Automatic Quantification and Minimization of Attack Surfaces
|
|
- Austin Adams
- 5 years ago
- Views:
Transcription
1 Automatic Quantification and Minimization of Attack Surfaces October Mr. Michael Atighetchi, Dr. Borislava Simidchieva (617) ), Mr. Nathaniel Soule, Dr. Fusun Yaman, Dr. Joseph Loyall Raytheon BBN Technologies Dr. David Last, Dr. David Myers, Capt. Bridget Flatley United States Air Force Research Laboratory 03/23/15
2 Problem Cyber warfare is stacked against the defender Defender: Protect against all the ways that an adversary can potentially compromise security Adversary: Find only a single attack vector to be successful Cyber defenses have become increasingly proactive Moving Target Defenses (MTDs) continuously change attack surfaces to increase adversarial work load and uncertainty. Defense configuration is a poorly understood, non-quantifiable process Add defenses that provide little added value Introduce unacceptable cost or overhead Inadvertently increase the attack surface Cause unintended side effects when combined with other defenses Urgent Need in the DoD : Select and configure cyber defenses for a distributed mission-critical system with a clear quantitative understanding of security properties of the resulting system. 2
3 Motivating Examples Improper randomization frequency IP Hopping MTDs that change addresses at an interval greater than the required time for an attack to complete provide no benefit Invalid defense composition Deploying two IP hopping defenses could cause one to invalidate the other Deploying an OS hopping defense in the presence of a separate defense that relies on a particular OS could cause periodic outages of that defense. Improper dynamism trigger Temporal OS Hopping Changing the OS of a system based on time may have a temporary confusion effect on the adversary, but also opens up the ability for the attacker to wait for a target OS for which they have an exploit Action 3
4 Example: Multiple Moving Target Defenses Example Proactive Defenses: IP Hopping between the client and the Windows-based application server to randomize IP source and target addresses and port information and dynamically reconfigure every X seconds. OS Hopping & Masquerading on the application server, switching between operating systems upon getting notifications that the specific operating system in use is vulnerable in the current deployment. Binary diversity techniques that randomize memory layout either during installation or for each process restart either, e.g., by Address Space Layout Randomization (ASLR) or by the use of multi-compilers to generate diverse binary layouts on disk. Continuous restart of application processes to remove any foothold an adversary might have gained as the result of intermediate points in an attack vector. Example Configuration Problems Misconfiguration of a specific MTD Too slow to be useful, causing too much performance impact Compositional issues across multiple MTDs IP Hopping only supported by Windows OS Hopping/Masquerading supported across multiple OSs 4
5 Attack Surface Reasoning in One Slide Problem: Select and configure cyber defenses for a distributed mission-critical system with a clear quantitative understanding of security properties of the resulting system. Objective: Provide models and algorithms for quantifying and analyzing the attack surfaces of distributed dynamic systems and different cyber defenses Models for attack surfaces that tie together information about systems, defenses, and attack vectors to enable quantitative characterization of attack surfaces Algorithms for evaluating the effectiveness of a set of defenses to (1) reduce the size of attack surfaces so that they enforce least privilege constraints and (2) shift attack surfaces so they appear random to attackers Metrics for characterizing the attack surface of a dynamic, distributed system at the application, operating system, and network layers Significance to Air Force and Impact: ASR enables cyber defenders to quantify the impact of adding or reconfiguring defenses of mission critical applications, providing key metrics for effective and efficient proactive defense. 5
6 Modeling Approach ASR s reasoning operates over a set of sub-models System, Defense, Adversary, Attack, and Mission Semantic modeling approach All models described using the Web Ontology Language (OWL) Ontologies draw from previous work and other existing representations (e.g. Microsoft STRIDE) Model Creation Instance models are currently created by hand new work will enable automated model generation from real systems Numerous model instances of each model category were created in support of testing Models of a three-tiered web application stack Models of IP Hopping, OS Masquerading, and OS Hopping defenses Missions modeled after real military exercises 6
7 Attack Surface Model: Model Composition Mission Attack Library Defense System Adversary The entities that comprise the system in question: e.g. hosts, network interface cards, processes. Employs the Microsoft STRIDE representations as a base ontology. 7
8 Attack Surface Model: Model Composition Mission Attack Library Defense System Adversary Describes the static and dynamic defensive mechanisms available, in particular those aspects of the mechanisms that impact the systems they protect both positively (e.g., additional protection) and negatively (e.g., additional resource usage). 8
9 Attack Surface Model: Model Composition Mission Attack Library Defense System Adversary Describes the potential starting points for an adversary both spatially and in terms of assumed knowledge. 9
10 Attack Surface Model: Model Composition Models types of attacks and their properties such that a given attack surface can be analyzed for susceptibility. Mission Attack Library Defense System Adversary 10
11 Attack Surface Model: Model Composition Models the information flows and requirements of a mission, allowing for determination of non-essential functions and for detection of threshold violation for mission essential elements. Mission Attack Library Defense System Adversary 11
12 System Models Capture aspects of the target compute platform Multi-layered and multi-depth Generic abstractions used by reasoning Inspired by concepts used in Microsoft STRIDE models Processes, Data Flows, Data Stores External Entities, Boundaries Specific abstractions used to communicate with users NICs, Endpoints, Users, Hosts Defined using Semantic Web ontologies Provides a connected graph Can easily be extended to include new concepts Scales to billions of nodes 12
13 Example System Model UAV Client 1 IMS Server 1 VP1 Endpoint3 <Listen> IMS1 Endpoint6 Endpoint8 <Listen> NIC3 VLAN1 NIC4 Admin 1 Endpoint4 Admin Client1 Endpoint1 Endpoint2 <Listen> Endpoint11 <Listen> Endpoint12 NIC6 NIC8 VLAN2 Niki Costa Admin User 1 MNE1 MNE4 MNE2 MNE3 NIC7 Endpoint7 <Listen> NIC9 Eclient 1 Endpoint9 Enterpr Client1 Mobile Network 1 Image DB1 Jane Doe Enterprise User 1 Endpoint10 Attack Client 1 A2 Endpoint13 JTAC Client 1 JTAC1 Endpoint5 <Listen> Data DB Server 1 JTAC User 1 John Smith BackedBy ConnectsTo Process Dataflow Network Dataflow Vertical Boundary Horizontal Boundary Entity Process Layer Entity Network Layer Entity Physical Layer Data Store External Entity 13
14 Defense Models Capture aspects of cyber defense Describes setup requirements, security benefits, and costs Categories security properties into 14 abstract categories Captures dynamic aspects of defenses Randomization space, reconfiguration interval, key sharing 14
15 List of Abstract Defense Capabilities Defense Protect Against Examples Signing Tampering HAIPE, TLS, XML Signature Encryption Information Disclosure HAIPE, TLS, XML Encryption Authentication Spoofing HAIPE, TLS, Passwords Authorization Escalation of Privilege HAIPE, Firewalls, XACML, CDSs Data Filtering Escalation of Privilege Snort, Dirty Word Lists, XML Schema Validation Data Sanitization Escalation of Privilege PDF printer conversion, XSLT Intrusion Detection System Repudiation Bro, HBSS Audit Repudiation Log4j, Linux auditd Randomization Masquerade Tarpitting Tampering, Information Disclosure, Denial of Service, Escalation of Privilege, InformationDisclosure, Elevation of Privilege Tampering, Escalation of Privilege, Denial of Service IP Hopping, OS Hopping, Single Packet Authorization OS Masquerading Labrea, HTTP redirects Data Poisoning Repudiation MS Word macros Isolation Escalation of Privilege Virtualization, VLANs Watchdog Tampering, Denial of Service Linux service daemon, APS watchdogs Replication Tampering, Denial of Service Load Balancing, Crash FT, Byzantine FT 15
16 Current Status of Mission Models Mission model combines: Mission-critical system processes and dataflows Requirements on these system components Cost requirements specify two cost overhead thresholds: low and high, resulting in three banded grades: Security requirements specify three orthogonal dimensions graded on a PASS/FAIL scale with respect to attacks: high low 0 FAIL DEGRADED PASS Availability If any one fails, security fails. 16
17 Adversary Models Attack Step Pre-Condition Post-Condition Start Target Action Privilege required to execute the step Results and side effects of executing the step Specificelement that satisfies the Pre-Condition Specific element that satisfies the Post-Condition STRIDE (+CAPAC) Adversary has Current position: Parts of the system the adversary has access to Goal: A partially instantiated attack step Knowledge: Information or privilege the attacker has, e.g. through insider info Adversary capabilities are not modeled currently We plan to add a skill level for each attack step and adversary Attack Vector Steps Ordered sequence of steps 17
18 Example Attack Steps Currently Modelled Name Type Requires Side Effect Sniff PortScan TCPConFlood OSFingerPrint GetRoot Information Disclosure Information Disclosure Accessto network Network reachability Denial of Service Network reachability & Knowledgeabout the target endpoint Information Disclosure Elevation of Privilege Knowledgeon listening socket on a host Knowledgeon host OS and listening socket ShutDownServer Denial of Service Knowledgeon host OS and listening socket Root privilege on host Knowledge about observed network flows Knowledge about listening sockets Depletes file descriptors at a given rate Knowledgeabout host OS specifics Root privilege on host Server unavailable 18
19 Algorithms: Attack Vector Finding Illustration UAV Client 1 IMS Server 1 VP1 EP1 MNE1 MNE4 EP10 A2 Attack Client 1 EP2 <Listen> EP13 JTAC Client 1 IMS1 Mobile Network 1 (MN1) JTAC1 EP11 <Listen> MNE2 MNE3 EP12 EP5 <Listen> Find all vectors of length 2 or less Achieving the goal: DOS at IMS Server Starting Position Sniff MN1 Info: EP2 EP5 Deplete Resources IMS1 Connected: Mobile Network 1 TCPConFlood EP2 Scan MN1 Info: EP2 EP5 EP11 Deplete Resources IMS1 TCPConFlood EP11 ATTACK VECTORS 1. Sniff MN1, TCPConFlood EP2 2. Probe MN1, TCPConFlood EP2 3. Probe MN1, TCPConFlood EP11 19
20 Algorithms: Attack Vectors with Defense UAV Client 1 IMS Server 1 VP1 IP-Hopping EP2 <Listen> EP1 MNE1 MNE4 EP10 A2 Attack Client 1 EP13 JTAC Client 1 IMS1 Mobile Network 1 (MN1) JTAC1 EP11 <Listen> MNE2 MNE3 EP12 EP5 <Listen> Find all vectors of length 2 or less Achieving the goal: DOS at IMS Server Starting Position Sniff MN1 Info: EP2 EP5 Deplete Resources IMS1 Connected: Mobile Network 1 TCPConFlood EP2 Scan MN1 Info: EP2 EP 5 EP11 Deplete Resources IMS1 TCPConFlood EP11 ATTACK VECTORS 1. Sniff MN1, TCPConFlood EP2 2. Probe MN1, TCPConFlood EP2 3. Probe MN1, TCPConFlood EP11 20
21 Metrics: Aggregates and Drilling into Details Instead of a single number, keep a few very informative scores that allow for comparison System Security Aggregate Security Indexsummarizes security metrics Individual concerns such as length of attack vectors are easily viewed Cost Aggregate Cost Index summarizescost metrics Individual concerns such as latency penalty of defense can be examined Mission Missionsare ranked as pass, degraded, or fail. Lowest score prevails for aggregate mission scores along security, cost, or both Individual concerns such as confidentiality still accessible Individual concerns such as percent of dataflows that fail latency viewable 21
22 Formulation of Aggregate System Metrics Metric Factors Why? Aggregate Security Index (ASI) MinLengthOfAttackVectors^2 NumberOfBoundaries / NumberOfAttackVectors 10 NumberOfBoundaries/ NumberOfEntryPoints 1.75 P(AttackVectorSuccess)/ ShortestAttackVectorDuration 0.5 Attacker Workload 1h Coverage over known attacks Coverage over unknown attacks Probabilistic Vector Impact Aggregate Cost Index (ACI) LatencyImpact (%) 75 KPP ThroughputImpact (%) 25 KPP under load NumberOfImpacted DataFlows 10 Coverage over flows KPP=Key Performance Parameter 22
23 ASR Prototype Web service based implementation allowing: Programmatic interaction (REST API) Browser based GUI interaction Load, visualize, query, and analyze models View analysis results (metrics) View identified attack vectors Heat map comparison of 3 configurations 23
24 ASR User Interface High-Level Security and Cost Metrics Lower-Level Metrics Drill down to find actual attack vectors 24
25 Conclusion Selecting and configuring cyber defenses remains to be difficult and error-prone Operators lack a clear quantitative understanding of security properties of the resulting system Attack Surface Reasoning provides a framework for quantifying and minimizing attack surfaces Models describing systems, defenses, missions, attacks, and adversaries Algorithms for building attack vectors and minimizing the attack surface Metrics for performing relative comparisons for security and cost Prototype web service capability supporting what-if analyses Next steps Improve scalability, automate model construction 25
Survey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationSmart Attacks require Smart Defence Moving Target Defence
Smart Attacks require Smart Defence Moving Target Defence Prof. Dr. Gabi Dreo Rodosek Executive Director of the Research Institute CODE 1 Virtual, Connected, Smart World Real World Billions of connected
More informationCyber Moving Targets. Yashar Dehkan Asl
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationOverview. Priorities for Immediate Action with Adaptive Response The top priorities for Adaptive Response are:
Disrupting the Attack Surface Overview The design principles for disrupting the attack surface create a more difficult environment for the adversary, provide defenders with the ability to observe and analyze
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationInstructions 1 Elevation of Privilege Instructions
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3-6 players. Play starts with the 3 of Tampering. Play
More informationDifferent attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT
Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT environment (e.g., Windows vs Linux) Levels of abstraction
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More information68 Insider Threat Red Flags
68 Insider Threat Red Flags Are you prepared to stop the insider threat? Enterprises of all shapes and sizes are taking a fresh look at their insider threat programs. As a company that s been in the insider
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationDouble Guard: Detecting intrusions in Multitier web applications with Security
ISSN 2395-1621 Double Guard: Detecting intrusions in Multitier web applications with Security #1 Amit Patil, #2 Vishal Thorat, #3 Amit Mane 1 amitpatil1810@gmail.com 2 vishalthorat5233@gmail.com 3 amitmane9975@gmail.com
More informationPotential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group Submitted on behalf of the U.S. Department of Energy National
More informationShiftLeft. Real-World Runtime Protection Benchmarking
ShiftLeft Real-World Runtime Protection Benchmarking Table of Contents Executive Summary... 02 Testing Approach... 02 ShiftLeft Technology... 04 Test Application... 06 Results... 07 SQL injection exploits
More informationSecurity Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe
Security Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe Talk Overview Security has been one of the great detractors for wireless technologies (and
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationResilient Architectures
Resilient Architectures Jeffrey Picciotto 2 nd Annual Secure and Resilient Cyber Architectures Workshop Transformation of Thought CONOPS Use Cases End to End Flows Cyber Threats & Intelligence Prioritize
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationIT Service Delivery and Support Week Three. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao
IT Service Delivery and Support Week Three IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Infrastructure Essentials Computer Hardware Operating Systems (OS) & System Software Applications
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationIBM Security QRadar Deployment Intelligence app IBM
IBM Security QRadar Deployment Intelligence app IBM ii IBM Security QRadar Deployment Intelligence app Contents QRadar Deployment Intelligence app.. 1 Installing the QRadar Deployment Intelligence app.
More informationSubmitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group (CSSWG) Submitted on behalf of the DOE National SCADA Test
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 6 Intrusion Detection First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Intruders significant issue hostile/unwanted
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationSecurity Compliance and Data Governance: Dual problems, single solution CON8015
Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology
More information*NSTAC Report to the President on the Internet of Things.
North Carolina Highway Signs Compromised By a Foreign Hacker* Penetration of a Water Treatment Facility by a Foreign Hacker* *NSTAC Report to the President on the Internet of Things. www.dhs.gov/sites/default/files/publications/
More informationOn Demand secure routing protocol resilient to Byzantine failures
On Demand secure routing protocol resilient to Byzantine failures Primary Reference: B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens, An on-demand secure routing protocol resilient to Byzantine failures,
More informationAutomated Attack Framework for Test & Evaluation (AAFT)
Automated Attack Framework for Test & Evaluation (AAFT) 34 th International Test and Evaluation Association Symposium October 4, 2017 Mr. Andrew Shaffer The Applied Research Laboratory The Pennsylvania
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationStreamSets Control Hub Installation Guide
StreamSets Control Hub Installation Guide Version 3.2.1 2018, StreamSets, Inc. All rights reserved. Table of Contents 2 Table of Contents Chapter 1: What's New...1 What's New in 3.2.1... 2 What's New in
More informationCyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationProbabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses
Probabilistic Performance Analysis of Moving Target and Deception Reconnaissance Defenses Michael Crouse, Bryan Prosser and Errin W. Fulp WAKE FOREST U N I V E R S I T Y Department of Computer Science
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationThe Protocols that run the Internet
The Protocols that run the Internet Attack types in the Internet Seminarvortrag Sommersemester 2003 Jens Gerken Content Internet Attacks Introduction Network Service Attacks Distributed Denial of Service
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationvcenter Operations Management Pack for NSX-vSphere
vcenter Operations Management Pack for NSX-vSphere vcenter Operations Manager 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationTHREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda
THREAT MODELING IN SOCIAL NETWORKS Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda INTRODUCTION Social Networks popular web service. 62% adults worldwide use social media 65% of world top companies
More informationMcAfee Network Security Platform
McAfee Network Security Platform 9.2 (Quick Tour) McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and software that accurately detects and prevents
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationNetwork Behavior Analysis
N E T W O R K O P E R AT I O N S. S I M P L I F I E D. FORWARD ENTERPRISE HIGHLIGHTS Forward Networks is the leader in Intent-based Networking and network assurance to automate the analysis and verification
More informationEnterSpace Data Sheet
EnterSpace 7.0.4.3 Data Sheet ENTERSPACE BUNDLE COMPONENTS Policy Engine The policy engine is the heart of EnterSpace. It evaluates digital access control policies and makes dynamic, real-time decisions
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationIDS: Signature Detection
IDS: Signature Detection Idea: What is bad, is known What is not bad, is good Determines whether a sequence of instructions being executed is known to violate the site security policy Signatures: Descriptions
More informationInstructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3 6 players. Play starts with the 3 of Tampering. Play
More informationAn On-demand Secure Routing Protocol Resilient to Byzantine Failures. Routing: objective. Communication Vulnerabilities
An On-demand Secure Routing Protocol Resilient to Byzantine Failures Baruch Awerbuch Johns Hopkins University On-Demand vs. Proactive Routing Security Concerns On-Demand Source Authentication Caching presents
More informationICS Security Monitoring
ICS Security Monitoring INFRASTRUCTURE MINING & METALS NUCLEAR, SECURITY & ENVIRONMENTAL OIL, GAS & CHEMICALS Moses Schwartz Security Engineer Computer Incident Response Team Bechtel Corporation State
More informationAn On-demand Secure Routing Protocol Resilient to Byzantine Failures
An On-demand Secure Routing Protocol Resilient to Byzantine Failures Baruch Awerbuch Johns Hopkins University Joint work with David Holmer, Cristina Nita-Rotaru, and Herbert Rubens Based on paper at WiSe2002
More informationTest Harness for Web Application Attacks
IJSRD National Conference on Advances in Computer Science Engineering & Technology May 2017 ISSN: 2321-0613 Test Harness for Web Application Attacks Kishan Chudasama 1 Mr. Girish Khilari 2 Mr. Suresh Sikka
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationApplication and Data Security with F5 BIG-IP ASM and Oracle Database Firewall
F5 White Paper Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall Organizations need an end-to-end web application and database security solution to protect data, customers,
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationAvanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.
Avanan for G Suite Technical Overview Contents Intro 1 How Avanan Works 2 Email Security for Gmail 3 Data Security for Google Drive 4 Policy Automation 5 Workflows and Notifications 6 Authentication 7
More informationPRODUCT GUIDE Wireless Intrusion Prevention Systems
PRODUCT GUIDE Wireless Intrusion Prevention Systems The Need for Wireless INTRUSION PREVENTION SYSTEMS A Wireless Intrusion Prevention System (WIPS) is designed to address two classes of challenges facing
More informationDevelopment*Process*for*Secure* So2ware
Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development
More informationCatalog of Control Systems Security: Recommendations for Standards Developers. September 2009
Catalog of Control Systems Security: Recommendations for Standards Developers September 2009 2.7.11.2 Supplemental Guidance Electronic signatures are acceptable for use in acknowledging rules of behavior
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationContainer Deployment and Security Best Practices
Container Deployment and Security Best Practices How organizations are leveraging OpenShift, Quay, and Twistlock to deploy, manage, and secure a cloud native environment. John Morello CTO Twistlock Dirk
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationUnit Level Secure by Design Approach
Unit Level Secure by Design Approach Abstract Authors: Vasantharaju MS & Joshua Cajetan Rebelo Vasantharaju_MS@McAfee.com Joshua.Rebelo@Siemens.com With cyber-attacks on the rise and high-profile breaches
More informationCYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun Reading This lecture [McGraw]: Ch. 7-9 2 Seven Touchpoints 1. Code review 2. Architectural
More informationCampus Network Design
Design Principles Campus Network Design 2003, Cisco Systems, Inc. All rights reserved. 2-1 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0 2-2 Design Principles Task in Network Design Plan phase
More informationIDP Detector Engine Release Notes
IDP Detector Engine Release Notes Part Number: 530-029025-01 Revision January 15, 2009 Contents Recent Release History...2 IDP Detector Engine Overview...3 Understanding IDP Detector Engine Version Numbers...3
More information4. Risk-Based Security Testing. Reading. CYSE 411/AIT 681 Secure Software Engineering. Seven Touchpoints. Application of Touchpoints
Reading This lecture [McGraw]: Ch. 7-9 CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun 2 Seven Touchpoints Application of Touchpoints
More informationA Data Driven Approach to Designing Adaptive Trustworthy Systems
A Data Driven Approach to Designing Adaptive Trustworthy Systems Ravishankar K. Iyer (with A. Sharma, K. Pattabiraman, Z. Kalbarczyk, Center for Reliable and High-Performance Computing Department of Electrical
More informationNetwork Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018
Network Security Evil ICMP, Careless TCP & Boring Security Analyses Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018 Part I Internet Control Message Protocol (ICMP) Why ICMP No method
More informationSYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS
SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS David Murotake, (SCA Technica, Inc. Nashua NH, USA; david.murotak@scatechnica.com) Antonio Martin (SCA Technica, Inc., Nashua NH, USA;
More informationKnowledge-based Decision Making for Simulating Cyber Attack Behaviors
Knowledge-based Decision Making for Simulating Cyber Attack Behaviors Stephen Moskal (sfm5015@rit.edu) Dr. Michael Kuhl, Dr. Shanchieh Jay Yang Rochester Institute of Technology Department of Computer
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Professor, SIS Lecture 12 2016 Intrusion Detection, Auditing System Firewalls & VPN 1 Intrusion Detection 2 Intrusion Detection/Response Denning:
More informationArchitecting the Right SOA Infrastructure
Infrastructure Architecture: Architecting the Right SOA Infrastructure Robert Insley Principal SOA Global Technology Services 2007 IBM Corporation SOA Architect Summit Roadmap What is the impact of SOA
More informationThreat Modeling Using STRIDE
Threat Modeling Using STRIDE By: Girindro Pringgo Digdo, M.T., CSX-F http://www.girindropringgodigdo.net/ girindigdo@gmail.com 1 About Dealing with Information Security Fields: VAPT Generate New Attack
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : HP0-Y24 Title : Securing HP ProCurve Networks Vendors : HP Version : DEMO Get Latest
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationIS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS
IS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS I understand the difference in destruction is dramatic, but this has a whiff of August 1945. Someone just used a new weapon,
More informationOWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13
Airlock and the OWASP TOP 10-2017 Version 2.1 11.24.2017 OWASP Top 10 A1 Injection... 3 A2 Broken Authentication... 5 A3 Sensitive Data Exposure... 6 A4 XML External Entities (XXE)... 7 A5 Broken Access
More informationDocument Sub Title. Yotpo. Technical Overview 07/18/ Yotpo
Document Sub Title Yotpo Technical Overview 07/18/2016 2015 Yotpo Contents Introduction... 3 Yotpo Architecture... 4 Yotpo Back Office (or B2B)... 4 Yotpo On-Site Presence... 4 Technologies... 5 Real-Time
More informationConfinement (Running Untrusted Programs)
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationWHO AM I? Been working in IT Security since 1992
(C) MARCHANY 2011 1 WHO AM I? Been working in IT Security since 1992 CISO at VA Tech 35+K node network. dual stack IPV4, IPV6 network since 2006 Multi-national Main campus (Blacksburg, VA), Remote campuses
More informationThis release of the product includes these new features that have been added since NGFW 5.5.
Release Notes Revision A McAfee Next Generation Firewall 5.7.10 Contents About this release New features Enhancements Known limitations Resolved issues System requirements Installation instructions Upgrade
More information