PROCESS OF CONDUCTING A DOS/IDS INCIDENT ANALYSIS

Slides:

Advertisements

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

Advertisements

Identifying and Responding to Security Incidents in the Law Firm

Separate Domains of IT Infrastructure

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

Security+ Guide to Network Security Fundamentals

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

Network Security Testing Techniques Presented By:- Sachin Vador.

Information Networking Security and Assurance Lab National Chung Cheng University How to Evaluate Network Intrusion Detection Systems?

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

COEN 252: Computer Forensics Router Investigation.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

Network security policy: best practices

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Security Guidelines and Management

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

APA of Isfahan University of Technology In the name of God.

SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

FORESEC Academy FORESEC Academy Security Essentials (II)

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Computer Defining denial of service, worm, virus and hoax. Examples of negligence or incompetence that leads to crime. CI R M E By: Megan Price.

Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Denial of Service (DoS) Attacks: A Nightmare for eCommerce Jearanai Muangsuwan Strayer University.

Note1 (Admi1) Overview of administering security.

SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.

Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.

Incident Security & Confidentiality Integrity Availability.

Chapter 2 Securing Network Server and User Workstations.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.

Scott Charney Cybercrime and Risk Management PwC.

MIS 7003 MIS Core Course The MBA Program The University of Tulsa Professor: Akhilesh Bajaj Security: Personal & Business © Akhilesh Bajaj 2004,2005, 2007,

NetTech Solutions Protecting the Computer Lesson 10.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –

Jason Ewing. What is an Intrusion Why Detecting Signs of Intrusion is Important? Types of Intrusion Detection Systems (IDS) Approaches for Detection Anomaly.

1. Definition : Malicious code refers to a program that is covertly inserted into another program with the intent to Malicious activities. 2.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

Working at a Small-to-Medium Business or ISP – Chapter 8

Managing Secure Network Systems

Joe, Larry, Josh, Susan, Mary, & Ken

Intrusion Prevention Systems

Intrusion Detection system

Incident response and intrusion detection

Chapter # 3 COMPUTER AND INTERNET CRIME

Presentation transcript:

PROCESS OF CONDUCTING A DOS/IDS INCIDENT ANALYSIS

As computer systems and the Internet have grown in size, complexity and usage the these systems has also grown. This has lead to a demand for automated systems for detecting malicious activity. This has lead to the development of a range of Intrusion Detection Systems

Intrusion Detection System A Intrusion detection system is generally considered to be any system designed to detect attempts compromise the integrity, confidentiality or availability. A Network Intrusion Detection System (NIDS) aims to detect attempted compromises by monitoring network traffic. A host based IDS (HIDS) monitors a single system for signs of compromise.

DISTRIBUTED DENIAL OF SERVICE A distributed denial of service attack is malicous dos attack involving more than one source. DDOS attacks usually involve a large number of compromised systems attacking a single target.

TYPES OF ATTACKS Buffer Overflow Attacks SYN Attacks Teardrop Attacks Smurf Attacks Viruses Infrastructure Attacks

SYMPTOMS OF DOS ATTACK Slow Network Performance. A website is unavailable Inability to access anything outside LAN. Increase in the number of SPAM e-mails.

SECURITY ANALYSIS Preparation Detection and Analysis Containment, Eradication and Recovery Post Incident Recovery Documentation

PREPARATION Form Incident Response Team. Main Contact Information. On-call Roster, Incident Report Mechanism. Incident operations center. Evidence Secure Storage. Spare Computers/Servers Removable Media. Digital forensic Kit Spare Printers Network Diagrams Network Baselines

MONITOR NETWORK FOR SIGNS OF INCIDENT Reconnaissance activity Network Scanning Remote Logon attempts Increase in volume of traffic Log suspicious traffic Consolidate reports for analysis.

CONTAINMENT, ERADICATION AND RECOVERY Identify the type of attack. Block the Attack. Blocked Access from Source IP Address. RECOVERY Update firewall Update all users passwords Reinstalled Software

POST INCIDENT ACTIVITY Summary of Incident What can we do better What was good Evidence Handling Evidence Retention Subjective Overall Assessment

POST INCIDENT DOCUMENTATION Create after actions report. Incident handling checklist Update Knowledge Base

WHAT CAN EMPLOYEES DO? Email and Attachments Password Policies Scan all files Use Antivirus Physical Security

REFERENCES Allen, J. Christie, A. William, F. McHugh, J. Pickel, J. Stoner, E. (2000) State of the Practice of Intrusion Detection Technologies. Carnegie Mellon Software Engineering Institute. Richard P. Lippmann, Robert K. Cunningham, David J. Fried, Issac Graf, Kris R. Kendall, Seth E. Webster, Marc A. Zissman(1999). Results of the DARPA 1998 Offline Intrusion Detection Evaluation, slides presented at RAID 1999 Conference, September 7-9, 1999, West Lafayette, Indiana. Haines, J, W. Lippmann, R, P. Fried, R, P. Korba, J. & Das, K. (1999) The 1999 DARPA Off-Line Intrusion Detection Evaluation. Haines, J, W. Lippmann, R, P. Fried, R, P. Zissman, M, A. Tran, E. & Bosswell , S, B. (1999) DARPA Intrusion Detection Evaluation: Design and Procedures. Lincoln Laboratory, Massachusetts Institute of Technology.