You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.

Similar documents
ANATOMY OF AN ATTACK!

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

The Value of Automated Penetration Testing White Paper

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

ITSY 2330 Intrusion Detection Course Syllabus

Topic 1: Analyzing Mobile Devices

Instructor: Eric Rettke Phone: (every few days)

6 MILLION AVERAGE PAY. CYBER Security. How many cyber security professionals will be added in 2019? for popular indursty positions are

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Why we need Intelligent Security? Juha Launonen Sourcefire, Inc.

Standard Course Outline IS 656 Information Systems Security and Assurance

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

Transforming Security from Defense in Depth to Comprehensive Security Assurance

EC-Council C EH. Certified Ethical Hacker. Program Brochure

CND Exam Blueprint v2.0

Managing an Active Incident Response Case. Paul Underwood, COO

Ethical Hacking Series: 0x01 - Hacking Methodologies. JaxHax Makerspace Travis Phillips

Cyber Security Stress Test SUMMARY REPORT

Hacker Academy UK. Black Suits, White Hats!

5 IT security hot topics How safe are you?

EC-Council C EH. Certified Ethical Hacker. Program Brochure

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Managed Endpoint Defense

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017

Ransomware A case study of the impact, recovery and remediation events

CEH: CERTIFIED ETHICAL HACKER v9

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Topic 1: Obstacles to Successful Implementation

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

10 FOCUS AREAS FOR BREACH PREVENTION

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Topic 1: Physical Security Measures for HGA

to Enhance Your Cyber Security Needs

Snort: The World s Most Widely Deployed IPS Technology

Top 10 Considerations for Securing Private Clouds

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

Vulnerability Management From B Movie to Blockbuster Rahim Jina

locuz.com SOC Services

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Certified Ethical Hacker

Network Security Monitoring: An Open Community Approach

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Novetta Cyber Analytics

CCISO Blueprint v1. EC-Council

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Gladiator Incident Alert

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.

Endpoint Protection : Last line of defense?

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Imperva Incapsula Website Security

EC-Council - EC-Council Certified Security Analyst (ECSA) v8

CCNA Cybersecurity Operations. Program Overview

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Matt Walker s All in One Course for the CEH Exam. Course Outline. Matt Walker s All in One Course for the CEH Exam.

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall

Protect Your Organization from Cyber Attacks

The Future of Threat Prevention

BUILDING AND MAINTAINING SOC

Required Textbook and Materials. Course Objectives. Course Outline

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Course 831 Certified Ethical Hacker v9

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

MARCH Secure Software Development WHAT TO CONSIDER

Designated Cyber Security Protection Solution for Medical Devices

The fast track to top skills and top jobs in cyber. Guaranteed.

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Ethical Hacking and Prevention

CCNA Cybersecurity Operations 1.1 Scope and Sequence

Chapter 4. Network Security. Part I

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

NetDefend Firewall UTM Services

Syllabus: AIT Information Systems Infrastructure Lifecycle Management

Simplify Your Network Security with All-In-One Unified Threat Management

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

NETWORK THREATS DEMAN

Expert Reference Series of White Papers. Cisco Completes the Security Picture with Sourcefire

Building Trust in the Internet of Things

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

Pearson CompTIA: Security+ SY0-401 (Course & Lab) Course Outline. Pearson CompTIA: Security+ SY0-401 (Course & Lab)

Virtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE, T.J.S ENGINEERING COLLEGE

Take Risks in Life, Not with Your Security

2. INTRUDER DETECTION SYSTEMS

A practical guide to IT security

Meeting 40. CEH Networking

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Syllabus for CIT 442 Information System Security 3 Credit Hours Spring 2015

RSA IT Security Risk Management

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

CONE 2019 Project Proposal on Cybersecurity

Transcription:

IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary Takeaways Topic 1: IDPS Effectiveness During the lab activity, you gained experience using SNORT. Based on that experience (and any other IDPS experience you have, if any), discuss the benefits and limitations you see with IDPS. What does IDPS do really well? What are some of its shortcomings, and how can those be addressed? Is there ever a situation where an organization would be justified in not using an IDS, IPS, or both? Edward Jackson Snort is good 5/2/2015 1:52:48 PM The primary advantage of SNORT over another IDPS is that it is open source; it is free. The benefits of using SNORT is that it can be implemented as a network intrusion detection system (NIDS), there is a packet sniffing mode where packets can be captured and analyzed in real time, and finally, SNORT can operate as a packet logger (Chapple, 2003). The packet logger works like the sniffing functionality, except data is dumped into a traffic file; this file can then be analyzed at a later date. SNORT is actually quite easy to install, which leads some people to believe that SNORT is not a complex tool, or that SNORT results could not possibly be as good as paid-for software; this would be a false assumption. SNORT is actually quite developed, and is considered the world s most deployed intrusion prevention software (Cisco, n.d.). Cisco (n.d.) states that SNORT's open-architecture has contributed to its success. The basic methodology that SNORT uses is rapid response, greater accuracy, and high adaptability. Some of the limiting factors of SNORT is that it is considered pretty old and static in design. Today s networks are quite complex, and are considered dynamic in nature. According to Cisco (n.d.), modern network security requires a contextual awareness, of which, SNORT was never programmed for. The lack of this awareness built into SNORT means that automating useful alerts becomes a huge challenge, which the entire alert process usually includes manually sorting through tons of alerts, both good and bad, positive and false positive ones. However, even with these challenges, SNORT can prove quite powerful, because it does generate these alerts, and at a TCO much lower than paid-for software. I would also like to point out [another limitation], any IPS or IDS cannot completely prevent security threats to a computer network. To properly reduce (or prevent) threats to a network, there needs to be layered defenses. Hardening the security of routers, switches, firewalls, and servers should be included in a security strategy. Likewise, implementing an IDS and an IPS should be considered a critical part of any security plan. I would also go as far as to say, anti-virus, anti-malware protection, data loss prevention systems, and regular auditing should all be a part of an enterprise security strategy. Only when a holistic approach is taken to security, the highest levels of protection can be achieved. It would also be critical to proper train IT staff on how to use

tools like SNORT. Because SNORT has reporting capability, it would probably be a good idea for regular reports to be generated, so that they can be used to look for potential hacking problems (those people that are performing regular hacking attempts against a company). The Cisco reference I used was a pretty good read of SNORT and an IPS; feel free to check it out. References Chapple. (2003). Snort -- The poor man's intrusion-detection system. Retrieved fromhttp://searchsecurity.techtarget.com/tip/snort-the-poor-mans-intrusion-detection-system Cisco. (n.d.). Snort. The world s most widely deployed IPS technology. Retrieved from http://www.cisco.com/c/en/us/products/collateral/security/brief_c17-733286.html Topic 2: IT 542 Takeaways Now that you are at the end of the course, consider the security of information you use, have access to, or for which you have stewardship. What have you learned in this class that will help you contribute to the security of that information? How can you help others also contribute to increased information security? Are there any activities that you think would qualify as ethical hacking that you could do relative to information you work with? If so, discuss. Edward Jackson The takeaways are great 4/30/2015 6:15:42 PM I have learned several important things in this class. One, I now know what a SQL injection looks like, and how [untested] web forms can be exploited. I have also learned why securing ports, firewalls, and hardening systems is as important as physically protecting computer network systems. It was not all that long ago when employers thought physical protection was all that was required. I think with all the recent breaches in security, companies are beginning to realize just how important security is. I thought the footprinting we did in Unit 2 was pretty interesting. It actually showed us what kind of information could be gathered remotely, which, by the way, is quite a lot. When we learned about distributed attacks, I realized that the power of many computers could be harnessed to attack a victim. These distributed attacks could also be completely silent, persistent, and a company will not even realize it is being attacked. The social engineering aspect of hacking is still alive and

well. One thing I now know for sure, is that human component of any company is the weakest link in security chain. Social engineering, whether it be an email, a phone call, and an instant message, can prove quite effective in gathering information, and can even get a hacker into a company. In Unit 5, I found the incident response portion of the assignment very practical. I could see using something like this where I work, just in digital form. Perhaps added to a work order ticket, or into a web page via a web form. I think the main thing I learned in this class is that ethical hackers are needed, and needed in a big way; normal security measures are just not enough. To catch a hacker, you need to think like a hacker. I hope companies realize the importance of ethical hacking, and start staffing more ethical hackers in the near future. Defensive Technologies You will now focus on two very important defensive technologies used to protect the resources from attack, as well as detect the occurrence of an attack. These two technologies are generally known as Intrusion Protection System (IPS) and Intrusion Detection Systems (IDS). In the past five years, products incorporating both have emerged, these as IDPS s are referred to. These two types of systems are comprised of some of the tools you have already studied and some additional tools you will study in this unit. Outcomes After completing this unit you should be able to: Configure an intrusion detection system to detect a network-based attack. Recognize IDS signatures, rules and other IDS components. Analyze an IDS report to distinguish between false positives and true positives. Course outcome practiced in this unit: IT542-4: Recommend security solutions to address discovered vulnerabilities. What do you have to do in this unit? Complete assigned Reading. Participate in Discussion. Complete unit Assignment. Participate in Seminar or complete the Alternative Assignment.

Complete the unit Quiz. Complete the optional Learning Activity. Review Program Portfolio. Read Chapter 15: Defensive Technologies in your textbook. The course ends with a focus on defensive technologies. Now that you have learned some of the techniques and processes used by the hacker, as well as the proper way to document and report an attack, it is now time to focus on how the ethical hacker can help an organization to establish a defense against future attacks. This is a difficult challenge as information technology infrastructures continue to become more complex and sophisticated. Still, there are some well-known tools and techniques that can help to provide reasonable levels of security and this unit s Reading will introduce you to those tools and techniques.

Attending live Seminars is important to your academic success, and attendance is highly recommended. The Seminar allows you to review the important concepts presented in each unit, discuss work issues in your lives that pertain to these concepts, ask your instructor questions, and allow you to come together in real time with your fellow classmates. There will be a graded Seminar in Units 1 through 6 in this course. You must either attend the live Seminar or you must complete the Seminar alternative assignment in order to earn points for this part of the class. Option 1: Attend the Seminar: During the Unit 6 Seminar, the instructor should briefly review the sixth lab, ensuring that you understand the goals and expectations of the lab activities. Assignment 6 Outcomes addressed in this activity: Unit Outcomes: Configure an intrusion detection system to detect a network-based attack. Recognize IDS signatures, rules and other IDS components Analyze an IDS report to distinguish between false positives and true positives. Course Outcome: IT542-4: Recommend security solutions to address discovered vulnerabilities.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback