Using Football Formations in a Honeypot Environment
|
|
- Philip Blankenship
- 5 years ago
- Views:
Transcription
1 Int'l Conf. Security and Management SAM' Using Football Formations in a Honeypot Environment Sebastian Kollmannsperger and Tyrone S. Toland Department of Informatics University of South Carolina Upstate 800 University Way, Spartanburg, SC Kollmans@ .uscupstate.edu, ttoland@uscupstate.edu Abstract Unauthorized access to information continues to be a challenging problem, especially in a time where cyber attacks are on the rise. Current security measures (e.g., access control systems, firewalls, intrusion detection systems) may not be sufficient to protect the information technology (IT) infrastructure from a resourceful malicious attacker. This paper presents a novel approach to embed a football formation into a Honeypot environment. We show how executing football plays in a Honeypot environment can be used to gather information about a malicious attacker. This reconnaissance information can be used to prevent future unauthorized access to sensitive information. We also discuss of our implementation and provide some results from a proof of concept experiment. Keywords Honeypots, Intrusion Detection System, Information Security I. INTRODUCTION Information security has been challenging since humans began exchanging information. For example, cipher has always been discussed in information security. In fact, ciphers were used to encrypt important messages as far back as 50 BC [5]. The advent of the computer required stronger measures to enforce security, which became an even bigger challenge with the rise of the Internet. As companies become inter-connected more and more via the Internet, the challenge of protecting the infrastructure and information becomes an even bigger challenge. Nowadays many different defense mechanisms work together to form a secure system. Firewalls, encryption tools, access control systems, intrusion detection systems as well as other security software contribute to information security in a slightly different way. Schneier [3] identifies three tasks of information security which are prevention, detection and response. All security tools can be assigned to either one of these tasks. Prevention is the attempt to protect resources from danger and harm. Preparations have to be done, to set up mechanisms that protect the IT. The goal is to make it as hard as possible, for intruders and hackers to access resources. Well known prevention tools are firewalls, password protections, encryption tools and digital signatures. When prevention is not effective, detection becomes an important process. With detection, we want to find out if our system was compromised and from where. Detection is therefore like a monitoring tool. However, it does not contribute to the protection of systems, because detection tools act rather passive. An intrusion detection system is an example for a detection system. After an intruder has been detected, we have to react. Every action in a system gets recorded and stored by one of the detection tools. Therefore, also the intruder leaves behind evidences. By analyzing these evidences, we can find out how the attacker got in, what the attacker accessed and what the intruder manipulated. With this information we can take steps to react adequately. Backup and recovery tools are an example of response tools. We now discuss a tool that can be used to assist in securing a computer system. A. Honeypots Compared to other approaches to information security, honeypots are a more aggressive and active form of defense against malicious attacks [2]. Honeypots are defined in different ways. Schneier [3] defines a Honeypot as a security resource whose value lies in being probed, attacked or compromised. This paper defines a Honeypot as an IT resource with the goal to attract potential malicious attackers. That is, any access of the Honeypots is examined and recorded to be used to deter similar attacks from occurring in the future. Contrary to other components of an IT system, it is desired that the Honeypot gets attacked and probed. Since Honeypots are masquerading as sensitive resource, they do not provide any functionality for an organization. Therefore, if a malicious user accesses the Honeypot, then this access can be seen as unauthorized access and therefore as an intrusion [2]. Honeypots can be categorized as either a production honeypot or a research honeypot as follows [3][4]: Production Honeypot: According to the name, these kind of Honeypots are especially used in a production environment. Their main purpose is to gather information for a specific organization about intrusions. They add value to an organizations information security. Research Honeypot: These Honeypots are used principally in a research environment to gather information about potential attackers. They do not add value to a specific organization. Information from Research Honeypots can be used to find out about techniques and resources from attackers
2 300 Int'l Conf. Security and Management SAM'16 which can help to prepare the production system for attacks. B. Value of Honeypots Honeypots are flexible tools and contribute to each one of the three security aspect as follows [4][3]: Prevention: Contrary to the belief of the majority, Honeypots can help to prevent attacks because of deception and deterrence. Deception means, that potential attackers may waste time and resources on honeypots. Without knowing, attackers interact with a honeypot that imitates a valuable resource. During this interaction, organizations have the time to react. After all, attacks can be stopped before even leaking information. Deterrence on the other hand is the effect of scaring off attackers because of the warning effect of Honeypots. When attackers know that an organization uses Honeypots, they may not even try to attack. As we can see, honeypots contribute to the prevention of attacks in a certain degree. Nonetheless, traditional prevention tools like firewalls are more efficient. Detection: Honeypots have the biggest impact in detection. For many organizations, detection is a difficult topic. Schneier [3] identifies three challenges when it comes to detection: false positives, false negatives and data aggregation. False positives are mistakenly reported alerts. This happens, when the system interprets normal network traffic as an attack. The opposite false negatives are attacks, that the system does not notice. Finally, data aggregation is the struggle to collect the data and transform it into valuable information. Common intrusion detection systems struggle in these three aspects. Intrusion detection systems act like a watchdog over a company s IT infrastructure. They monitor the traffic and identify whether an access is authorized or not. Therefore, intrusion detection systems generate a lot of data, resulting in an overload of information. Honeypots however, help us to eliminate these negative aspects. Because every interaction with a honeypot can be seen as unauthorized, honeypots only register these interactions. The problem with data aggregation and false positives can be eliminated. False negatives can still occur, for example if an intrusion does not affect the Honeypot, but this risk can be mitigated by placing the Honeypot in an attracting position. Consequently, Honeypots help us to detect intrusions more effectively. information collected by a Honeypot, we can construct countermeasures to prevent similar attacks from occurring in the future. It should be noted, that the goal of a Honeypot is not to prevent attacks, but to detect them. Therefore, a Honeypot should be combined with other security tools (e.g., firewalls, encryption, password protection). In this paper we discuss how American football plays can be used to gather information about malicious attackers in a honeypot research environment. In particular, we propose using various offensive plays to provide valuable reconnaissance information to defend sensitive information in an infrastructure. This reconnaissance information can be analyzed and used to defend sensitive information in an infrastructure. Our novel approach to mapping football formations into a honeypot research environment can be extended to a networked infrastructure. This paper is organized as follows. In Section II, we discuss a research Honeypot environment. In Section III, we briefly describe a simplified football formation. In Section IV, we show how to map a football formation into a research Honeypot environment. Section V discusses our implementation and results from proof concept experiment. Section VI concludes the paper. II. RESEARCH HONEYPOT ENVIRONMENT Honeypots allow a wide range of application areas. Because of their goal to distract and attract attackers, the best way to use Honeypots is within an IT infrastructure. The probability that an attacker interacts with Honeypots are increased by masquerading as sensitive data. In Fig. 1, we illustrate a Honeypot integrated with other important and possible sensitive IT resources. Fig. 1 is a variation of a model in [4]. Response: After an intrusion is detected, response is the next step to take. Honeypots help us to identify evidences via log files. That is, the user can analyze log files that are generated by Honeypots to find out how the attacker gain access to the system. With the Fig. 1 Honeypot in IT Infrastructure
3 Int'l Conf. Security and Management SAM' The Honeypot is part of the infrastructure similar to other important resources (e.g., mail server, web server). Therefore, the Honeypot distracts and attracts malicious attackers. Assuming that the attacker scans either our web or mail server, the likelihood that the attacker will access the Honeypot is high. III. FOOTBALL OVERVIEW We now provide a brief overview of American Football (football). In American football there are two teams of eleven players. Each team takes turns defending their goal. That is, the defending team wants to prevent the opposing team from taking the football into their end zone to score (e.g., touchdown, field goal, touch back). A. Football Offensive Formation Although in real football there are eleven players per team, we will only consider seven players in this paper. Our offensive formation consists of five players that form the offensive line (OL + ROL). The offensive line has the task of keeping the ball away from the defending team. Behind the offensive line we have the Quarterback (QB) and Running Backs (RB). The job of the QB is to control the play. The Running Back on the other hand tries to outrun the defense. Fig. 2 shows the offense represented a circles. one player of the OL, called the right offensive lineman (ROL). For the purpose of this play, the ROL positions on a different position to be able to perform the play. Fig. 2 shows the starting position. The dashed lines show the running paths of the players. The continuous line shows the path of the ball. So in the first move, the ball travels from the center of the offensive line to the QB. The ROL and RB run their paths. In Fig. 3 we can see the subsequent moves. When the RB crosses the QB, the ball travels from the QB to the RB (1). The next move happens, when the RB crosses the ROL. The ball travels from the RB to the ROL (2). The final move happens, when the ROL crosses the QB. Hereby, the ball goes from the ROL to the QB (3). During the play, the QB does not switch the place. However, the RB and the ROL cross and switch their sides. The ball travels from the center to the QB to the RB to the ROL and back to the QB. The goal of that play is to distract the defenders and create room for the QB to pass the ball. The opponent cannot recognize where the ball is and tackle the wrong player. This distraction has a huge similarity with the way Honeypots work. This is the reason why we chose to map this play onto a Honeypot research environment. Fig. 3 Double Reverse Flea Flicker Moves IV. COMBINING FOOTBALL FORMATIONS and HONEYPOTS Fig. 2 Offensive & Defensive Formation B. Football Defensive Formation The defensive formation consists of five defensive linemen and two Linebacker (LB). The defensive linemen try to attack either the QB or the ball carrier. The LB are there to provide additional support for the defense. Sometimes the LB also try to sack the opposing QB. Ultimately, the goal of the defense is to get the ball and stop the attack. Fig. 2 shows the defense represented as X. C. Double Reverse Flea Flicker The double reverse flea flicker is one of many different football plays. It involves three players, the QB, the RB and Fig. 4 shows how a football formation can be implemented into a research Honeypot environment. As explained in Section 3, Defenders are represented as X s and Attackers are represented as O s. We now map the football formation onto an IT infrastructure whereby the roles change. Now, the Attackers are X s (i.e., they retrieve something) and the Defenders are O s (they protect something). Therefore, in this model the football attackers are playing the role of the defense, while the football defenders play the role of the attackers. The goal now is to protect the ball instead of carrying the ball into the end zone. In our model the ball represents the sensitive data. The Honeypots are masquerading the sensitive data to attract attackers. The defense are protection tools like Firewalls, encryption tools and password protection. The defense protects our infrastructure. This infrastructure consists of three Honeypots (HP1, HP2, and
4 302 Int'l Conf. Security and Management SAM'16 HP3). Since we are working with a research environment, we do not have any production entity. The arrows illustrate unauthorized access. Since every defense mechanism is not completely safe, there may be some traffic coming through the firewall that will access the Honeypots. When this happens, the Honeypots will work together to execute the play in Section 2.3. A. Running the Play in a Honeypot Environment In Fig. 4, HP1 acts like the RB, HP2 acts like the QB and HP3 acts like the ROL. This means, that in the beginning HP2 (i.e., QB) masquerades as a sensitive resource (i.e., ball). So, the attackers try to access HP2. When this happens, we want HP1 to masquerade as a sensitive resource. So, we pass the ball to HP1. This again means that attackers now try to access HP1. Then, we want HP3 to masquerade as a sensitive resource, meaning HP3 becomes the new goal for attackers. Finally, HP2 again masquerades as a sensitive resource. To pass the data between the Honeypots, we will simulate data being active and inactive, which in essence we are not really passing data between the Honeypots. HoneypotManager (HPTM) is a program that sends a message to either activate or deactivate access to sensitive data on HPTS. When data access has been deactivated on a HPTS, then the data access is activated on another HPTS, i.e., data access has moved. HoneypotAttacker (HPTA) is a program that the attacker uses to attempt to access sensitive data on a HPTS. The attacker sends an access message request (i.e., a malicious attack message) to the HPTS. If HPTS has access capability to the sensitive data (i.e., activedata is true), then an active message is generated that contains: A (i.e., access to sensitive data is active), HPTA IP address, the attack message arrival time on HPTS, and the attack message departure time from HPTS. Otherwise, an inactive message is generated that contains: N (i.e., access to sensitive data is not active), HPTA IP address, the attack message arrival time on HPTS, and the attack message departure time from HPTS. B. Experiment We ran our experiment in a test networking lab. To simulate the example in Section IV, we ran HPTS on three computers (i.e., HP1, HP2, and HP3). We ran HPTA on a separate computer to simulate the attacks. On another separate computer, we ran HPTM to activate and deactivate data access on HP1, HP2 and HP3, respectively. For our experiments, HPTS only listens on port Fig. 4 Football Formation mapped in Honeypot Environment V. IMPLEMENTATION and EXPERIMENT We ran an experiment using a framework we implemented in Java 8. A. Implementation To show a proof of concept, we developed the following three programs: HoneypotServer (HPTS) is a program that simulates the honeypot. The program uses a Boolean variable (e.g., activedata) to simulate access to the sensitive data (i.e., the honey). If activedata is true, then the access to sensitive data is available via HPTS; otherwise, if activedata is false, then the sensitive data is currently not available via access of this machine. That is, the sensitive data access has moved to a different machine. This experiment implements Fig. 4. That is, HP2 is initially activated, while HP1 and HP3 are deactivated. The attacker can now search for the active honeypot using HPTA. To accomplish this, the attacker successively tries to connect to the honeypots. Once the attacker finds the active honeypot (i.e., activedata is true), the manager deactivates that honeypot (i.e., activedata is set to false) and then activates the next honeypot in the sequence. Then, the attacker searches for the next active honeypot and the process continues per Fig. 4. Table 1 shows the result from this experiment. The attacker does follow the sequence of the play in Fig. 4 when accessing active data items. As we proposed, we could gather information from the malicious user in Msg 2 at HP2, in Msg 4 at HP1, in Msg 7 at HP3 and in Msg 8 again at HP2. That is, we can gather reconnaissance information from a malicious user at a given machine at a specified time. C. Discussion The experiment shows that our approach is feasible. Our approach provides a guaranteed time interval for which we can evaluate malicious activity. In particular, we can evaluate malicious activity when accessing an active
5 Int'l Conf. Security and Management SAM' honeypot and/or when searching for an active honeypot. Based on Table I, we have extracted a set of active Honeypot access times (1) and a set of time intervals to search for an active Honeypot (2). TABLE I EXPERIMENTAL RESULTS WITH TIMES IN MILLISECONDS Msg# HP# Active IP Address ArrivalTime DepartureTime 1 1 N A N A N N A A We define T FoundHoneypot as a set of access arrival times for which a message arrives at an active Honeypot. We define T SearchingForHoneypot as a set of time intervals in which the attacker is searching for the active Honeypot. 1) T FoundHoneypot = {Msg2.ArrivalTime, Msg4.ArrivalTime, Msg7.ArrivalTime, Msg8.ArrivalTime} 2) T SearchingForHoneypot = {[Msg1.ArrivalTime, Msg2.ArrivalTime], [Msg3.ArrivalTime, Msg4.ArrivalTime], [Msg5.ArrivalTime, Msg7.ArrivalTime]} We defined sets of times which potentially provide more reconnaissance information than conventional Honeypot solutions VI. CONCLUSION We have shown how a football formation can be used to configure a Honeypot environment to gather information about cyber-attacks. We have also provided a proof of concept experiment to show that our approach is feasible. Our novel approach can be used to gather valuable reconnaissance information about single and ultimately coordinated attacks using well established football plays. REFERENCES [1] Cosmell, H. (2011). 9 Football Formations Every Man Should Know. Retrieved February 18, 2016, from [2] Mokube, I., & Adams, M. (2007). Honeypots: Concepts, Approaches, and Challenges. North Carolina: Winston- Salem. [3] Schneier, B. (2000). Secrets and Lies: Digital security in a networked world. New York: John Wiley & Sons. [4] Spitzner, L. (2002). Honeypots: Tracking Hackers. Addison-Wesley Professional. [5] Whitman, M. E., & Mattord, H. J. (2011). Principles of Information Security. Cengage Learning. Future research will show, how organizations may use these sets of times to either prevent attacks and/or catch attackers. We further propose that we can use plays from other sports in a Honeypot environment. ACKNOWLEDGEMENT The authors would like to thank Lt. J. Bernard Brewton for his invaluable help in this paper. The authors would also like to thank Dr. Frank Li, Dr. Jerome Lewis, and the Division of Mathematics and Computer Science for the use of their Networking Lab.
Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationHoneypots. Security on Offense. by Kareem Sumner
Honeypots Security on Offense by Kareem Sumner Agenda Introduction What Are Honeypots? Objectives Successful Deployment Advantages And Disadvantages Types Of Honeypots Honeypot Software Future of Honeypots/Honeynets
More informationOverview of Honeypot Security System for E-Banking
Prajakta Shirbhate, Vaishnavi Dhamankar, Aarti Kshirsagar, Purva Deshpande & Smita Kapse Department of Computer Technology, YCCE, Nagpur, Maharashtra, India E-mail : prajakta.2888@gmail.com, vaishnavi.dhamankar@gmail.com,
More informationVirtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE, T.J.S ENGINEERING COLLEGE
International Journal of Scientific & Engineering Research, Volume 4, Issue 4, April-2013 1492 Virtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE,
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationComparative Study of Different Honeypots System
International Journal of Engineering Research and Development e-issn: 2278-067X, p-issn: 2278-800X, www.ijerd.com Volume 2, Issue 10 (August 2012), PP. 23-27 Ashish Girdhar 1, Sanmeet Kaur 2 1 Student
More informationAttackers Process. Compromise the Root of the Domain Network: Active Directory
Attackers Process Compromise the Root of the Domain Network: Active Directory BACKDOORS STEAL CREDENTIALS MOVE LATERALLY MAINTAIN PRESENCE PREVENTION SOLUTIONS INITIAL RECON INITIAL COMPROMISE ESTABLISH
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationWhat a Honeynet Is H ONEYPOTS
79_HONEY.ch02 Page 9 Thursday, August 9, 2001 10:17 AM 2 What a Honeynet Is H ONEYPOTS The concept of honeypots has been around for years. Simply put, honeypots are systems designed to be compromised by
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationImproving the Effectiveness of Deceptive Honeynets through an Empirical Learning Approach
Improving the Effectiveness of Deceptive Honeynets through an Empirical Learning Approach Nirbhay Gupta School of Computer and Information Science Edith Cowan University, Australia E-mail: nirbhaygupta@yahoo.com
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationHoney Pot Be afraid Be very afraid
Honey Pot Be afraid Be very afraid Presented By Shubha Joshi M.Tech(CS) Problems with internet Why? Problems The Internet security is hard New attacks every day Our computers are static targets What should
More informationJournal Online Jaringan COT POLIPD (JOJAPS) Network Defender with Fake Server: A New Way for Network Protection
JOJAPS eissn 2504-8457 Abstract Journal Online Jaringan COT POLIPD (JOJAPS) Network Defender with Fake Server: A New Way for Network Protection Mohd Tamizan Abu Bakar 1, Mariati bt Mad Samad 1 & Akhyari
More informationFirewall Identification: Banner Grabbing
Honey POt Firewall Identification: Banner Grabbing Banners are messages sent out by network services during the connection to the service. Banners announce which service is running on the system. Banner
More informationDefine information security Define security as process, not point product.
CSA 223 Network and Web Security Chapter One What is information security. Look at: Define information security Define security as process, not point product. Define information security Information is
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationIntrusion Detection and Prevention
Intrusion Detection and Prevention Outlines: Intrusion Tpesof Types Intrusion Intrusion Detection Models Intrusion Prevention Models By: Arash Habibi Lashkari July 2010 Network Security 07 1 Definition
More informationThe Crossed Swords wargame: Catching NATO red teams with cyber deception
The Crossed Swords wargame: Catching NATO red teams with cyber deception 2015-2018 Cymmetria Inc. All rights reserved. 2 BACKSTORY Once a year, the pentesters* and red teams of the countries of NATO descend
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationPND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access
The World s Premier Online Practical Network Defense course PND at a glance: Self-paced, online, flexible access 1500+ interactive slides (PDF, HTML5 and Flash) 5+ hours of video material 10 virtual labs
More informationA fault tolerance honeypots network for securing E-government
A fault tolerance honeypots network for securing E-government Shahriar Mohammadi Bahman Nikkhahan smohammadi40@yahoo.com Nikkhahan@sina.kntu.ac.ir Information Technology Engineering Group, Department of
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin
ARC VIEW FEBRUARY 1, 2018 Critical Industries Need Continuous ICS Security Monitoring By Sid Snitkin Keywords Anomaly and Breach Detection, Continuous ICS Security Monitoring, Nozomi Networks Summary Most
More informationActive defence through deceptive IPS
Active defence through deceptive IPS Authors Apostolis Machas, MSc (Royal Holloway, 2016) Peter Komisarczuk, ISG, Royal Holloway Abstract Modern security mechanisms such as Unified Threat Management (UTM),
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationUsing Game Theory To Solve Network Security. A brief survey by Willie Cohen
Using Game Theory To Solve Network Security A brief survey by Willie Cohen Network Security Overview By default networks are very insecure There are a number of well known methods for securing a network
More informationCyber Security Stress Test SUMMARY REPORT
Cyber Security Stress Test SUMMARY REPORT predict prevent respond detect FINAL SCORE PREDICT: PREVENT: Final score: RESPOND: DETECT: BRILLIANT! You got a 100/100. That's as good as it gets. So take a second
More informationOptimized Packet Filtering Honeypot with Intrusion Detection System for WLAN
Amandeep Singh, Pankush Singla, Navdeep Kaur Khiva 101 Optimized Packet Filtering Honeypot with Intrusion Detection System for WLAN Amandeep Singh Pankush Sukhpreet Singla Singh Navdeep Kaur Khiva Second
More informationOverview Intrusion Detection Systems and Practices
Overview Intrusion Detection Systems and Practices Chapter 13 Lecturer: Pei-yih Ting Intrusion Detection Concepts Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy
More informationSecurity Technologies for Dynamic Collaboration
Special Issue Advanced Technologies Driving Dynamic Collaboration Featuring System Technologies Security Technologies for Dynamic Collaboration By Hiroshi MIYAUCHI,* Ayako KOMATSU, Masato KAWATSU and Masashi
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationDNA Intrusion Detection Methodology. James T. Dollens, Ph.D Cox Road Roswell, GA (678)
DNA Intrusion Detection Methodology by James T. Dollens, Ph.D. 1675 Cox Road Roswell, GA 30075 JTDDGC@aol.com (678) 576-3759 Copyright 2001, 2004 James T. Dollens Page 1 of 1 Introduction Computer viruses,
More informationA Study on Intrusion Detection Techniques in a TCP/IP Environment
A Study on Intrusion Detection Techniques in a TCP/IP Environment C. A. Voglis and S. A. Paschos Department of Computer Science University of Ioannina GREECE Abstract: The TCP/IP protocol suite is the
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationAPPLICATION OF INTRUSION DETECTION SOFTWARE TO PROTECT TELEMETRY DATA IN OPEN NETWORKED COMPUTER ENVIRONMENTS.
APPLICATION OF INTRUSION DETECTION SOFTWARE TO PROTECT TELEMETRY DATA IN OPEN NETWORKED COMPUTER ENVIRONMENTS. Item Type text; Proceedings Authors Kalibjian, Jeffrey R. Publisher International Foundation
More informationCryptography and Network Security
Security Sixth Edition Chapter 1 Introduction Dr. Ahmed Y. Mahmoud Background Information Security requirements have changed in recent times traditionally provided by physical and administrative mechanisms
More informationIntroduction and Statement of the Problem
Chapter 1 Introduction and Statement of the Problem 1.1 Introduction Unlike conventional cellular wireless mobile networks that rely on centralized infrastructure to support mobility. An Adhoc network
More informationInformation precautions using intellectual honeypot instrument
Scientific Journal of Pure and Applied Sciences (2012) 1(3) 84-89 ISSN 2322-2956 Contents lists available at Sjournals Journal homepage: www.sjournals.com Original article Information precautions using
More informationManaging an Active Incident Response Case. Paul Underwood, COO
Managing an Active Incident Response Case Paul Underwood, COO 2 About Us Paul Underwood - COO Emagined Security is a leading professional services firm for Information Security, Privacy & Compliance solutions.
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationSecurity Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management
Seven Habits of Cyber Security for SMEs Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Security Policy is an important
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Intruders & Attacks Cyber criminals Activists State-sponsored organizations Advanced Persistent
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationCSE 127: Computer Security. Security Concepts. Kirill Levchenko
CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify
More informationIntrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng
Intrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Internet Security Mechanisms Prevent: Firewall, IPsec, SSL Detect: Intrusion Detection Survive/ Response:
More informationVulnerabilities. To know your Enemy, you must become your Enemy. Information security: Vulnerabilities & attacks threats. difficult.
Vulnerabilities To know your Enemy, you must become your Enemy. "The Art of War", Sun Tzu André Zúquete Security 1 Information security: Vulnerabilities & attacks threats Discouragement measures difficult
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationOverview. Priorities for Immediate Action with Adaptive Response The top priorities for Adaptive Response are:
Disrupting the Attack Surface Overview The design principles for disrupting the attack surface create a more difficult environment for the adversary, provide defenders with the ability to observe and analyze
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationHYBRID HONEYPOT -SYSTEM FOR PRESERVING PRIVACY IN NETWORKS
HYBRID HONEYPOT -SYSTEM FOR PRESERVING PRIVACY IN NETWORKS K.SURESH, KUSH KUMAR YADAV, R.SRIJIT, KARTHIK.P.BHAT STUDENT 3 rd YEAR - INFORMATION TECHNOLOGY SRI SAIRAM ENGINEERING COLLEGE, WEST TAMBARAM,
More informationKALASALINGAM UNIVERSITY
KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE
More informationBuilt-in functionality of CYBERQUEST
CYBERQUEST Knows everything Built-in functionality of CYBERQUEST Summary Demonstration of CyberQuest functionality E-mail: office@nextgensoftware.solutions Content Intro... 3 Built-in functionality of CYBERQUEST...
More informationInternet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came
Victoria Ellsworth Dr. Ping Li ICTN 4040 04/11/17 Internet of Things (IoT) Attacks The Internet of Things (IoT) is based off a larger concept; the Internet of Things came from idea of the Internet of Everything.
More informationSCP SC Network Defense and Countermeasures (NDC) Exam.
SCP SC0-402 Network Defense and Countermeasures (NDC) Exam TYPE: DEMO http://www.examskey.com/sc0-402.html Examskey SCP SC0-402 exam demo product is here for you to test the quality of the product. This
More informationThe GenCyber Program. By Chris Ralph
The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest
More informationCommunication Pattern Anomaly Detection in Process Control Systems
Communication Pattern Anomaly Detection in Process Control Systems Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. NIDPSs can reliably ascertain if an attack was successful or not. 2. Intrusion detection consists of procedures and systems that identify system intrusions
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationChameleon. Automatic Generation of Low-Interaction Web Honeypots. Marius Musch (TU Braunschweig) Martin Härterich (SAP SE)
Chameleon Automatic Generation of Low-Interaction Web Honeypots Image by Shobhan Tudu (Own work) [CC BY-SA 4.0], via Wikimedia Commons Marius Musch (TU Braunschweig) Martin Härterich (SAP SE) Agenda Honeypots
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationA Distributed Intrusion Alert System
A Distributed Intrusion Alert System Chih-Yao Lin, Hsiang-Ren Shih, and Yomin Hou Taiwan National Computer Emergency Response Team {chinyao, shr, yominhou}@twncert.org.tw Abstract In this paper, a distributed
More informationStudy on Computer Network Technology of Digital Library
International Symposium on Computers & Informatics (ISCI 2015) Study on Computer Network Technology of Digital Library Yanming Sui LinYi University, Linyi, China suiyanming@lyu.edu.cn Abstract With the
More informationDefending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks
Defending Against Unkown Automation is the Key Rajesh Kumar Juniper Networks When and not if you will get attacked! ON AVERAGE, ATTACKERS GO UNDETECTED FOR OVER 229 DAYS Root cause of Security Incidents
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : HP0-Y24 Title : Securing HP ProCurve Networks Vendors : HP Version : DEMO Get Latest
More informationTrain employees to avoid inadvertent cyber security breaches
Train employees to avoid inadvertent cyber security breaches TRAIN EMPLOYEES TO AVOID INADVERTENT CYBER SECURITY BREACHES PAGE 2 How much do you know about cyber security? Small business owners often lack
More informationHillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis
Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,
More informationDDS Honeypots Data Analysis. Ayşe Simge ÖZGER - Cyber Security Engineer Emre ÖVÜNÇ - Cyber Security Engineer Umut BAŞARAN - Software Engineer
DDS Honeypots Data Analysis Ayşe Simge ÖZGER - Cyber Security Engineer Emre ÖVÜNÇ - Cyber Security Engineer Umut BAŞARAN - Software Engineer 05.06.2017 Content Content... 1 1. Introduction... 1 1.1. What
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationYou will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.
IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary
More informationPRACTICAL NETWORK DEFENSE VERSION 1
PRACTICAL NETWORK DEFENSE VERSION 1 The world s premiere online practical network defense course elearnsecurity has been chosen by students in over 140 countries in the world and by leading organizations
More informationand the Forensic Science CC Spring 2007 Prof. Nehru
and the Introduction The Internet, (Information superhighway), has opened a medium for people to communicate and to access millions of pieces of information from computers located anywhere on the globe.
More informationArtificial Intelligence Drives the next Generation of Internet Security
Artificial Intelligence Drives the next Generation of Internet Security Sam Lee Regional Director sam.lee@cujo.com Copyright 2017 CUJO LLC, All rights reserved. Artificial Intelligence Leads the Way Copyright
More informationMeans for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content
Intrusion Detection INFO404 - Lecture 13 21.04.2009 nfoukia@infoscience.otago.ac.nz Content Definition Network vs. Host IDS Misuse vs. Behavior Based IDS Means for Intrusion Detection Definitions (1) Intrusion:
More informationA Novel Approach to Detect and Prevent Known and Unknown Attacks in Local Area Network
International Journal of Wireless Communications, Networking and Mobile Computing 2016; 3(4): 43-47 http://www.aascit.org/journal/wcnmc ISSN: 2381-1137 (Print); ISSN: 2381-1145 (Online) A Novel Approach
More informationHONEYNET SOLUTIONS. A deployment guide 1. INTRODUCTION. Ronald C Dodge JR, Richard T Brown, Daniel J Ragsdale
HONEYNET SOLUTIONS A deployment guide Ronald C Dodge JR, Richard T Brown, Daniel J Ragsdale United States Military Academy Abstract: Key words: Honeynets provide network and system managers a unique intrusion
More informationIntrusion Detection Types
Intrusion Detection Continued Tom Longstaff SM Software Engineering Institute Pittsburgh PA 1521 The is sponsored by the Advanced Research Projects Agency (ARPA). The Software Engineering Institute is
More informationWireless Attacks and Countermeasures
Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationEthical Hacking and Countermeasures: Attack Phases, Second Edition. Chapter 1 Introduction to Ethical Hacking
Ethical Hacking and Countermeasures: Attack Phases, Second Edition Chapter 1 Introduction to Ethical Hacking Objectives After completing this chapter, you should be able to: Understand the importance of
More informationempow s Security Platform The SIEM that Gives SIEM a Good Name
empow s Security Platform The SIEM that Gives SIEM a Good Name Donnelley Financial Solutions empow s platform is unique in the security arena it makes all the tools in our arsenal work optimally and in
More informationCYBERSECURITY PENETRATION TESTING - INTRODUCTION
CYBERSECURITY PENETRATION TESTING - INTRODUCTION Introduction Pen-testing 101 University Focus Our Environment Openness and learning Sharing and collaboration Leads to Security Weaknesses What is Penetration
More informationOA Cyber Security Plan FY 2018 (Abridged)
OA Cyber Security Plan FY 2018 (Abridged) 1 Table of Contents Vision... 3 Goals, Strategies, and Tactics... 5 Goal #1: Create a Culture that Fosters the Adoption of Cyber Security Best Practices... 5 1.1
More informationCISNTWK-440. Chapter 5 Network Defenses
CISNTWK-440 Intro to Network Security Chapter 5 Network Defenses 1 Objectives Explain how to enhance security through network design Define network address translation and network access control List the
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationTo Catch A Thief. Sam Curry Chief Technology Officer RSA, The Security Division of EMC
To Catch A Thief Sam Curry Chief Technology Officer RSA, The Security Division of EMC 2 Security is about Security isn t about security. It is about managing risk at some cost. In the absence of metrics,
More informationMIS Class 2. The Threat Environment
MIS 5214 Class 2 The Threat Environment Agenda In the News Models Risk Hackers Vulnerabilities Information System Categorization Risk Assessment Exercise Conceptual Modeling and Information Systems In
More informationHONEYPOT BASED INTRUSION MANAGEMENT SYSTEM: FROM A PASSIVE ARCHITECTURE TO AN IPS SYSTEM
HONEYPOT BASED INTRUSION MANAGEMENT SYSTEM: FROM A PASSIVE ARCHITECTURE TO AN IPS SYSTEM 1 ELMEHDI BENDRISS, 2 BOUBKER REGRAGUI 1 SI3M, ENSIAS 2 SI3M, ENSIAS E-mail: 1 bendriss@gmail.com, 2 regragui@ensias.ma
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationIntruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:
Intruders significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders: masquerader misfeasor clandestine user varying levels of competence
More informationThis shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict
1 This shows a typical architecture that enterprises use to secure their networks: The network is divided into a number of segments Firewalls restrict access between segments This creates a layered defense
More informationIntroduction Honeynets/pots - Types and variation Honeynets/pots - Advantages/Disadvantages Conclusion Q and A Diagrams. Honeynets
Introduction /pots - Types and variation /pots - Advantages/Disadvantages Conclusion Q and A Diagrams Introduction to Honeypot/Honeynet technologies and Its Historical Perspective January 21, 2011 Introduction
More informationIJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology
ISSN 2229-5518 321 Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology Abstract - Nowadays all are working with cloud Environment(cloud
More information