Applied Watch Technologies The Enterprise Open Source Security Infrastructure open.freedom Go ahead. Be free.

Slides:



Advertisements
Similar presentations
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
IDPS (Intrusion Detection & Prevention System )
Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Introduction to UNIX Acknowledgement:Thanks to Dr Andrew Horner for the original version of this set of slides. All trademarks are the properties of their.
Host Intrusion Prevention Systems & Beyond
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Windows ® Powered NAS. Agenda Windows Powered NAS Windows Powered NAS Key Technologies in Windows Powered NAS Key Technologies in Windows Powered NAS.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Intrusion Protection Mark Shtern. Protection systems Firewalls Intrusion detection and protection systems Honeypots System Auditing.
COEN 252 Computer Forensics
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
The Most Analytical and Comprehensive Defense Network in a Box.
Network Administration. What is a Systems Administrator?  Person responsible for:  Setting up servers  Configuring the environment for web and other.
Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.
Network Security Evan Roggenkamp
Intrusion Detection Systems Austen Hayes Cameron Hinkel.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
COEN 252 Computer Forensics Collecting Network-based Evidence.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
By Jim White WiredCity, Div. of OSIsoft Copyright c 2004 OSIsoft Inc. All rights reserved. Cyber Security Tools.
Chapter 5: Implementing Intrusion Prevention
Intrusion Detection (ID) Intrusion detection is the ART of detecting inappropriate, incorrect, or anomalous activity There are two methods of doing ID.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
Network Security: Lab#5 Port Scanners and Intrusion Detection System
An overview.
Intrusion Intrusion Detection Systems with Snort Hailun Yan 564-project.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
Intrusion Detection Cyber Security Spring Reading material Chapter 25 from Computer Security, Matt Bishop Snort –
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
OSSEC HIDS ● Jonathan Schipp ● Dubois County Linux User Group ● Sept 4 th, 2011 ● jonschipp (at) gmail.com.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Outline Securing your system before the IDS and some tools to help you
CompTIA Security+ Study Guide (SY0-401)
IDS Intrusion Detection Systems
Proventia Network Intrusion Prevention System
HP ProCurve Alliance + Dr Carl Windsor CISSP Major Account Manager
Footprinting and Scanning
CompTIA Server+ Certification (Exam SK0-004)
Intrusion Prevention Systems
CompTIA Security+ Study Guide (SY0-401)
NETWORK SECURITY LAB Lab 9. IDS and IPS.
Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.
CompTIA Security+ Study Guide (SY0-501)
Security+ Guide to Network Security Fundamentals, Third Edition
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
Intrusion Detection Systems (IDS)
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Applied Watch Technologies The Enterprise Open Source Security Infrastructure open.freedom Go ahead. Be free.

Applied Watch Technologies about.me Go ahead. Be free. 1.Sold first company at 17 2.Information warfare consultant with Dept. of Defense 3.GCIA, CISSP 4.Published first advisory on hacking VPN appliances (Securityfocus.com). Spoke at Caesar’s Palace in Las Vegas 5.Nominated by MIT as Most Influential Technologist of CEO, President, Applied Watch Technologies (Enterprise Open Source Management Company)

Applied Watch Technologies categories Go ahead. Be free.

Applied Watch Technologies what.is.open.source Go ahead. Be free. Open Source is a free alternative to commercial software developed and maintained by the community (thousands of developers) 1.Linux v/s Microsoft Windows 2.Apache v/s Microsoft IIS 3.Snort v/s ISS, Cisco, 3Com 4.Nagios v/s HP Openview

Applied Watch Technologies what.is.open.source There is now an open source tool alternative for every commercial product 1.Network management tools 2.Intrusion Detection Systems 3.Antivirus 4.Firewalls 5.Operating Systems 6.Web Servers

Applied Watch Technologies open.source.trends Go ahead. Be free. Gartner holds an annual open source summit discussing widespread use of open source in the enterprise (Forrester Research) At least 75% of organizations have deployed open source software (Forbes NOV 2005) Open source invades the enterprise. May 2005 IBM Acquires Gluecode (Open Source competitor) (Forbes) Chicago Mercantile Exchange cuts $2.5M in hardware costs by switching to Linux Go ahead. Be free.

Applied Watch Technologies open.source.trends Go ahead. Be free. (IDC) open source is used in nearly 75 percent of all organizations worldwide and includes hundreds of thousands of projects. Open source is in production in over half of the organizations. (2005 Netcraft Survey) Apache dominates Web Server market over Microsoft with 70% Market Share Navy protects battleships using open source Snort

Applied Watch Technologies Defense in-Depth Commercial NIDS Open Source NIDSOpen Source HIDS

Applied Watch Technologies why.open.source COTS (Commercial-off-the-shelf) NIDS/NIPS don’t do everything perfectly Open Source signatures are community developed and in most cases are easier to write There will soon be an equal or superior open source solution to every COTS security product Commercial solutions can be very expensive. OSS lowers the TCO of Security.

Applied Watch Technologies oss.strategy: nids Snort IDS: Network Intrusion Detection System Pattern Matching Protocol anomaly detection (data in SYN packet) Target-aware (stream5 in Snort 3) Passive or Inline Intrusion Prevention Over 3M downloads to date

Applied Watch Technologies oss.strategy: nids Go ahead. Be free. Bro IDS: Network Intrusion Detection System Developed by Lawrence Berkeley National Labs Focused more on use in research environments Detects anomalies in traffic behavior as well as patterns Can alert, execute an OS command, or block traffic More of a research platform for IDS

Applied Watch Technologies oss.strategy: hids Go ahead. Be free. OSSEC HIDS: Host Intrusion Detection and Prevention System Ported to all major OS (Windows, Unix, BSD, Linux, HP-UX, MacOS, Solaris) Uses local system to block attacks -based alerting on attacks Performs log analysis, file integrity checking, rootkit detection, time-based alerting, and active response

Applied Watch Technologies oss.strategy: hids Go ahead. Be free. OSSEC HIDS: Host Intrusion Detection and Prevention System Agent/Server architecture Signatures can be easily written Detects changes to user dirs, md5 checksum changes, changes to file/directory sizes, ownership changes, and directory permissions. Windows registry monitoring

Applied Watch Technologies summary Go ahead. Be free. In some organizations, OSS has replaced commercial security and network products In others, OSS augments COTS products as an additional layer Soon, OSS will be an option for every COTS network and security product available OSS is being relied upon for lowering TCO in Security