Presentation is loading. Please wait.

Presentation is loading. Please wait.

Final Project: Advanced security blade

Published byKenneth Boyd Modified over 7 years ago

Similar presentations

Presentation on theme: "Final Project: Advanced security blade"— Presentation transcript:

1 Final Project: Advanced security blade
IPS and DLP blades Roei Ben Harush 2014

2 Agenda 1 2 3 4 IPS DLP About next assignment
How to research malware behavior 4 Roei Ben Harush 2014 2 2 2

3 Agenda 1 2 3 4 IPS DLP About next assignment
How to research malware behavior 4 Roei Ben Harush 2014 3 3 3

4 Intrusion Prevention System - IPS
An IPS monitors network traffic by analyzing the content of the packets Each packet is being examined to check if it contains any malicious content that appears in the signatures database In case a malicious packet is identified and matched to a signature it can raise an alarm or even block the connection if required Basically an IPS searches for attempts to exploit vulnerabilities within the organization by an external attacker IPS might affect network performance since it examines all incoming and outgoing network traffic [Restricted] ONLY for designated groups and individuals

5 Intrusion Prevention System - IPS
An IPS monitors network traffic by analyzing the content of the packets Each packet is being examined to check if it contains any malicious content that appears in the signatures database In case a malicious packet is identified and matched to a signature it can raise an alarm or even block the connection if required IPS might affect network performance since it examines all incoming and outgoing network traffic IPS and it’s brother IDS (differs by protection vs. detection). IPS uses a negative security logic – the signatures says what’s forbidden (blacklisted) as opposed to positive security logic where the security administrator specifically lists what is allowed (whitelist). The IPS is aimed to protect the Application Layer. The downsides of negative security logic: False positive vs. False negative – From the eyes of a company owner, which is worse? Of course a false positive since the one false positive can be a transaction of millions of dollars. [Restricted] ONLY for designated groups and individuals

6 Agenda 1 2 3 4 IPS DLP About next assignment
How to research malware behavior 4 Roei Ben Harush 2014 6 6 6

7 Data Leak Prevention - DLP
Detect: Inform User: Ask User: The users decides if this is a real data leak or a false-positive, everything is logged Prevent: The traffic is blocked [Restricted] ONLY for designated groups and individuals

8 Data Leak Prevention - DLP
Nowadays sensitive data can be easily accessed and transferred DLP monitors data transfer by deeply inspecting and analyzing the data, source, destination and protocol The data can be anything from accounting papers to source code DLP can work in several ways: Detect Inform User Ask User Prevent Detect: Inform User: Ask User: The users decides if this is a real data leak or a false-positive, everything is logged Prevent: The traffic is blocked [Restricted] ONLY for designated groups and individuals

9 Agenda 1 2 3 4 IPS DLP About next assignment
How to research malware behavior 4 Roei Ben Harush 2014 9 9 9

10 Handle a real world vulnerability
In this final project, you’ll have to deal with real-world problem In the IPS part, you’ll ask to make a research about the vulnerability – it’s couse, affect, how does it work etc. After a complete research, you’ll write the protection to the vulnerability. Your firewall will be tested with real exploits! We will see if your protection can stand against real penetration testing framework Roei Ben Harush 2014

11 Handle a real world vulnerability
In the DLP part you’ll have to keep an eye in order to minimize network data leakage risks In order to make it easy for you, we’ll support only http and smtp text You’ll have to protect your organization's source code by recognizing source code being sent through http (get, post) or smtp Again, you’ll have to research yourself the methods to support, learn and protect Roei Ben Harush 2014

12 Agenda 1 2 3 4 IPS DLP About next assignment
How to research malware behavior 4 Roei Ben Harush 2014 12 12 12

13 Popular sites for vulnerabilities
You can find useful information in the following websites Roei Ben Harush 2014

14 Learn about SQL injection
Roei Ben Harush 2014

Download ppt "Final Project: Advanced security blade"

Similar presentations

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.

Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering

Department Of Computer Engineering
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.

IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Brad Baker CS526 May 7 th, 2008 5/7/2008 1. 1. Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

Similar presentations

Ads by Google