Advanced Attack Detection and Infrastructure Protection Sean Ensz –OU IT Security Analyst Sallie Wright –OSU IT Security Officer Dr. Mark Weiser –OSU Director.

Slides:

Advertisements

Similar presentations

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Advertisements

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Access Control Chapter 3 Part 5 Pages 248 to 252.

Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

LittleOrange Internet Security an Endpoint Security Appliance.

MIGRATION FROM SCREENOS TO JUNOS based firewall

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Department Of Computer Engineering

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

Intrusion Detection Chapter 12.

1 IS 8950 Managing Network Infrastructure and Operations.

How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

BotNet Detection Techniques By Shreyas Sali

Intrusion Detection Systems Austen Hayes Cameron Hinkel.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

Honeypot and Intrusion Detection System

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Honeynets Detecting Insider Threats Kirby Kuehl

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.

Cryptography and Network Security Sixth Edition by William Stallings.

1 ForeScout Technologies Inc. Frontline Defense against Network Attack Tim Riley, Forescout.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Venus Project Brief Description. What It Do What Monitor Log Analyze Block Narrow Report Search Where Single stations Internet Gates Special Devices Web.

NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS

HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

Role Of Network IDS in Network Perimeter Defense.

Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.

IS3220 Information Technology Infrastructure Security

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Introducing Dell SonicWALL Capture Advanced Threat Protection Service

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

Some Great Open Source Intrusion Detection Systems (IDSs)

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Network Security Lab Jelena Mirkovic Sig NewGrad presentantion.

SIEM Rotem Mesika System security engineering

Click to edit Master subtitle style

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

The Harvard Network: An Overview of Connectivity and Security

NETWORK SECURITY LAB Lab 9. IDS and IPS.

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

Intrusion Detection & Prevention

LINUX SECURITY Dongmei Wu ID: /25/00.

Detecting Targeted Attacks Using Shadow Honeypots

Intrusion detection systems?

Identity & Access Management

Security Overview: Honeypots

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

Presentation transcript:

Advanced Attack Detection and Infrastructure Protection Sean Ensz –OU IT Security Analyst Sallie Wright –OSU IT Security Officer Dr. Mark Weiser –OSU Director of CTANS

Agenda Technical Overview – Sean Ensz Production Benefits – Sallie Wright Research Benefits – Dr. Mark Weiser

Technical Overview Core system based on a Honeynet design –A Honeynet is a network of honeypots –A honeypot is an information system resource whose value lies in illicit use of that resource –A honeypot has no legitimate users –Any traffic going to and from the system in inherently suspicious *Source:

Future Improvements Honeywall –Needs better hardware & network driver support –Beta version to be released today Host based logging –Currently relies on Sebek –Lacks host log and process tree support –Working with Third Brigade to develop a honeypot version of their product

Production Benefits

No real security Program WIDE OPEN IT Security Office Policy Focus Central Anti-virus IDS Border Firewall IT Security Plan LaBrea Tarpit Anti-Spam Intrusion Prevention System AIPS OSU IT Systems Security Evolution

AIPS Production Benefits Identification of malicious hosts Ability to block at the border of Oklahoma’s OneNet state-wide network

Collaboration A key benefit is the ability to provide academic programs with tools to research Develop new ways to strengthen overall IT security.

Production Goal To contain and prevent intrusions while providing the data Flow analysis to tune the IT security process.

Research Benefits

How This May Be Extended –Future Research –Related Endeavors

Day Zero Signature Existing Signatures Candidate Detects HN Design Attacks HN Wild Attacks Day Zero Signature AI/Neural Nets Other Methods Validation

MiddleWare Honeynet “Solution” Platform-neutral Solution (file) Middleware Router Description / Access Information Router/ Firewall

Basic Near-Real-Time Activity Detector Low-cost log gathering w/ local analysis Central Cumulative Analysis Trigger points distribute alerts to subscribers

Sean Ensz Sallie Wright Dr. Mark Weiser