IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
By Hiranmayi Pai Neeraj Jain
Packets and Protocols Chapter Seven Real World Packet Captures.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
UNITS meeting September 30, 2004 Network Security Roger Safian
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Network and Server Attacks and Penetration Chapter 12.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Host Intrusion Prevention Systems & Beyond
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Instant Messaging Security Flaws By: Shadow404 Southern Poly University.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
TCP/IP Vulnerabilities. Outline Security Vulnerabilities Denial of Service Worms Countermeasures: Firewalls/IDS.
Penetration Testing Security Analysis and Advanced Tools: Snort.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
Honeypot and Intrusion Detection System
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Operating system Security By Murtaza K. Madraswala.
1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch
Chapter 5: Implementing Intrusion Prevention
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Intrusion Detection Karthikeyan Mahadevan. Intrusion Detection What is Intrusion? Simply put, an intrusion is someone attempting to break into or misuse.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Module 7: Advanced Application and Web Filtering.
1 Figure 10-4: Intrusion Detection Systems (IDSs) HOST IDSs  Protocol Stack Monitor (like NIDS) Collects the same type of information as a NIDS Collects.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Role Of Network IDS in Network Perimeter Defense.
Network Intrusion Detection System (NIDS)
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Lab #2 NET332 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
Some Great Open Source Intrusion Detection Systems (IDSs)
Network Security Lab Jelena Mirkovic Sig NewGrad presentantion.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Lab #2 NET332 By Asma AlOsaimi.
Final Project: Advanced security blade
CompTIA Security+ Study Guide (SY0-401)
IDS Intrusion Detection Systems
TMG Client Protection 6NPS – Session 7.
Working at a Small-to-Medium Business or ISP – Chapter 8
Protection Against Rootkits “Defense In Depth”
Secure Software Confidentiality Integrity Data Security Authentication
Securing the Network Perimeter with ISA 2004
Operating system Security
Configuring TMG as a Firewall
CompTIA Security+ Study Guide (SY0-401)
Intrusion Detection Systems (IDS)
Lecture 3: Secure Network Architecture
Intrusion Detection system
Network hardening Chapter 14.
Using Software Restriction Policies
Presentation transcript:

IT Security Doug Brown Jeff Bollinger

What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information technology

Mistakes Computers don’t make mistakes; people do. People write programs. Each program that you run introduces another set of mistakes that the bad guys can use against you.

From the network Programs open ports Attackers probe these ports (Layer 4 - transport) to determine which programs are running, what version they are, and what they can attack

Firewalls (Layer 4 – Transport) What they do:

Why not stop there? A Firewall on your network is not a panacea You will probably have to allow some access to your network through the firewall If someone uses this access to hack a box on your network, then the firewall becomes inconsequential Firewalls are troublesome in some environments – like UNC

Break-ins Things the bad guys take advantage of Bad or weak passwords Poorly written programs Buffer Overflows Execution of code Detection of break-ins System logs IDS and/or Firewall logs Abnormal system behavior Complaint from another user

Intrusion Detection Normally a passive security tool Monitors network traffic in search of attacks Signature based Traffic pattern based Monitoring the IDS logs provide Evidence with which to respond to attacks Warnings to allow the stopping of attacks in progress Post-mortem information after attacks UNC is currently using Snort

An example from Snort Signature # Alerts# Sources # Destinations Detail link ida ISAPI Overflow Summary CUSTOM Port TCP traffic Summary WEB-MISC Invalid URL Summary WEB-MISC 403 Forbidden Summary SMTP relaying denied Summary CUSTOM IRC file-sharing Summary FTP EXPLOIT wu-ftpd overflow Summary WEB-MISC Attempt to execute cmd Summary INFO Possible IRC Access Summary Incomplete Packet Fragments Summary WEB-MISC http directory traversal Summary

Intrusion Detection The downside of Intrusion Detection? False Positives!

Enter Intrusion Prevention Sits In-line and automatically drops bad traffic Layer 7 – Application Inspection With the right brand - No False Positives Security Zones (Attack Domains) contain infections

An example from Tipping Point Hit CountFilter 8988MS-RPC: DCOM 396Shell Command Exec 334IE CHM File Proc 202Code Red II Worm 83Nimda Attack

IE CHM File Processing This filter detects an attempt to exploit a vulnerability in Internet Explorer, specifically in IE's processing of compiled help (".chm") files. The flaw can be exploited by a malicious website to execute arbitrary code on a client system. Note that the vulnerability is being exploited in the wild to install malicious code named "Ibiza" on compromised systems.

Key Points People are behind the technology Security combats human error Goal of security is to ensure: Confidentiality - Integrity - Availability (of the data and systems)

Wireless Demo Wireless Implementations = Human Error

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.