 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
Enabling Distributed Security in Cyberspace Strengthening the Cyber Ecosystem April 2012.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
153 Brooks Road, Rome, NY | | 153 Brooks Road, Rome, NY | |
Fundamentals of Computer Security Geetika Sharma Fall 2008.
© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Stephen S. Yau CSE , Fall Security Strategies.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Introduction to Network Defense
Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Cutlip & Center's Effective PUBLIC RELATIONS
SEC835 Database and Web application security Information Security Architecture.
Chapter 6 System Engineering - Computer-based system - System engineering process - “Business process” engineering - Product engineering (Source: Pressman,
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.
1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.
CSC8320. Outline Content from the book Recent Work Future Work.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Event Management & ITIL V3
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Active Security Ryan Hand, Michael Ton, Eric Keller.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)
Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks
Network security Product Group 2 McAfee Network Security Platform.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Security Vulnerabilities in A Virtual Environment
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Role Of Network IDS in Network Perimeter Defense.
Overview of Network Security. Network Security2 New Challenges 1.Security does not focus on a “product” only; it is a process and focuses on the whole.
Module 3 l Objectives –Identify the security risks associated with specific NT Services –Understand the risk introduced by specific protocols –Identify.
IS3220 Information Technology Infrastructure Security
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Financial Sector Cybersecurity R&D Priorities The Members of the FSSCC R&D Committee November 2014.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Cybersecurity - What’s Next? June 2017
Network Security Basics: Malware and Attacks
Introduction to the Federal Defense Acquisition Regulation
Detection and Analysis of Threats to the Energy Sector (DATES)
Wenjing Lou Complex Networks and Security Research (CNSR) Lab
I have many checklists: how do I get started with cyber security?
PROACTIVE SNOOPING ANALYSIS
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
Panda Adaptive Defense Platform and Services
Chapter 4: Protecting the Organization
Coordinated Security Response
FIREWALL.
Presentation transcript:

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia

What is an Ecosystem?  Definition  Functional Units  Relationships  Balance  Comparison with Cyber Space

Biological Ecosystems  The system is closely related  The balance is always maintained  Relationships are well defined  Monitored by nature Source:

 Evolution of the Cyber Ecosystem

A typical Network Diagram Source:

What is a Cyber Ecosystem?  Entities in network are not merely considered in isolation  Each member has a specific goal  Each member is related to every other member in one way or the other  Processes are important  Anticipate and prevent attacks  Limit the speed of attacks across devices  Recover to a trusted state

What is a Cyber Ecosystem?  Devices has a level of built in Security  Automated responses  Immunity

Malware Ecosystem  Each member in the ecosystem has a specific purpose  Each of the members respond to the behaviour of other members  Automated upto an extent  Monitoring the whole process

Building Blocks  Automated Course of Actions  Pro-active responses  Speed of response matches the speed of attacks  Being able to decide on solutions based on historical data  Sharing of Information at different levels from local to global  Rapid learning procedures  Communications guided by policy rather than constraints  High levels of collaboration and interoperability  Authentication

Types of Attacks  Brute force attacks  Malware  Hacking attempts  Social Engineering  Insiders  Physical loss and theft

Monitoring  Monitoring forms one of the foundations of the Cyber Ecosystem  Informs about anomalies so that proper countermeasures can be taken  Does not always happen at the system level contrary to standard device monitoring

Business Process Monitoring  Holy grail of monitoring systems  Highest level of abstraction  Generally related to long running transactions  Can serve as a ready metric for overall success of the system  Can only detect problems post their occurrences  Uses complex business logic  Goal: To maintain business continuity

Functional Monitoring  Lower level than Business Process Monitoring  Granularity limited to a single application or node in a distributed architecture  Goal: To assess the availability as well as performance of a system  Generally done by bots running scripts on individual systems  Incapable of deciding on countermeasures

Technical Monitoring  Monitoring as a typical system administrator understands  Lowest level of monitoring and responsible for individual pieces of software  Subsystems are considered in isolation and has nothing to do with their contribution to the system  Ideal place for designing incident response since the monitoring system is aware of how to modify behaviour of individual subsystems.

Intelligence and Experience Gathering  Currently lacking in existing systems  Could be based on statistical models and data modeling  Should become more accurate based on experience  Should be able to heuristically identify attacks  Could put up some defence against 0 day attacks

 Okay!! I got attacked… Now what??!!

Incident Response  Targets for restoring the balance of the ecosystem just like its biological brother  Either filter it out or sacrifice parts of the system to facilitate containment  Not an isolated process. There are lots of loopbacks to the monitoring  Dynamically adjusts itself to adjust response based on current monitoring data

How does everything fit together?  It is a continuous process  Dynamic  Historical data is important  Business continuity important  The goal of the attacker might not be the epicenter of the attack Source:

Incident Response - Implementation  Firewalls  Intrusion Detection and Prevention Systems  Log servers  Configuration Management Servers  Offline resources like Debuggers

Desired Cyber Ecosystem Capabilities  Automated Defense Identification, Selection, and Assessment Authentication  Interoperability  Machine Learning and Evolution  Security Built in  Business Rules-Based Behavior Monitoring  General Awareness and Education

Desired Cyber Ecosystem Capabilities  Moving Target  Privacy  Risk Based Data Management  Situation Awareness  Tailored Trustworthy spaces

Where we stand…  The ecosystem is far from automated. We have a long way to go  Triangulating automated decisions are complicated. Most of the processes are manual and will probably remain so in the near future  The weakest link is generally the End Users  Insiders can cause havocs  It is always about the financial incentive of being able to build a proper ecosystem.

References  Developing a healthy cyber ecosystem,  Enabling Distributed Security in Cyberspace,  Cybersecurity Ecosystem – The Future? ecosystem-the-future/54390/ ecosystem-the-future/54390/  Enabling Distributed Security in Cyberspace, 0April%202012%20MSU%20ras.ppt 0April%202012%20MSU%20ras.ppt

Questions?? Source:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.