Cyber Attack Scenario Overview Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.

Slides:

Advertisements

Similar presentations

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Advertisements

Introduction To The Course Network Architecture Hervey Allen Chris Evans Phil Regnauld September 3 - 4, 2009 Santiago, Chile.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Network Security and its Impact on Network Continuity.

Malicious Attacks Angela Ku Adeline Li Jiyoung You Selena Yuen.

Network Security Testing Techniques Presented By:- Sachin Vador.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Secure Registry Operations Framework Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Incident Response Updated 03/20/2015

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Hacking Windows Justin Bell Department of Computer Science University of Wisconsin, Platteville

13Computer Intrusions Dr. John P. Abraham Professor UTPA.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

SECURITY BASELINES -Sangita Prabhu.

SIM 302. Unprepared UninformedUnaware Untrained Unused.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Introduction To Secure Registry Operations for ccTLDs Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.

Viruses & Destructive Programs

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.

Copyright (c) by CNAPTICS Corporation. All rights reserved.1 INFO Oracle Database 11g: Administration II Presented By: Marc S. Paller,

Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.

Disruption Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

Introduction To Secure Registry Operations for ccTLDs Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Topic 5: Basic Security.

Advanced Persistent Threats (APT) Sasha Browning.

Module 10: Windows Firewall and Caching Fundamentals.

Internet safety By Suman Nazir

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Understand Malware LESSON Security Fundamentals.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

 Computer Network Attack  “… actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers.

Privilege Escalation Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.

Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.

© SYBEX Inc All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”

An Anatomy of a Targeted Cyberattack

Proactive Incident Response

Cybersecurity - What’s Next? June 2017

Critical Security Controls

Instructor Materials Chapter 7 Network Security

Information Systems Security

Secure Software Confidentiality Integrity Data Security Authentication

Disruption Baseline, Monitor, Detect, Analyze, Respond, & Recover

National Cyber Security Month

be the strong link in your

TOPIC 8 ADVANCED PERSISTENT THREAT (APT) 進階持續性滲透攻擊

Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009

Incident Detection and Response

Cyber Threat Landscape

Determined Human Adversaries: Mitigations

Risks & Reality Cyber Security Risks & Reality

What Makes a Network Vulnerable?

Shifting from “Incident” to “Continuous” Response

Introduction to Systems Security

Determined Human Adversaries: Mitigations

Information Security – Sep 18

Test 3 review FTP & Cybersecurity

6. Application Software Security

IP Addresses & Ports IP Addresses – identify a device on a network

Engineering Secure Software

Presentation transcript:

Cyber Attack Scenario Overview Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile

Overview Cyber Attack Categorizations Cyber Attack Demonstration Structure 2

Cyber Attack Categorization Foothold Reconnaissance & Enumeration Privilege Escalation Corruption Disruption Data Exfiltration Persistence 3 FootholdRecon & EnumPriv Esc. Corruption Persistence Data Exfiltration Disruption Time & Effort Concurrency

Cyber Attack Categorization Foothold – Initial attempts to access and establish a remote connection into the network – Phishing with Malware Attachments – Website Hosted Malware Installations 4

Cyber Attack Categorization Reconnaissance & Enumeration – The act of scanning a network to determine its layout, hosts, services, users, and other information which may be useful in a cyber attack – Network Mapping – Port Scanning 5

Cyber Attack Categorization Privilege Escalation – Obtaining credentials, beyond what is normally available, for the purpose of accessing systems or information – Username / Password Cracking – Social Engineering 6 MetaSploit

Cyber Attack Categorization Corruption – Modifying information or content on a system or application – Website Defacement – Cache Poisoning

Cyber Attack Categorization Disruption – Denying, degrading, or otherwise limiting the availability of services provided by a system or application – Packet Floods – Deleting Operating System Files 8

Cyber Attack Categorization Data Exfiltration – Copying data, that is not publicly accessible, from a network for malicious purposes – “Smash & Grab” – Corporate Espionage 9

Cyber Attack Categorization Persistence – Establishing an unauthorized, constant, presence on the network and thwarting administrator removal attempts – Root Kits – Monitoring Administrator Actions

Cyber Attack Demonstration Structure How the cyber attacks will be demonstrated: – Attack Demonstration (Round 1) – Discussion of Monitoring Tools – Installation, Configuration, Operation of Tools – Establishing a Baseline – Attack Demonstration (Round 2) – Analysis of Results – Discussion of Response & Recovery Actions – Enact Response / Recovery Actions – Attack Demonstration (Round 3) 11

Cyber Attack Demonstration Structure 12 Attack Tool Talk Mitigate Analysis Monitor Attack See Effect See the Attack See the Attack Fail

QUESTIONS? 13 ? Do you have any questions about … –Cyber Attack Categorizations –How the Cyber Attacks Will Be Demonstrated to You?