Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Attack Detection and Infrastructure Protection Sean Ensz –OU IT Security Analyst Sallie Wright –OSU IT Security Officer Dr. Mark Weiser –OSU Director.

Published byScot Jordan Modified over 9 years ago

Similar presentations

Presentation on theme: "Advanced Attack Detection and Infrastructure Protection Sean Ensz –OU IT Security Analyst Sallie Wright –OSU IT Security Officer Dr. Mark Weiser –OSU Director."— Presentation transcript:

1 Advanced Attack Detection and Infrastructure Protection Sean Ensz –OU IT Security Analyst Sallie Wright –OSU IT Security Officer Dr. Mark Weiser –OSU Director of CTANS

2 Agenda Technical Overview – Sean Ensz Production Benefits – Sallie Wright Research Benefits – Dr. Mark Weiser

3 Technical Overview Core system based on a Honeynet design –A Honeynet is a network of honeypots –A honeypot is an information system resource whose value lies in illicit use of that resource –A honeypot has no legitimate users –Any traffic going to and from the system in inherently suspicious *Source: www.honeynet.org

4

5

6 Future Improvements Honeywall –Needs better hardware & network driver support –Beta version to be released today Host based logging –Currently relies on Sebek –Lacks host log and process tree support –Working with Third Brigade to develop a honeypot version of their product

7 Production Benefits

8 No real security Program WIDE OPEN IT Security Office Policy Focus Central Anti-virus IDS Border Firewall IT Security Plan LaBrea Tarpit Anti-Spam Intrusion Prevention System AIPS 2000 2001-2002 2003-2004 2005 OSU IT Systems Security Evolution

9 AIPS Production Benefits Identification of malicious hosts Ability to block at the border of Oklahoma’s OneNet state-wide network

10 Collaboration A key benefit is the ability to provide academic programs with tools to research Develop new ways to strengthen overall IT security.

11 Production Goal To contain and prevent intrusions while providing the data Flow analysis to tune the IT security process.

12 Research Benefits

13 How This May Be Extended –Future Research –Related Endeavors

14 Day Zero Signature Existing Signatures Candidate Detects HN Design Attacks HN Wild Attacks Day Zero Signature AI/Neural Nets Other Methods Validation

15 MiddleWare Honeynet “Solution” Platform-neutral Solution (file) Middleware Router Description / Access Information Router/ Firewall

16 Basic Near-Real-Time Activity Detector Low-cost log gathering w/ local analysis Central Cumulative Analysis Trigger points distribute alerts to subscribers

17 Sean Ensz ensz@ou.edu Sallie Wright sallie.wright@okstate.edu Dr. Mark Weiser weiser@okstate.edu

Download ppt "Advanced Attack Detection and Infrastructure Protection Sean Ensz –OU IT Security Analyst Sallie Wright –OSU IT Security Officer Dr. Mark Weiser –OSU Director."

Similar presentations

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.

Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003.

ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Department Of Computer Engineering

Department Of Computer Engineering
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.

Lesson 7 Intrusion Prevention Systems. UTSA IS 3523 ID & Incident Response Overview Definitions Differences Honeypots Defense in Depth.

Similar presentations

Ads by Google