Foreword by Todd Heberlein
|
|
- Andrew Jefferson
- 6 years ago
- Views:
Transcription
1 ConteNTS in Detail About the Author Foreword by Todd Heberlein xvii xix Preface xxv Audience... xxvi Prerequisites... xxvii A Note on Software and Protocols... xxvii Scope.... xxviii Acknowledgments... xxix Part I Getting Started 1 Network Security Monitoring Rationale 3 An Introduction to NSM... 4 Does NSM Prevent Intrusions?... 5 What Is the Difference Between NSM and Continuous Monitoring? How Does NSM Compare with Other Approaches?... 9 Why Does NSM Work? How NSM Is Set Up When NSM Won t Work Is NSM Legal? How Can You Protect User Privacy During NSM Operations? A Sample NSM Test The Range of NSM Data Full Content Data Extracted Content Data Session Data Transaction Data Statistical Data Metadata Alert Data What s the Point of All This Data? NSM Drawbacks Where Can I Buy NSM? Where Can I Go for Support or More Information? Conclusion... 32
2 2 Collecting Network Traffic: Access, Storage, and Management 33 A Sample Network for a Pilot NSM System Traffic Flow in a Simple Network Possible Locations for NSM IP Addresses and Network Address Translation Net Blocks IP Address Assignments Address Translation Choosing the Best Place to Obtain Network Visibility Location for DMZ Network Traffic Locations for Viewing the Wireless and Internal Network Traffic Getting Physical Access to the Traffic Using Switches for Traffic Monitoring Using a Network Tap Capturing Traffic Directly on a Client or Server Choosing an NSM Platform Ten NSM Platform Management Recommendations Conclusion Part II Security Onion Deployment 3 Stand-alone NSM Deployment and Installation 55 Stand-alone or Server Plus Sensors? Choosing How to Get SO Code onto Hardware Installing a Stand-alone System Installing SO to a Hard Drive Configuring SO Software Choosing the Management Interface Installing the NSM Software Components Checking Your Installation Conclusion Distributed Deployment 75 Installing an SO Server Using the SO.iso Image SO Server Considerations Building Your SO Server Configuring Your SO Server Installing an SO Sensor Using the SO.iso Image Configuring the SO Sensor Completing Setup Verifying that the Sensors Are Working Verifying that the Autossh Tunnel Is Working x Contents in Detail
3 Building an SO Server Using PPAs Installing Ubuntu Server as the SO Server Operating System Choosing a Static IP Address Updating the Software Beginning MySQL and PPA Setup on the SO Server Configuring Your SO Server via PPA Building an SO Sensor Using PPAs Installing Ubuntu Server as the SO Sensor Operating System Configuring the System as a Sensor Running the Setup Wizard Conclusion SO Platform Housekeeping 99 Keeping SO Up-to-Date Updating via the GUI Updating via the Command Line Limiting Access to SO Connecting via a SOCKS Proxy Changing the Firewall Policy Managing SO Data Storage Managing Sensor Storage Checking Database Drive Usage Managing the Sguil Database Tracking Disk Usage Conclusion Part III Tools 6 Command Line Packet Analysis Tools 113 SO Tool Categories SO Data Presentation Tools SO Data Collection Tools SO Data Delivery Tools Running Tcpdump Displaying, Writing, and Reading Traffic with Tcpdump Using Filters with Tcpdump Extracting Details from Tcpdump Output Examining Full Content Data with Tcpdump Using Dumpcap and Tshark Running Tshark Running Dumpcap Running Tshark on Dumpcap s Traffic Using Display Filters with Tshark Tshark Display Filters in Action Contents in Detail xi
4 Running Argus and the Ra Client Stopping and Starting Argus The Argus File Format Examining Argus Data Conclusion Graphical Packet Analysis Tools 135 Using Wireshark Running Wireshark Viewing a Packet Capture in Wireshark Modifying the Default Wireshark Layout Some Useful Wireshark Features Using Xplico Running Xplico Creating Xplico Cases and Sessions Processing Network Traffic Understanding the Decoded Traffic Getting Metadata and Summarizing Traffic Examining Content with NetworkMiner Running NetworkMiner Collecting and Organizing Traffic Details Rendering Content Conclusion NSM Consoles 159 An NSM-centric Look at Network Traffic Using Sguil Running Sguil Sguil s Six Key Functions Using Squert Using Snorby Using ELSA Conclusion Part Iv NSM in Action 9 NSM Operations 185 The Enterprise Security Cycle The Planning Phase The Resistance Phase The Detection and Response Phases xii Contents in Detail
5 Collection, Analysis, Escalation, and Resolution Collection Analysis Escalation Resolution Remediation Using NSM to Improve Security Building a CIRT Conclusion Server-side Compromise 207 Server-side Compromise Defined Server-side Compromise in Action Starting with Sguil Querying Sguil for Session Data Returning to Alert Data Reviewing Full Content Data with Tshark Understanding the Backdoor What Did the Intruder Do? What Else Did the Intruder Do? Exploring the Session Data Searching Bro DNS Logs Searching Bro SSH Logs Searching Bro FTP Logs Decoding the Theft of Sensitive Data Extracting the Stolen Archive Stepping Back Summarizing Stage Summarizing Stage Next Steps Conclusion Client-side Compromise 235 Client-side Compromise Defined Client-side Compromise in Action Getting the Incident Report from a User Starting Analysis with ELSA Looking for Missing Traffic Analyzing the Bro dns.log File Checking Destination Ports Examining the Command-and-Control Channel Initial Access Improving the Shell Summarizing Stage Pivoting to a Second Victim Installing a Covert Tunnel Contents in Detail xiii
6 Enumerating the Victim Summarizing Stage Conclusion Extending SO 263 Using Bro to Track Executables Hashing Downloaded Executables with Bro Submitting a Hash to VirusTotal Using Bro to Extract Binaries from Traffic Configuring Bro to Extract Binaries from Traffic Collecting Traffic to Test Bro Testing Bro to Extract Binaries from HTTP Traffic Examining the Binary Extracted from HTTP Testing Bro to Extract Binaries from FTP Traffic Examining the Binary Extracted from FTP Submitting a Hash and Binary to VirusTotal Restarting Bro Using APT1 Intelligence Using the APT1 Module Installing the APT1 Module Generating Traffic to Test the APT1 Module Testing the APT1 Module Reporting Downloads of Malicious Binaries Using the Team Cymru Malware Hash Registry The MHR and SO: Active by Default The MHR and SO vs. a Malicious Download Identifying the Binary Conclusion Proxies and Checksums 289 Proxies Proxies and Visibility Dealing with Proxies in Production Networks Checksums A Good Checksum A Bad Checksum Identifying Bad and Good Checksums with Tshark How Bad Checksums Happen Bro and Bad Checksums Setting Bro to Ignore Bad Checksums Conclusion Conclusion 303 Cloud Computing Cloud Computing Challenges Cloud Computing Benefits xiv Contents in Detail
7 Workflow, Metrics, and Collaboration Workflow and Metrics Collaboration Conclusion Appendix SO Scripts and Configuration 311 SO Control Scripts /usr/sbin/nsm /usr/sbin/nsm_all_del /usr/sbin/nsm_all_del_quick /usr/sbin/nsm_sensor /usr/sbin/nsm_sensor_add /usr/sbin/nsm_sensor_backup-config /usr/sbin/nsm_sensor_backup-data /usr/sbin/nsm_sensor_clean /usr/sbin/nsm_sensor_clear /usr/sbin/nsm_sensor_del /usr/sbin/nsm_sensor_edit /usr/sbin/nsm_sensor_ps-daily-restart /usr/sbin/nsm_sensor_ps-restart /usr/sbin/nsm_sensor_ps-start /usr/sbin/nsm_sensor_ps-status /usr/sbin/nsm_sensor_ps-stop /usr/sbin/nsm_server /usr/sbin/nsm_server_add /usr/sbin/nsm_server_backup-config /usr/sbin/nsm_server_backup-data /usr/sbin/nsm_server_clear /usr/sbin/nsm_server_del /usr/sbin/nsm_server_edit /usr/sbin/nsm_server_ps-restart /usr/sbin/nsm_server_ps-start /usr/sbin/nsm_server_ps-status /usr/sbin/nsm_server_ps-stop /usr/sbin/nsm_server_sensor-add /usr/sbin/nsm_server_sensor-del /usr/sbin/nsm_server_user-add SO Configuration Files /etc/nsm/ /etc/nsm/administration.conf /etc/nsm/ossec/ /etc/nsm/pulledpork/ /etc/nsm/rules/ /etc/nsm/securityonion/ /etc/nsm/securityonion.conf /etc/nsm/sensortab /etc/nsm/servertab /etc/nsm/templates/ /etc/nsm/$hostname-$interface/ /etc/cron.d/ Contents in Detail xv
8 Bro CapMe ELSA Squert Snorby Syslog-ng /etc/network/interfaces Updating SO Updating the SO Distribution Updating MySQL INDEX 335 xvi Contents in Detail
CNIT 50: Network Security Monitoring. 6 Command Line Packet Analysis Tools
CNIT 50: Network Security Monitoring 6 Command Line Packet Analysis Tools Topics SO Tool Categories Running Tcpdump Using Dumpcap and Tshark Running Argus and the Ra Client SO Tool Categories Three Types
More informationNetwork Security Monitoring (NSM) Using
Network Security Monitoring (NSM) Using James Kirn 9/20/17 Based on Material from Doug Burks Presentation 2014_017_001_90218 North West Chicagoland Linux User Group (NWCLUG) -10.2017 1 Problem All our
More informationTHE PRACTICE OF NETWORK SECURITY MONITORING
THE PRACTICE OF NETWORK SECURITY MONITORING U N D E R S T A N D I N G A N D INCIDENT DETECTION RESPONSE RICHARD BEJTLICH An invaluable resource for anyone detecting and responding to security breaches.
More informationCNIT 50: Network Security Monitoring. 2. Collecting Network Traffic: Access, Storage, and Management
CNIT 50: Network Security Monitoring 2. Collecting Network Traffic: Access, Storage, and Management Topics A Sample Network for a Pilot NSM System IP Addresses and Network Address Translation Choosing
More informationCNIT 121: Computer Forensics. 9 Network Evidence
CNIT 121: Computer Forensics 9 Network Evidence The Case for Network Monitoring Types of Network Monitoring Types of Network Monitoring Event-based alerts Snort, Suricata, SourceFire, RSA NetWitness Require
More informationCROSS-REFERENCE TABLE ASME A Including A17.1a-1997 Through A17.1d 2000 vs. ASME A
CROSS-REFERENCE TABLE ASME Including A17.1a-1997 Through A17.1d 2000 vs. ASME 1 1.1 1.1 1.1.1 1.2 1.1.2 1.3 1.1.3 1.4 1.1.4 2 1.2 3 1.3 4 Part 9 100 2.1 100.1 2.1.1 100.1a 2.1.1.1 100.1b 2.1.1.2 100.1c
More informationContents in Detail. Acknowledgments
Acknowledgments xix Introduction What s in This Book... xxii What Is Ethical Hacking?... xxiii Penetration Testing... xxiii Military and Espionage... xxiii Why Hackers Use Linux... xxiv Linux Is Open Source....
More informationDefense Wins Championships. April 16, 2014 For Educational Purposes Only
Defense Wins Championships April 16, 2014 For Educational Purposes Only For Educational Purposes Only Defense Wins Championships The threat landscape is constantly changing and being able to detect malicious
More informationGE s Enterprise Sensor Grid
GE s Enterprise Sensor Grid It s not the size of your network, it s how well you monitor it. David J. Bianco Incident Handler GE-CIRT David.Bianco@ge.com [Network Security Monitoring is] the collection,
More informationPreface. Richard Bejtlich and Bamm Visscher 1
Network security monitoring (NSM) is the collection, analysis, and escalation of indications and warnings (I&W) to detect and respond to intrusions. Richard Bejtlich and Bamm Visscher 1 Welcome to The
More information"Charting the Course... SharePoint 2007 Hands-On Labs Course Summary
Course Summary Description This series of 33 hands-on labs allows students to explore the new features of Microsoft SharePoint Server, Microsoft Windows, Microsoft Office, including Microsoft Office Groove,
More informationCNIT 50: Network Security Monitoring. 9 NSM Operations
CNIT 50: Network Security Monitoring 9 NSM Operations Topics The Enterprise Security Cycle Collection, Analysis, Escalation, and Resolution Remediation Introduction Methodology is more important than tools
More informationIntroduction to Windchill PDMLink 10.2 for the Implementation Team
Introduction to Windchill PDMLink 10.2 for the Implementation Team Overview Course Code Course Length TRN-4262-T 2 Days In this course, you will learn how to complete basic Windchill PDMLink functions.
More informationCIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems Intrusion Detection CIT 480: Securing Computer Systems Slide #1 Topics 1. Definitions and Goals 2. Models of Intrusion Detection 3. False Positives 4. Architecture of
More informationNetwork Security Monitoring: An Open Community Approach
Network Security Monitoring: An Open Community Approach IUP- Information Assurance Day, 2011 Greg Porter 11/10/11 Agenda Introduction Current State NSM & Open Community Options Conclusion 2 Introduction
More informationForeword xxiii Preface xxvii IPv6 Rationale and Features
Contents Foreword Preface xxiii xxvii 1 IPv6 Rationale and Features 1 1.1 Internet Growth 1 1.1.1 IPv4 Addressing 1 1.1.2 IPv4 Address Space Utilization 3 1.1.3 Network Address Translation 5 1.1.4 HTTP
More informationTechnical Brief. Network Port & Routing Requirements Active Circle 4.5 May Page 1 sur 15
Technical Brief Network Port & Routing Requirements Active Circle 4.5 May 2017 Page 1 sur 15 INDEX 1. INTRODUCTION... 3 1.1. SCOPE OF THE DOCUMENT... 3 1.2. AUDIENCE... 3 1.3. ORGANIZATION OF THE INFORMATION...
More informationNetwork Intrusion Analysis (Hands on)
Network Intrusion Analysis (Hands on) TCP/IP protocol suite is the core of the Internet and it is vital to understand how it works together, its strengths and weaknesses and how it can be used to detect
More informationOracle Exadata Recipes
Oracle Exadata Recipes A Problem-Solution Approach John Clarke Apress- Contents About the Author About the Technical Reviewer Acknowledgments Introduction xxxiii xxxv xxxvii xxxix Part 1: Exadata Architecture
More informationIncorporating Network Flows in Intrusion Incident Handling and Analysis
Regional Visualization and Analytics Center Incorporating Network Flows in Intrusion Incident Handling and Analysis John Gerth Stanford University gerth@stanford.edu FloCon 2008 1 EE/CS Network Infrastructure
More informationINFORMATION HIDING IN COMMUNICATION NETWORKS
0.8125 in Describes information hiding in communication networks, and highlights its important issues, challenges, trends, and applications. Highlights development trends and potential future directions
More informationIT 341 Introduction to System Administration Project I Installing Ubuntu Server on an Virtual Machine
IT 341 Introduction to System Administration Project I Installing Ubuntu Server on an Virtual Machine Here we create a new virtual machine and install Ubuntu 12.04 LTS Server on it. In this instance, we
More informationIT 341 Introduction to System Administration Project I Installing Ubuntu Server on an Virtual Machine
IT 341 Introduction to System Administration Project I Installing Ubuntu Server on an Virtual Machine Here we create a new virtual machine and install Ubuntu 16.04 LTS Server on it. In this instance, we
More informationIncident Play Book: Phishing
Incident Play Book: Phishing Issue: 1.0 Issue Date: September 12, 2017 Copyright 2017 Independent Electricity System Operator. Some Rights Reserved. The following work is licensed under the Creative Commons
More informationHome-Grown Cyber Security
Home-Grown Cyber Security John B. Folkerts, CISSP https://www.linkedin.com/in/john-b-folkerts About Me 20 years doing Information Security, Architecture, and Risk Management in large enterprise environments
More informationTHE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson
THE RSA NETWITNESS SUITE REINVENT YOUR SIEM Presented by: Walter Abeson 1 Reality Goals GOALS VERSUS REALITY OF SIEM 1.0 Single compliance & security interface Analyze & prioritize alerts across various
More informationBrief Contents. Acknowledgments... xv. Introduction...xvii. Chapter 1: Packet Analysis and Network Basics Chapter 2: Tapping into the Wire...
Brief Contents Acknowledgments... xv Introduction...xvii Chapter 1: Packet Analysis and Network Basics... 1 Chapter 2: Tapping into the Wire... 17 Chapter 3: Introduction to Wireshark... 37 Chapter 4:
More informationWireshark 101 Essential Skills for Network Analysis 2 nd Edition
Wireshark 101 Essential Skills for Network Analysis 2 nd Edition Always ensure you have proper authorization before you listen to and capture network traffic. Protocol Analysis Institute, Inc 59 Damonte
More informationLogging and Log Management
Logging and Log Management The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management Dr. Anton A. Chuvakin Kevin J. Schmidt Christopher Phillips Partricia Moulder, Technical
More informationAnalyzing Huge Data for Suspicious Traffic. Christian Landström, Airbus DS
Analyzing Huge Data for Suspicious Traffic Christian Landström, Airbus DS Topics - Overview on security infrastructure - Strategies for network defense - A look at malicious traffic incl. Demos - How Wireshark
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationHoneynet Weekly Report Canadian Institute for Cybersecurity (CIC)
Report (11) Captured from 04-05-2018 to 18-05-2018 1-Introduction The first honeypot studies released by Clifford Stoll in 1990, and from April 2008 the Canadian Honeynet chapter was founded at the University
More informationConfiguring F5 for SSL Intercept
Configuring F5 for Welcome to the F5 deployment guide for configuring the BIG-IP system for SSL intercept (formerly called with Air Gap Egress Inspection). This document contains guidance on configuring
More informationVMware - vsphere INSTALL & CONFIGURE BEYOND INTRODUCTION V1.3
VMware - vsphere INSTALL & CONFIGURE BEYOND INTRODUCTION V1.3 A complete course for all beginning and intermediate students with over 70% of all materials devoted to Live Labs. Students will complete the
More informationIntroduction to Creo Elements/Direct 19.0 Modeling
Introduction to Creo Elements/Direct 19.0 Modeling Overview Course Code Course Length TRN-4531-T 3 Day In this course, you will learn the basics about 3-D design using Creo Elements/Direct Modeling. You
More informationForensic Network Analysis in the Time of APTs
SharkFest 16 Forensic Network Analysis in the Time of APTs June 16th 2016 Christian Landström Senior IT Security Consultant Airbus Defence and Space CyberSecurity Topics - Overview on security infrastructure
More informationCourse Outline. ProTech Professional Technical Services, Inc. Veritas Backup Exec 20.1: Administration. Course Summary.
Course Summary Description The course is designed for the data protection professional tasked with architecting, implementing, backing up, and restoring critical data. This class covers how to back up
More information"Charting the Course... Java Programming Language. Course Summary
Course Summary Description This course emphasizes becoming productive quickly as a Java application developer. This course quickly covers the Java language syntax and then moves into the object-oriented
More informationNetwork Traffic Exploration Application. Presented By Grant Vandenberghe. (613)
Network Traffic Exploration Application Presented By Grant Vandenberghe Grant.Vandenberghe@drdc-rddc.gc.ca (613) 991-6464 Defence Research and! Development Canada Recherche et développement! pour la défense
More informationHoneynet Weekly Report Canadian Institute for Cybersecurity (CIC)
Report (13) Captured from 01-06-2018 to 15-06-2018 1-Introduction The first honeypot studies were released by Clifford Stoll in 1990 in his book The Cuckoo s Egg. Since then the demand for honeypot technology
More informationAdministration of Symantec Cyber Security Services (July 2015) Sample Exam
Administration of Symantec Cyber Security Services (July 2015) Sample Exam Contents SAMPLE QUESTIONS... 1 ANSWERS... 6 Sample Questions 1. Which DeepSight Intelligence Datafeed can be used to create a
More informationContents at a Glance
Contents at a Glance Introduction 1 I The Essentials of Network Perimeter Security 1 Perimeter Security Fundamentals 7 2 Packet Filtering 23 3 Stateful Firewalls 55 4 Proxy Firewalls 87 5 Security Policy
More informationAdministrator's Guide
Administrator's Guide Bitdefender Management Server 3.6 Administrator's Guide Publication date 2013.04.30 Copyright 2013 Bitdefender Legal Notice All rights reserved. No part of this book may be reproduced
More informationHoneynet Weekly Report Canadian Institute for Cybersecurity (CIC)
Report (20) Captured from 21-09-2018 to 05-10-2018 1-Introduction The first honeypot studies were released by Clifford Stoll in 1990 in his book The Cuckoo s Egg. Since then the demand for honeypot technology
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationHoneynet Weekly Report Canadian Institute for Cybersecurity (CIC)
Report (14) Captured from 15-06-2018 to 29-06-2018 1-Introduction The first honeypot studies were released by Clifford Stoll in 1990 in his book The Cuckoo s Egg. Since then the demand for honeypot technology
More informationSobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.
Sobering statistics The frequency and sophistication of cybersecurity attacks are getting worse. 146 >63% $500B $3.8M The median # of days that attackers reside within a victim s network before detection
More informationCONTENTS IN DETAIL ACKNOWLEDGMENTS INTRODUCTION 1 PACKET ANALYSIS AND NETWORK BASICS 1 2 TAPPING INTO THE WIRE 17 3 INTRODUCTION TO WIRESHARK 35
CONTENTS IN DETAIL ACKNOWLEDGMENTS xv INTRODUCTION xvii Why This Book?...xvii Concepts and Approach...xviii How to Use This Book... xix About the Sample Capture Files... xx The Rural Technology Fund...
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationForeword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1
Brief Contents Foreword by Katie Moussouris.... xv Acknowledgments... xvii Introduction...xix Chapter 1: The Basics of Networking... 1 Chapter 2: Capturing Application Traffic... 11 Chapter 3: Network
More informationContents in Detail. Foreword by Peter Van Eeckhoutte
Contents in Detail Foreword by Peter Van Eeckhoutte xix Acknowledgments xxiii Introduction xxv A Note of Thanks.... xxvi About This Book.... xxvi Part I: The Basics.... xxvii Part II: Assessments.........................................
More informationFile Reputation Filtering and File Analysis
This chapter contains the following sections: Overview of, page 1 Configuring File Reputation and Analysis Features, page 5 File Reputation and File Analysis Reporting and Tracking, page 14 Taking Action
More informationAUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response
AUTHENTICATION Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response Who we are Eric Scales Mandiant Director IR, Red Team, Strategic Services Scott Koller
More informationCertificate Program. Introduction to Microsoft Excel 2013
Certificate Program We offer online education programs designed to provide the workforce skills necessary to enter a new field or advance your current career. Our Online Career Training Programs in the
More informationCS 716: Introduction to communication networks. Instructor: Sridhar Iyer Demo by: Swati Patil IIT Bombay
CS 716: Introduction to communication networks - 16 th class; 28 th Sept 2011 Instructor: Sridhar Iyer Demo by: Swati Patil IIT Bombay What is IP address An identifier for a computer or device on a TCP/IP
More informationCOPYRIGHTED MATERIAL. Contents
Contents Introduction... xxi Chapter 1 Installing Windows Small Business Server 2008...1 Windows Small Business Server 2008 Overview...1 What s Included in SBS 2008?...2 Limitations of Small Business Server
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationOracle WebLogic Server 12c: Administration I
Oracle WebLogic Server 12c: Administration I Duration 5 Days What you will learn This Oracle WebLogic Server 12c: Administration I training teaches you how to install and configure Oracle WebLogic Server
More informationContents at a Glance COPYRIGHTED MATERIAL. Introduction...1 Part I: Becoming Familiar with Enterprise Linux...7
Contents at a Glance Introduction...1 Part I: Becoming Familiar with Enterprise Linux...7 Chapter 1: Getting Acquainted with Enterprise Linux...9 Chapter 2: Exploring the Desktop...17 Chapter 3: Putting
More informationSecurity Standards for Information Systems
Security Standards for Information Systems Area: Information Technology Services Number: IT-3610-00 Subject: Information Systems Management Issued: 8/1/2012 Applies To: University Revised: 4/1/2015 Sources:
More informationCyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationAt a Glance. Introducing Security Metrics
At a Glance PART I Introducing Security Metrics 1 What Is a Security Metric?... 3 2 Designing Effective Security Metrics... 25 3 Understanding Data... 55 Case Study 1: In Search of Enterprise Metrics...
More informationAN IMPLEMENTATION OF INTRUSION DETECTION AND PREVENTION SYSTEMS
AN IMPLEMENTATION OF INTRUSION DETECTION AND PREVENTION SYSTEMS Dr. G.N.K.Suresh Babu 1, Dr. M. Kumarasamy 2 1 Professor, Department of Computer Science, Acharya Institute of Technology, Bangalore 2 Professor,
More informationIntrusion Detection. Comp Sci 3600 Security. Introduction. Analysis. Host-based. Network-based. Distributed or hybrid. ID data standards.
or Detection Comp Sci 3600 Security Outline or 1 2 3 4 5 or 6 7 8 Classes of or Individuals or members of an organized crime group with a goal of financial reward Their activities may include: Identity
More informationintelop Stealth IPS false Positive
There is a wide variety of network traffic. Servers can be using different operating systems, an FTP server application used in the demilitarized zone (DMZ) can be different from the one used in the corporate
More information"Charting the Course to Your Success!" MOC Planning, Deploying and Managing Microsoft System Center Service Manager 2010.
Description Course Summary This course provides students with knowledge and skills to install and configure System Center. The course focuses on implementing, configuring and integrating with other System
More information"Charting the Course to Your Success!" MOC D Administering System Center 2012 Configuration Manager. Course Summary
Description Course Summary This course describes how to configure and manage a site and its associated site systems. The course focuses on day-to-day management tasks for. Objectives At the end of this
More informationIntroduction to PTC Windchill ProjectLink 11.0
Introduction to PTC Windchill ProjectLink 11.0 Overview Course Code Course Length TRN-4756-T 8 Hours In this course, you will learn how to participate in and manage projects using Windchill ProjectLink
More informationIntroduction. Assessment Test. Chapter 1 Introduction to Performance Tuning 1. Chapter 2 Sources of Tuning Information 33
Contents at a Glance Introduction Assessment Test xvii xxvii Chapter 1 Introduction to Performance Tuning 1 Chapter 2 Sources of Tuning Information 33 Chapter 3 SQL Application Tuning and Design 85 Chapter
More information"Charting the Course... MOC A Planning, Deploying and Managing Microsoft Forefront TMG Course Summary
Description Course Summary The goal of this three-day instructor-led course is to provide students with the knowledge and skills necessary to effectively plan, deploy and manage Microsoft Forefront Threat
More informationForeScout CounterACT. Configuration Guide. Version 1.2
ForeScout CounterACT Core Extensions Module: NetFlow Plugin Version 1.2 Table of Contents About NetFlow Integration... 3 How it Works... 3 Supported NetFlow Versions... 3 What to Do... 3 Requirements...
More informationWireshark. Why we need to capture packet & how it s related to security? 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:
Wireshark 25-29 June 2018 PacNOG 22, Honiara, Solomon Islands Supported by: Issue Date: Revision: 1 Why we need to capture packet & how it s related to security? 1 tcpdump Definition tcpdump is a utility
More informationMobile Device Security
Mobile Device Security A Comprehensive Guide to Securing Your Information in a Moving World STEPHEN FRIED icfl CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the
More informationNetwork Traffic Analysis - Course Outline
Network Traffic Analysis - Course Outline This course is designed for system/network administrations with an overall understanding of computer networking. At the end of this course, students will have
More informationContents. Structure. The Web Site. References. Acknowledgments. Part I The Risk-Based Testing Approach 1. 1 Introduction to Risk-Based Testing 3
Contents Preface Audience Structure The Web Site References Acknowledgments xix xxi xxi xxv xxv xxvii Part I The Risk-Based Testing Approach 1 1 Introduction to Risk-Based Testing 3 Risky Project Foundations
More informationMcAfee Network Security Platform Administration Course
McAfee Network Security Platform Administration Course Education Services administration course The McAfee Network Security Platform Administration course from McAfee Education Services is an essential
More informationLab 1: Creating Secure Architectures (Revision)
Lab 1: Creating Secure Architectures (Revision) A Challenge Our challenge is to setup MyBank Incorp, where each of you will be allocated a network and hosts to configure and get on-line (Figure 1). For
More informationA Web-Based Introduction
A Web-Based Introduction to Programming Essential Algorithms, Syntax, and Control Structures Using PHP, HTML, and MySQL Third Edition Mike O'Kane Carolina Academic Press Durham, North Carolina Contents
More informationLecture 08: When disaster strikes and all else fails
Lecture 08: When disaster strikes and all else fails Hands-on Unix system administration DeCal 2012-10-22 1 / 27 Projects groups of four people submit one form per group with proposed project ideas and
More informationNetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.
NetWitness Overview 1 The Current Scenario APT Network Security Today Network-layer / perimeter-based Dependent on signatures, statistical methods, foreknowledge of adversary attacks High failure rate
More informationSafehome Project. Analysis Model Prepared by Inyoung Kim Donghan Jang <TEAM 6> KAIST CS350 Introduction to Software Engineering
Safehome Project Analysis Model 2015.5.6 Prepared by Inyoung Kim Donghan Jang KAIST CS350 Introduction to Software Engineering 1 Bootup Feature 1.1 Use case diagram Picture 1: Bootup use case
More informationCisco Cloud Security. How to Protect Business to Support Digital Transformation
Cisco Cloud Security How to Protect Business to Support Digital Transformation Dragan Novakovic Cybersecurity Consulting Systems Engineer January 2018. Security Enables Digitization Digital Disruption,
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationCounterACT IOC Scanner Plugin
CounterACT IOC Scanner Plugin Version 2.0.1 Table of Contents About the CounterACT IOC Scanner Plugin... 4 Use Cases... 5 Broaden the Scope and Capacity of Scanning Activities... 5 Use CounterACT Policy
More informationCONTENTS IN DETAIL. FOREWORD by HD Moore ACKNOWLEDGMENTS INTRODUCTION 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 2 METASPLOIT BASICS 7
CONTENTS IN DETAIL FOREWORD by HD Moore xiii PREFACE xvii ACKNOWLEDGMENTS xix Special Thanks... xx INTRODUCTION xxi Why Do A Penetration Test?... xxii Why Metasploit?... xxii A Brief History of Metasploit...
More informationRead the following information carefully, before you begin an upgrade.
Read the following information carefully, before you begin an upgrade. Review Supported Upgrade Paths, page 1 Review Time Taken for Upgrade, page 1 Review Available Cisco APIC-EM Ports, page 2 Securing
More informationBuilding the Panopticon:
Building the Panopticon: Centralized Logging and Alerting With Free Tools Matthew Gracie Information Security Engineer Who Am I? What is the Panopticon? Assumptions This is primarily a Windows environment,
More informationWhy Firewalls? Firewall Characteristics
Why Firewalls? Firewalls are effective to: Protect local systems. Protect network-based security threats. Provide secured and controlled access to Internet. Provide restricted and controlled access from
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationCOPYRIGHTED MATERIAL. Con t e n t s. Chapter 1 Introduction to Networking 1. Chapter 2 Overview of Networking Components 21.
Con t e n t s Introduction xix Chapter 1 Introduction to Networking 1 Comparing Logical and Physical Networks.... 1 Networking Home Computers........................................... 2 Networking Small
More informationCHAPTER 1: WHAT S NEW IN SHAREPOINT
INTRODUCTION xxix CHAPTER 1: WHAT S NEW IN SHAREPOINT 2013 1 Installation Changes 2 System Requirements 2 The Installation Process 2 Upgrading from SharePoint 2010 3 Patching 3 Central Administration 4
More informationContents at a Glance. vii
Contents at a Glance 1 Installing WebLogic Server and Using the Management Tools... 1 2 Administering WebLogic Server Instances... 47 3 Creating and Configuring WebLogic Server Domains... 101 4 Configuring
More informationBraindumpsVCE. Best vce braindumps-exam vce pdf free download
BraindumpsVCE http://www.braindumpsvce.com Best vce braindumps-exam vce pdf free download Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest & Valid
More informationBeginning Sensor. Networks with Arduino. and Raspberry Pi. Apress- Charles Bell
Beginning Sensor Networks with Arduino and Raspberry Pi Charles Bell Apress- Contents About the Author About the Technical Reviewer Acknowledgments Introduction xv xvii xix xxi Chapter 1: Introduction
More informationCCNA Cybersecurity Operations 1.1 Scope and Sequence
CCNA Cybersecurity Operations 1.1 Scope and Sequence Last updated June 18, 2018 Introduction Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationIT Services IT LOGGING POLICY
IT LOGGING POLICY UoW IT Logging Policy -Restricted- 1 Contents 1. Overview... 3 2. Purpose... 3 3. Scope... 3 4. General Requirements... 3 5. Activities to be logged... 4 6. Formatting, Transmission and
More information