Security (part 1) CPS210 Spring 2006. Current Forensic Methods  Manual inspection of existing logs  System, application logs  Not enough information.

Slides:



Advertisements
Similar presentations
NAGIOS AND CACTI NETWORK MANAGEMENT AND MONITORING SYSTEMS.
Advertisements

ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
CS 443 Advanced OS Fabián E. Bustamante, Spring 2005 Backtracking Intrusions Sam King & Peter Chen CoVirt Project, University of Michigan Presented by:
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Backtracking Intrusions Sam King Peter Chen CoVirt Project, University of Michigan.
Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.
Intrusion Detection System Marmagna Desai [ 520 Presentation]
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
To run the program: To run the program: You need the OS: You need the OS:
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.
Kirby Kuehl Honeynet Project Member 05/08/2002 Intrusion Deception.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Honeypot and Intrusion Detection System
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
CIS 450 – Network Security Chapter 16 – Covering the Tracks.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.
HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Maintaining and Updating Windows Server Monitoring Windows Server It is important to monitor your Server system to make sure it is running smoothly.
Backtracking Intrusions. Introduction Rapidly increasing frequency of computer intrusions Common routines for system administrators (1)Understand how.
Security monitoring boxes Andrew McNab University of Manchester.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Kenfe-Mickael Laventure Laurent Malvert Macquarie University LEMONA Linux Enhanced Monitoring Architecture Linux zest for security.
7.5 Intrusion Detection Systems Network Security / G.Steffen1.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
1 Figure 10-4: Intrusion Detection Systems (IDSs) IDSs  Event logging in log files  Analysis of log file data  Alarms Too many false positives (false.
TCOM Information Assurance Management System Hacking.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Intrusion Detection System
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
February 2016 Meeting. Web Defacement and Spear Phishing.
6/13/20161 Operating Systems Design (CS 423) Elsa L Gunter 2112 SC, UIUC Based on slides by Roy Campbell, Sam King,
Unit 2 Personal Cyber Security and Social Engineering Part 2.
IDS And Tripwire Rayhan Mir COSC 356. What is IDS IDS - Intrusion detection system Primary function – To monitor network or host resources to detect intrusions.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Working at a Small-to-Medium Business or ISP – Chapter 8
Operating Systems Design (CS 423)
Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Evaluating a Real-time Anomaly-based IDS
Backtracking Intrusions
Backtracking Intrusions
Chapter 2. Malware Analysis in VMs
Authors: Helen J. Wang, Chuanxiong Guo, Daniel R
Game Mark Shtern.
Chapter 4: Protecting the Organization
Presentation transcript:

Security (part 1) CPS210 Spring 2006

Current Forensic Methods  Manual inspection of existing logs  System, application logs  Not enough information  Network log  May be encrypted  Disk image  Only shows final state  Machine level logs (ReVirt)  No semantic information

Fixing the vulnerability  Logs contain other traffic  Disks have other updates  No way to separate out legitimate actions  How do I rollback?  Remove the effects of the attack  Leave any real work

Process File Socket Detection point Fork event Read/write event

BackTracker  Online component, log objects and events  Offline component to generate graphs BackTracker runs, shows source of intrusion intrusion detected intrusion occurs

BackTracker Objects  Process  File  Filename

Dependency-Forming Events  Process / Process  fork, clone, vfork  Process / File  read, write, mmap, exec  Process / Filename  open, creat, link, unlink, mkdir, rmdir, stat, chmod, …

Prioritizing Dependency Graphs  Hide read-only files  Eliminate helper processes  Filter “low- control” events /bin/bash /lib/libc bash proc backdoor

Prioritizing Dependency Graphs id pipe  Hide read-only files  Eliminate helper processes  Filter “low- control” events bash proc backdoor

Prioritizing Dependency Graphs bash proc login_a utmp login_b backdoor  Hide read-only files  Eliminate helper processes  Filter “low- control” events

Process File Socket Detection point Fork event Read/write event

Implementation  Prototype built on Linux  Both stand-alone and virtual machine  Hook system call handler  Inspect state of OS directly Guest OS Host OS VMMEventLogger Guest Apps Host OS EventLogger Host Apps Virtual Machine Implementation Stand-Alone Implementation

Evaluation  Determine effectiveness of Backtracker  Set up Honeypot virtual machine  Intrusion detection using standard tools  Six default filtering rules

Process File Socket Detection point Fork event Read/write event

Process File Socket Detection point Fork event Read/write event

BackTracker Limitations  Layer-below attack  Use of filtered objects for attack  Hidden channels  Create large dependency graph  Perform a large number of steps  Implicate innocent processes

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.