Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 1 Real World Incidents Spring 2016 - Incident Response & Computer Forensics.

Published byAlexander Pitts Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 1 Real World Incidents Spring 2016 - Incident Response & Computer Forensics."— Presentation transcript:

1 Chapter 1 Real World Incidents Spring 2016 - Incident Response & Computer Forensics

2 What is an Incident?  Event: An observable occurrence in a system or network. --NIST  Incident: Violation or threat of violation of computer security policies, acceptable use policies, or standard security practices. --NIST

3 What is Incident Response?  Confirm whether or not an incident occurred?  Provide rapid detection  Determine and document the scope  Prevent a disjointed, non-cohesive response  Minimize disruption  Minimize damage  Restore normal operations  Allow for criminal or civil actions against perpertrators  Educate  Close loopholes

4 Case Study #1  Used SQL injection vulnerability  Webserver was located in a DMZ  Executed commands on the backend database system  Carried out extensive reconnaissance  Implanted a backdoor  Extracted and cracked password has for local administrator account on internal DB server  Thus, gained accesses to most systems  Installed keystroke-logging malware  Obtained password hashes from multiple systems belonging to administrators

5 Case Study #1  Found passwords for all users on the domain in a domain controller  Implanted more than 20 backdoors  With malware, modified the executables to avoid antivirus detection  The malware family allowed the attacker full control over the victim system, file upload/download capabilities, etc.  Stole data on many occasions  Found where sensitive networking documentation was stored  Found information on where financial data are stored

6 Case Study #1  Established RDP connections  Used FTP to download data  Also installed backdoors to transfer data  Used data compression techniques to avoid detection  Few months later discovered the jump server (the only system that can access sensitive resources)  Carried out reconnaissance on financial environment  Detected 90 systems that processed or stored credit card information  Proxied traffic from the jump server to mail server (since the latter had direct internet access)

7 Case Study #1  Executed pslist to find out running processes  Dumped memory contents of multiple processes  Found unencrypted cardholder information  Over three months, downloaded millions of instances of cardholder data from all 90 systems  About 10 months after the attacker breached the system, a sys admin noticed that the mail server communicating over TCP port 80 with an IP address in a foreign country

Download ppt "Chapter 1 Real World Incidents Spring 2016 - Incident Response & Computer Forensics."

Similar presentations

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.

How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Security Guidelines and Management

Security Guidelines and Management
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.

Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.

Similar presentations

Ads by Google