Active Ports 1.4 ZoneLog. Active Ports Overview What it does Where to get it Why use it How to use it Screen Shots Observations Lessons Learned.

Slides:

Advertisements

Similar presentations

VirtualSim Inc. Real tools for virtual worlds Presentation.

Advertisements

| | We make life more comfortable 1 TCP/IP Web HVAC Network Controller & Viewer.

AB Tutor Control PC Remote Access Software. - Key Features

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

FireClass FC501. What’s FC501 ? An entry level Triple Circuit Single Loop addressable system featuring Intelli-Zone mapping An “out of the box” panel.

Trojan Horse Program Presented by : Lori Agrawal.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

1 實驗五：媒介存取協定模擬教師：助教：. 2 Outline  Background  Transmission Protocols  ALOHA  CSMA/CD  CSMA/CA  Network Devices  Hub  Switch  Access Point (AP)

Introduction to the Internet How did the Internet start? Why was the Internet developed? How does Internet handle the traffic? Why WWW changed the Internet.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Your solution to unsupervised practice, assessment, accountability.

Remote Surveillance System Presented by: Robarin Holdings Limited Telephone: Facsimile:

COEN 252: Computer Forensics Router Investigation.

Defeating Large Scale Attacks: Technology and Strategies for Global Network Monitoring The NetViewer Experiment PAVG in collaboration with Networking Systems.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.

4/20/2017 7:57 PM.

COEN 252 Computer Forensics

CYBERCOG Test Bed Overview. The Experiment Setup 2 Screens per analyst A common projector screen Experimenter observing the interactions and taking notes.

WIRELESS IN YOUR LIBRARY The Anatomy of a Library Communications Network.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Honeypot and Intrusion Detection System

Module 7: Firewalls and Port Forwarding 1. Overview Firewall configuration for Web Application Hosting Forwarding necessary ports for Web Application.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Otasuke GP-EX! Chapter 11 GP-Viewer EX

1 iCMS Setup and Operation Real Time Recording Feature Rich High Reliability Field Upgradeable Easy to setup Easy to support Easy to Use.

Enjoy Remote Support WinVNC Introduction A&SIT Ben Wu 11/04/08.

11 CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11.

Tool Names: 1. VISION 2. PASCO 3. GALLETA. Tool 1 VISION.

Module 1: Configuring Windows Server Module Overview Describe Windows Server 2008 roles Describe Windows Server 2008 features Describe Windows Server.

Unofficial Tools & Utilities Collection of tools developed for in-house use Free ! Use at own risk – no guarantees ! Your money back if you are not satisfied.

Mapping Internet Sensors with Probe Response Attacks Authors: John Bethencourt, Jason Franklin, Mary Vernon Published At: Usenix Security Symposium, 2005.

Network Monitor By Zhenhong Zhao. What is the Network Monitor? The Network Monitor is a tool that gets information off of the host on the LAN. – Enumerating.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

An Intrusion Detection System to Monitor Traffic Through the CS Department Christy Jackson, Rick Rossano, & Meredith Whibley April 24, 2000.

IP VIDEOSURVEILLANCE SOLUTION IP VIDEOSURVEILLANCE SOLUTION First network videosurveillance server, CamTrace has an innovative architecture.

CSCI 1033 Computer Hardware Course Overview. Go to enter TA in the “Enter Promotion Code” box on the bottom right corner.

How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?

Envision Application Examples Horner APG, LLC February 26, 2008.

Guide to MCSE , Enhanced1 Activity 11-1: Using Task Manager to Manage Applications and Processes Objective: To explore managing applications and.

Stay Organized With Nokia X. About Basic Organizing Skills Nokia X features an amazing organizer that has been amply stocked. Though the document viewer.

Computer System and Internet Misuse at the Work Place By: Kris Dimon.

Cryptography and Network Security Sixth Edition by William Stallings.

NetTech Solutions Protecting the Computer Lesson 10.

AQA A2 COMP 3: Internet Security. Lesson Aim By the end of the lesson: By the end of the lesson: Describe different security issues and recommend tools/techniques.

Software - Utilities Objectives Understand what is meant by utility software and application software Look at common utilities – Security – Disk organisation.

Volunteer-based Monitoring System Min Gyung Kang KAIST.

Return to the PC Security web page Lesson 4: Increasing Web Browser Security.

IS3220 Information Technology Infrastructure Security

Scientific Method In eight easy steps. State the problem as a question. 1. Begin with a solid problem. 2. Need to prove it true or false. 3. Choose a.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Top 5 Open Source Firewall Software for Linux User

Managing Secure Network Systems

Network Security Marshall Leitem 11/30/04

Transparent Wireless Authentication For New Wireless Network

Linternals SysInternals for Linux

Active Ports 1.4 ZoneLog.

McAfee Support UK Tel McAfee Support is one of our principal technical assistance facilities to the users of McAfee—a part of the gargantuan.

Day 1: Introduction to Ramp Tools

Welcome to Microsoft Azure for Research Training!

Presentation transcript:

Active Ports 1.4 ZoneLog

Active Ports Overview What it does Where to get it Why use it How to use it Screen Shots Observations Lessons Learned

What Active Ports Does Monitor TCP/UDP activity Maps processes to specific ports Easy to kill processes

Where to get it tml tml

Why use it Live analysis Monitor what systems access the Internet Detect Trojans and other malware

How To Use It Setup and Go

Observations Simple and easy to use Not very robust Little documentation Doesn’t always find the remote IP

Lessons Learned Simple tool for live analysis Must know what should be open

ZoneLog

ZoneLog Overview What it does Where to get it Why use it How to use it Screen Shots Observations Lessons Learned

Where to get it

Why use it Zone Alarm does not have a good log viewer Get a lot more info than Zone Alarm offers

What it does Incident Response Helps interpret Zone Alarm log file Gives information on data being blocked

How to use it Download VB6 runtime files Download application Find ZAlog.txt C:\WINDOWS\Internet Logs

Observations Not all data about attack is true Not all features are useful Activity graph Good documentation

Lessons Learned Lots of harmless traffic Big improvement over ZA log viewer