Scanners Inventory all machines on site; 12,000+ nmap farm All machines usually twice a day Find critical vulnerabilities and issue blocks Nessus Homegrown.

Slides:



Advertisements
Similar presentations
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
Advertisements

Netflow Data-Mining Techniques Chris Poetzel Argonne National Laboratory Scott Pinkerton.
F3 Collecting Network Based Evidence (NBE)
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
|ESDS SOFTWARE SOLUTION PVT. LTD.| Enterprise Datacenter Management Suite.
The Most Analytical and Comprehensive Defense Network in a Box.
MONITORING TOOLS Open Source Security Tools to monitor your network.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Vulnerability Scanning at NU Robert Vance NUIT-Telecom & Network Services.
COEN 252: Computer Forensics Router Investigation.
Department Of Computer Engineering
Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060
| University of Missouri Copyright ©2007 MOREnet and The Curators of the University of Missouri Statenet Security on the cheap and easy Beth.
CHEP2006 Network Information and Management Infrastructure Igor Mandrichenko, Eileen Berman, Phil DeMar, Maxim Grigoriev, Joe Klemencic, Donna Lamore,
2005 HR Retreat: Employment Teampriority-health.comSecurity Event Management February GR ISSA Meeting Security Event Management Correlation, Categorization,
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
NetFort Customer Webinar Getting back to basics – Using LANGuardian Aisling Brennan 26 th Feb 2015.
LANDesk Management Gateway
Virus & Anti-Virus Itthiwat Phiphopsukhawadee M.2/7 No.5 Saranpat Prasertthum M.2/7 No.17 Korakrit Laotrakul M.2/7 No.23 Pesan Kasemkitjanuwat M.2/7 No.25.
Kirby Kuehl Honeynet Project Member 05/08/2002 Intrusion Deception.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
The Most Analytical and Comprehensive Defense Network in a Box.
Bypassing Network Security: Evading IDSs, Honeypots, and Firewalls.
FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features.
Internet Concept and Terminology. The Internet The Internet is the largest computer system in the world. The Internet is often called the Net, the Information.
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
Demystifying Data Analytics & Visualization Make Your Data Dance.
Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
CIS 450 – Network Security Chapter 3 – Information Gathering.
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Distributed IDS The implementation of a Distributed Intrusion Detection System over a medium scale open network where the focus is availability of services.
FORESEC Academy FORESEC Academy Security Essentials (III)
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Linux Networking and Security
1 Quick Overview Overview Network –IPTables –Snort Intrusion Detection –Tripwire –AIDE –Samhain Monitoring & Configuration –Beltaine –Lemon –Prelude Conclusions.
Jonathan Loving Fermi Lab Computing Division
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
1 Figure 10-4: Intrusion Detection Systems (IDSs) IDSs  Event logging in log files  Analysis of log file data  Alarms Too many false positives (false.
James S. Rothfuss, Computer Protection Program COMPUTING SCIENCES NETS Network Equipment Tracking System.
WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory
Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.
Role Of Network IDS in Network Perimeter Defense.
Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Gaspar Modelo-Howard NEEScomm Cybersecurity Software Engineer Saurabh Bagchi NEEScomm Cybersecurity Officer.
Security Log Visualization with a Correlation Engine: Chris Kubecka Security-evangelist.eu All are welcome in the House of Bytes English Language Presentation.
Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
Some Great Open Source Intrusion Detection Systems (IDSs)
Security Methods and Practice CET4884
OSSEC HIDS ● Jonathan Schipp ● Dubois County Linux User Group ● Sept 4 th, 2011 ● jonschipp (at) gmail.com.
SIEM Rotem Mesika System security engineering
IDS Intrusion Detection Systems
CheckPoint Accelerated CCSE NGX R65
Unit 5: Providing Network Services
GCED Exam Braindumps
ISMS Information Security Management System
Wavestore Integrates…
Chapter 4: Protecting the Organization
Network hardening Chapter 14.
Presentation transcript:

Scanners Inventory all machines on site; 12,000+ nmap farm All machines usually twice a day Find critical vulnerabilities and issue blocks Nessus Homegrown tools

IDS Bro cluster on 10 gig spans Snort on 1 gig switch Specific sigs used for Snort due to scalability and false positive issues State based is more attractive than signature based

Sig based IDS Used for point solutions Simply not terribly Question: How would you operate in an ISP's environment? Answer: Umm... :-)

State based IDS Used for “everything else” Example Alert if HTTP connection to this server Followed by GET of a non-PHP file Followed by SSH outbound connection If all of that happens in a short time frame Sig based IDS cannot do this

Netflow Real-time collection of netflow Real-time DNS name resolution of all IPs Historical searches through netflow during incidents Searches done via Splunk

Netflow Primarily used for incident response Valuable for telling who a badguy talked to Tells us whether we need to investigate further and, if so, how much further

Log collection Collecting from 189 hosts 13 billion log entries, and growing, are searchable ~37.3 Gig a day intake Will be pushing 60 gig a day with netflow

Log collection Central syslog-ng available to all machines Collection of central web logs Searches via splunk Integration of search into enterprise programming API; CST API

Darknets and Tarpits Monitoring all unallocated address space; class B Valuable for detecting worms and software misconfiguration If it touches these networks, it is suspect

Scanners

Log collection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.