationProCurve Manager Plus 2.3
ProCurve Manager Plus 2.3 is a secure, advanced Windows-based network management platform that allows administrators to configure, update, monitor, and troubleshoot ProCurve devices centrally with easy-to-use
More informationWireless Network Security
Wireless Network Security Why wireless? Wifi, which is short for wireless fi something, allows your computer to connect to the Internet using magic. -Motel 6 commercial 2 but it comes at a price Wireless
More informationDetecting Specific Threats
The following topics explain how to use preprocessors in a network analysis policy to detect specific threats: Introduction to Specific Threat Detection, page 1 Back Orifice Detection, page 1 Portscan
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationDetecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network
More informationAchieving regulatory compliance with reports from ProCurve PCM, IDM, and NIM
An HP ProCurve Networking Application Note Achieving regulatory compliance with reports from ProCurve PCM, IDM, and NIM Contents 1. Introduction... 2 2. Prerequisites... 2 3. Network diagram... 2 4. Instructions
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationDetecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0
Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.
More informationManaging Networks for Successful VoIP Implementations
Managing Networks for Successful VoIP Implementations Kevin Porter Senior Network Management Strategist November, 2008 2008 Hewlett-Packard Development Company, L.P. The information contained herein is
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More informationConfiguring Flood Protection
Configuring Flood Protection NOTE: Control Plane flood protection is located on the Firewall Settings > Advanced Settings page. TIP: You must click Accept to activate any settings you select. The Firewall
More informationImproving Your Network Defense. Joel M Snyder Senior Partner Opus One
Improving Your Network Defense Joel M Snyder Senior Partner Opus One jms@opus1.com Agenda: Improving Your Network Defense What s the Thesis? Intrusion Detection Collecting Information Enabling Features
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationPort Mirroring in CounterACT. CounterACT Technical Note
Table of Contents About Port Mirroring and the Packet Engine... 3 Information Based on Specific Protocols... 4 ARP... 4 DHCP... 5 HTTP... 6 NetBIOS... 7 TCP/UDP... 7 Endpoint Lifecycle... 8 Active Endpoint
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationCisco Security Monitoring, Analysis and Response System 4.2
Q&A Cisco Security Monitoring, Analysis and Response System 4.2 GENERAL Q. What is the Cisco Security Monitoring, Analysis and Response System? A. The Cisco Security Monitoring, Analysis and Response System
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationMonitoring and Threat Detection
Monitoring and Threat Detection with Netflow Michael Belan Consulting Systems Engineer Cisco GSSO January 2017 AGENDA What is SW? Where does it fit in overall Cisco Security framework? What is SW? What
More informationIntroduction to Network Discovery and Identity
The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, page 1 Uses for Host, Application, and User Discovery and Identity
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More information1. Intrusion Detection and Prevention Systems
1. Intrusion Detection and Prevention Systems Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which
More informationIntroduction to Network Discovery and Identity
The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, on page 1 Uses for Host, Application, and User Discovery and Identity
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationHP Identity Driven Manager Software Series
HP Identity Driven Manager Software Series Data sheet Product overview HP Identity Driven Manager (IDM), a plug-in to HP PCM+, dynamically provisions network security and performance settings based on
More informationKlaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access
Klaudia Bakšová System Engineer Cisco Systems Cisco Clean Access Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits The Challenge of Securing
More informationFirewalls, IDS and IPS. MIS5214 Midterm Study Support Materials
Firewalls, IDS and IPS MIS5214 Midterm Study Support Materials Agenda Firewalls Intrusion Detection Systems Intrusion Prevention Systems Firewalls are used to Implement Network Security Policy Firewalls
More informationQuickSpecs HP ProCurve Manager Plus 3.1
Overview HP ProCurve Manager Plus is a Microsoft Windows-based network management platform that enables mapping, configuration, and monitoring. HP ProCurve Manager Plus provides security and extensibility
More informationCisco Intrusion Prevention Solutions
Cisco Intrusion Prevention Solutions Proactive Integrated, Collaborative, and Adaptive Network Protection Cisco Intrusion Prevention System (IPS) solutions accurately identify, classify, and stop malicious
More informationintelop Stealth IPS false Positive
There is a wide variety of network traffic. Servers can be using different operating systems, an FTP server application used in the demilitarized zone (DMZ) can be different from the one used in the corporate
More informationSecurity Assessment Checklist
Security Assessment Checklist Westcon Security Checklist - Instructions The first step to protecting your business includes a careful and complete assessment of your security posture. Our Security Assessment
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationChapter 4. Network Security. Part I
Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid
More informationIndex. Numerics. Index 1
Index Numerics 3DES 7-3, 8-3 802.1x See port-based access control. A aaa authentication 5-8 aaa authenticaton web browser 6-11 aaa port-access See Web or MAC Authentication. access levels, authorized IP
More informationSeceon s Open Threat Management software
Seceon s Open Threat Management software Seceon s Open Threat Management software (OTM), is a cyber-security advanced threat management platform that visualizes, detects, and eliminates threats in real
More informationISO/IEC Controls
ISO/IEC 27001 Controls and Netwrix Auditor Mapping www.netwrix.com Toll-free: 888-638-9749 About ISO/IEC 27001 ISO/IEC 27001 is an international standard that provides requirements for establishing, implementing,
More informationNetwork Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)
1 Network Security Kitisak Jirawannakool Electronics Government Agency (public organisation) A Brief History of the World 2 OSI Model vs TCP/IP suite 3 TFTP & SMTP 4 ICMP 5 NAT/PAT 6 ARP/RARP 7 DHCP 8
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationTALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT
DATA SHEET agalaxy FOR THUNDER TPS DDOS DEFENSE MONITORING AND MANAGEMENT The A10 agalaxy management system is integrated with PLATFORMS the Thunder TPS (Threat Protection System) for DDoS protection.
More informationIBM Security QRadar Version Architecture and Deployment Guide IBM
IBM Security QRadar Version 7.3.1 Architecture and Deployment Guide IBM Note Before you use this information and the product that it supports, read the information in Notices on page 41. Product information
More informationNetwork Security: Firewall, VPN, IDS/IPS, SIEM
Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationHP ProCurve Manager Plus 3.0
Product overview HP ProCurve Manager Plus is a Microsoft Windows-based network management platform that enables mapping, configuration, and monitoring. HP ProCurve Manager Plus 3.0 provides security and
More informationScanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE
UNIT III STUDY GUIDE Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to: 1. Recall the terms port scanning, network scanning, and vulnerability scanning. 2.
More informationHP IMC Smart Connect Virtual Appliance Software
Data sheet HP IMC Smart Connect Virtual Appliance Software Key features Identity-based access, advanced device profiling, and real-time traffic quarantining Converged network support with universal policies
More informationWhat s New in Netwrix Auditor 9.7
What s New in Netwrix Auditor 9.7 Jeff Melnick Manager, Pre-Sales Engineering Jeff.Melnick@netwrix.com Agenda What s New in Netwrix Auditor 9.7 Briefly About Netwrix Auditor Q&A Prize Drawing INTRODUCING
More informationProCurve ProActive Defense: A Comprehensive Network Security Strategy
ProCurve Networking by HP ProCurve ProActive Defense: A Comprehensive Network Security Strategy Introduction... 2 The Impact of Network Security on Companies... 2 The Security Approach Matters... 3 What
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationCS System Security 2nd-Half Semester Review
CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationForescout. Configuration Guide. Version 8.1
Forescout Version 8.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationBehavior-Based IDS: StealthWatch Overview and Deployment Methodology
Behavior-Based IDS: Overview and Deployment Methodology Lancope 3155 Royal Drive, Building 100 Alpharetta, Georgia 30022 Phone: 770.225.6500 Fax: 770.225.6501 www.lancope.com techinfo@lancope.com Overview
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter
More informationChapter 8 roadmap. Network Security
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing
More informationCisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion
Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion What You Will Learn The wireless spectrum is a new frontier for many IT organizations. Like any other networking medium,
More informationWireless and Network Security Integration Solution Overview
Wireless and Network Security Integration Solution Overview Solution Overview Introduction Enterprise businesses are being transformed to meet the evolving challenges of today's global business economy.
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationIBM Security QRadar SIEM Version Getting Started Guide
IBM Security QRadar SIEM Version 7.2.0 Getting Started Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 35. Copyright IBM
More informationPCI DSS Requirements. and Netwrix Auditor Mapping. Toll-free:
PCI DSS Requirements and Netwrix Auditor Mapping www.netwrix.com Toll-free: 888-638-9749 About PCI DSS The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationplixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels
Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to
More informationVisibility: The Foundation of your Cybersecurity Infrastructure. Marlin McFate Federal CTO, Riverbed
Visibility: The Foundation of your Cybersecurity Infrastructure Marlin McFate Federal CTO, Riverbed Detection is Only One Part of the Story Planning and Remediation are just as critical 20 18 Hackers Went
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Education Services administration course The McAfee Network Security Platform Administration course from McAfee Education Services is an essential
More informationOverview. Information About wips CHAPTER
1 CHAPTER This chapter describes the role of the Cisco 3300 mobility services engine (MSE) and the Cisco Adaptive Wireless Intrusion Prevention System (wips) within the overall Cisco Unified Wireless Network
More informationDigital forensics Technical Fundamentals. Saurabh Singh
Digital forensics Technical Fundamentals Saurabh Singh 159744151 saurabhgcet1989@gmail.com Topics Source of network based evidence Principles of internetworking Internet protocol Suite conclusion Source
More informationHP E-PCM Plus Network Management Software Series Overview
Overview HP E-PCM Plus Network Management is a Microsoft Windows -based network management platform that enables mapping, configuration, and monitoring. HP PCM Plus provides security and extensibility
More informationApplication Notes for Mirage Networks CounterPoint in an Avaya IP Telephony Infrastructure Issue 1.0
Avaya Solution & Interoperability Test Lab Application Notes for Mirage Networks CounterPoint in an Avaya IP Telephony Infrastructure Issue 1.0 Abstract These Application Notes describe a configuration
More informationIntruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:
Intruders significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders: masquerader misfeasor clandestine user varying levels of competence
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationRSA IT Security Risk Management
RSA IT Security Risk Adding Insight to Security March 18, 2014 Wael Jaroudi GRC Sales Specialist 1 Where is Security Today? Companies have built layer upon layer of security, but is it helping? Complexity
More informationOSSIM Fast Guide
----------------- OSSIM Fast Guide ----------------- February 8, 2004 Julio Casal http://www.ossim.net WHAT IS OSSIM? In three phrases: - VERIFICATION may be OSSIM s most valuable contribution
More information2. Firewall Management Tools used to monitor and control the Firewall Environment.
Firewall Review Section 1 FIREWALL MANAGEMENT & ADMINISTRATION Common management practices with regard to administering the (company) network should be in accordance with company policies and standards.
More informationModular Policy Framework. Class Maps SECTION 4. Advanced Configuration
[ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a
More informationConverged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products
Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in
More informationIntrusion Detection. Comp Sci 3600 Security. Introduction. Analysis. Host-based. Network-based. Distributed or hybrid. ID data standards.
or Detection Comp Sci 3600 Security Outline or 1 2 3 4 5 or 6 7 8 Classes of or Individuals or members of an organized crime group with a goal of financial reward Their activities may include: Identity
More informationITSM SERVICES. Delivering Technology Solutions With Passion
ITSM SERVICES Delivering Technology Solutions With Passion 02 CONTENTS OVERVIEW CLIENTS SOLUTIONS WHAT WE DO PROFESSIONAL SERVICES Overview IT Pillars is a dynamic company, which has served, over the past
More informationProCurve Identity Driven Manager
User s Guide ProCurve Identity Driven Manager Software Release 2.3 www.procurve.com Copyright 2008 Hewlett-Packard Development Company, LP. All Rights Reserved. This document contains information which
More informationQuickSpecs ProCurve Identity Driven Manager 2.2
Overview ProCurve Identity Driven Manager, a plug-in to, dynamically configures security and performance settings based on user, device, location, time, and client system state. IDM provides network administrators
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationExam: : VPN/Security. Ver :
Exam: Title : VPN/Security Ver : 03.20.04 QUESTION 1 A customer needs to connect smaller branch office locations to its central site and desires a more which solution should you recommend? A. V3PN solution
More informationsecuring your network perimeter with SIEM
The basics of auditing and securing your network perimeter with SIEM Introduction To thwart network attacks, you first need to be on top of critical security events occurring in your network. While monitoring
More informationEnterasys. Design Guide. Network Access Control P/N
Enterasys Network Access Control Design Guide P/N 9034385 Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site
More informationWireless Clients and Users Monitoring Overview
Wireless Clients and Users Monitoring Overview Cisco Prime Infrastructure 3.1 Job Aid Copyright Page THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More information4 Ways Your Organization Can Be Hacked
Behind the Scenes 4 Ways Your Organization Can Be Hacked Brian Johnson President, 7 Minute Security Jeff Melnick Netwrix, Systems Engineer Agenda Quick introductions The ways your organization can be hacked
More informationCINBAD. CERN/HP ProCurve Joint Project on Networking. Post-C5 meeting, 12 June 2009 (hepix, 26 May 2009)
CINBAD CERN/HP ProCurve Joint Project on Networking Post-C meeting, 12 June 2009 (hepix, 26 May 2009) Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN Outline Introduction to CERN network CINBAD
More informationUnlocking the Power of the Cloud
TRANSFORM YOUR BUSINESS With Smarter IT Unlocking the Power of the Cloud Hybrid Networking Managed Security Cloud Communications Software-defined solutions that adapt to the shape of your business The
More informationA Security Admin's Survival Guide to the GDPR.
A Security Admin's Survival Guide to the GDPR www.manageengine.com/log-management Table of Contents Scope of this guide... 2 The GDPR requirements that need your attention... 2 Prep steps for GDPR compliance...
More informationFirewalls for Secure Unified Communications
Firewalls for Secure Unified Communications Positioning Guide 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 12 Firewall protection for call control
More information