We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAyanna Bleakley
Modified about 1 year ago
Signature Actions Non Aggressive Actions Produce Alert Produce Verbose Alert Log Attacker Packets Log Victim Packets Log pair Packets Request SNMP trap Aggressive Actions Deny Packet Inline (Single) Deny Connection Inline (udp/tcp) Deny Attacker Inline (S/IP) Deny Attacker-Victim pair Inline (S/IP & D/IP) Deny Attacker-service pair Inline (S/IP to D/Port) Reset TCP Connection Request Block Connection Request Block Host Request rate Limit Modify Packet Inline Risk Rating Potential Damage Target Asset value Signature Accuracy Attack Relevancy Clues from Others ASR TVR SFR/PD ARR/OS WLR (CSA) ASR = Attack Severity rating Info (25) Low (50) Med (75) High (100) TVR = Target Value rating Zero (50) Low (75) Med (100) High (150) Critical (200) SFR = Signature Fidelity rating (0-100) PD = Promiscuous delta (0-30) minus value ARR = Attack Relevancy Rating Relevant (10) unknown (0) Not relevant (-10) WLR = watch List rating (0-100) RR= (ASR*TVR*SFR/10000) +ARR –PD +WLR Signature Parameters Event Action Overides Based on RR category Add actions Event Action Filters Based on RR category & others Delete actions Common Signature Parameters Signature ID SubSig ID Alert Severity (H,M,L,I) Sig Fidelity (0-100) Promis delta (0-30) Sig Name TO FIRE THE SIG Event Count Event count Key AaBb Interval TO GENERATE ALERT Summary Mode Summary Key AaBb Summary Threshold Global Summary Threshold Summary Interval Enabled/Retired Specific Signature Parameters Atomic IP Engine Parameters IP Addr Options IP Payload length TCP Mask urg,ack,psh,rst,syn,fin TCP flags urg,ack,psh,rst,syn,fin
Summary Key XXXX AaBb Aa=Attack Bb=Victim Uppercase=IP Lowercase=port 0 60 secs TRAFFIC secs TRAFFIC secs TRAFFIC Matches = 100 alerts 160 Matches = 150 alerts 320 matches = 150 sec Generate sec Generate Global Summary Criteria Sig ID = Summary Mode: Fire All Summary Threshold: 150 Global Summary Threshold: 300 Summary Interval: 60
TCP Header U A SF MASK = ASF Flags = SF11
False Positive = TOO SENSITIVE (Increase accuracy../cmd.exe rather than../) False Negative = INSENSITIVE (Decrease accuracy../ rather than../fred.txt/home/)
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Denial-of-Service and Resource Exhaustion Nick Feamster CS 7260 April 2, 2007.
© 1999, Cisco Systems, Inc. 1-1 Securing Routers Against Hackers and Denial of Service Attacks Lou Ronnau
UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls.
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
CTT Corp. Derechos reservados CHANNEL READINESS PROGRAM FOR CISCO PARTNERS Selling Cisco SMB Solutions Advanced Security Selling SMB Solutions.
CWSP Guide to Wireless Security Passive Wireless Discovery.
Intrusion Detection/Prevention Systems Charles Poff Bearing Point.
Computer Networks with Internet Technology William Stallings Chapter 08 Internet Protocols.
© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public ROUTE v6 Chapter 5 1 Chapter 5: Implement Path Control CCNP ROUTE: Implementing IP.
Advanced Flooding Attack on a SIP Server Xianglin Deng, Canterbury University Malcolm Shore, Canterbury University & Telecom NZ.
IP Security Nick Feamster CS 6262 Spring IP Security have a range of application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
For trusted, first class interactive communications.
Network Security Workshop BUSAN 2003 Saravanan Kulanthaivelu
Attacks and Defenses Nick Feamster CS 4251 Spring 2008.
INTRUSION DETECTION SYSTEM Implementation of an all-in-one IDS machine Professor: Massimiliano RakStudent: Pasquale Cirillo Matr.: A18/45.
Florida State UniversityCOP Advanced Unix Programming Raw Sockets Datalink Access Chapters 25, 26.
Network Monitoring and Security Nick Feamster CS 4251 Spring 2008.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 8 City College.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
© AT&T Inc Detection of DNS Traffic Anomalies Anestis Karasaridis, PhD,CISSP.
© 2013 Infoblox Inc. All Rights Reserved. Tim Connelly, Manager, Systems Engineering Tim Connelly, Manager, Systems Engineering.
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Security for Developers Threat Modeling and the Security Development Lifecycle Steven Borg & Richard Hundhausen Accentient, Inc.
Mitigating Layer 2 Attacks Securing Layer 2 Access.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Nathan Labadie Systems Engineer, US-Central FireEye.
1NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. NETWORK BASED APPLICATION RECOGNITION Tim McSweeney Product Manager, QoS Internet Technologies.
An Operational Perspective on BGP Security Geoff Huston February 2005.
© 2016 SlidePlayer.com Inc. All rights reserved.