Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Persistent Threats

Published byDwight Bennett Modified over 7 years ago

Similar presentations

Presentation on theme: "Advanced Persistent Threats"— Presentation transcript:

1 Advanced Persistent Threats
Top Strategies for Detecting & Combating Advanced Persistent Threats MENA ISC 2012 Mr. Raed Albuliwi Vice President ANRC LLC. TRAINING :: CONSULTING :: SOLUTIONS

2 Top Strategies For Dealing With APT’s Summary
Top Strategies for Detecting & Combating Advanced Persistent Threats: Agenda Introduction APT’s APT Walkthrough Top Strategies For Dealing With APT’s Summary

3 Top Strategies for Detecting & Combating Advanced Persistent Threats: Introduction
Who Are We? ANRC delivers advanced cyber security training, consulting and development services to clients world-wide. We tailor our service offerings to provide cyber security solutions that address specific goals. Our approach emphasizes a close relationship with our clients as an integral part of our service offerings. We’re in the process of expanding our company into the Middle East region, most recently sponsoring Black Hat Abu Dhabi 2011 and appearing here at the MENA ISC conference.

4 What’s an Advanced Persistent Threat (APT)?
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats What’s an Advanced Persistent Threat (APT)? APT’s are used in cyber threats (or cyber attacks) Advanced The network intruder has sophisticated cyber capabilities. They can breach extremely well protected networks, and maintain long-term access using custom developed tools and exploits. This attacker targets sensitive information and is well funded and resourced. Persistent Even if you find evidence of an intrusion and attempt to remove infected or compromised systems, this attacker has embedded themselves deep into your network and can regain their presence through backup communication methods. Normal COTS solutions will not keep this adversary out. Threat The attacker knows the network contains vital information and has the ability to leverage resources to eventually compromise the security infrastructure. When the term Advanced Persistent Threat (APT) is used in the context of cyber threats (or cyber attack) each component of the term is relevant. Advanced - The hacker has the ability to evade detection and the capability to gain and maintain access to well protected networks and sensitive information contained within them. The hacker is generally adaptive and well resourced. Persistent - The persistent nature of the threat makes it difficult to prevent access to your computer network and, once the threat actor has successfully gained access to your network, very difficult to remove. Threat - The hacker has not only the intent but also the capability to gain access to sensitive information stored electronically.

5 What’s an Advanced Persistent Threat (APT)?
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats What’s an Advanced Persistent Threat (APT)? Where do APT’s lie in spectrum of Cyber Threats? APT Ongoing Normal – The network is connected to the internet and is exposed to automated vulnerability scanning of entire subnets. There is no direct threat. Directed – The network is being scanned on a repeated basis. At this point this is still automated scanning however someone is interested in the network. Targeted – The network is being actively probed manually by an intruder. They are actively probing the subnet and exposed services such as web apps looking for quick ways into the network. The attacker is not sophisticated and using publicly available tools and exploits to conduct this recon and attack. Your COTS solutions should be able to defend you at this level. Active – The intruder has the ability to compromise a host within your network however they cannot maintain access. Using publicly available malware to infiltrate the network their presence is quickly located and neutralized by your security solutions. Your network has been actively breached but this breach does not result in the loss of any valuable information. Ongling – The attacker can repeatedly intrude into your network and maintain short-term presence on the network either on single or multiple hosts. The attacker is using modified versions of publicly available malware and exploits to complete the intrusion. You are able to identify the attacker’s presence on the network and keep them away for short periods of time. Your COTS security solutions are able to protect you at minimum levels. APT- Your network is compromised by a sophisticated adversary who has the ability and resources to maintain long-term access to your infrastructure. The attacker is using custom develop malware, tools and exploits specifically targeting your company’s network. Despite being able to locate evidence of an intrusion you are unable to keep this adversary out of the network. Your COTS solutions are meaningless at this point. Your networks are leaking vital information. Active Targeted Directed Normal Automated “Script Kiddie” Hacker Groups Cyber Criminals Extremely Capable

6 Walkthrough of a publicly reported APT.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Walkthrough of a publicly reported APT. The Wall Street Journal recently reported on an intrusion into the Chamber of Commerce that serves as a good example. This specific intrusion demonstrates a typical life cycle for an APT. Social engineering coupled with a zero day targeting a vulnerable client side application (Microsoft Office / Adobe Reader / Internet Explorer / Windows OS vulnerability ..etc.) enables the intruder access into the network and compromise a single host. Using custom developed malware and tools intruders are able to evade COTS security solutions. The long-term access allows them unfettered access eventually to the whole network through the acquisition of the Administrator passwords. The intruders move throughout the network looking for the information they were tasked to acquire. Finally using a network of more than 300 “outposts” they offload the stolen information for month at least 7 months undiscovered. Even when they are discovered and the entire network is shutdown, repaired and brought back online they still find “suspicious” activity on their network. Despite all this the network is likely still compromised and actively targeted by the intruders. Image from online.wsj.com

7 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. APT reconnaissance: Open source research. The APT intruders mentioned in the WSJ article did their homework prior to launching the sophisticated attack on the Chamber of Commerce. Using open source research methods, they gathered publicly available intelligence on who to send s to and what information to put in them to increase the likelihood of the user opening it. How much information is available about your organization online? Successful attacks using information from an organization’s own website include: An attacker downloading an IT account request form, filling it out and sending it in. Company templates, documents that allow for “real” looking s. Company directory of addresses, individuals’ names, their positions in the company and organizational structure. There is a wealth of information available for sophisticated individuals who understand the inner workings of your company. By using publicly available information, these APT intruders can gather enough information to zero in on the target network and users who may be near that network. Things as simple as your company’s website become tools for the APT attackers mount a successful attack. Some organizations have blindly uploaded network configuration diagrams showing the inner workings of their enterprise infrastructure or VPN authentication credentials for employees.

8 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. Strategy: Identify public critical information and limit / remove it. We see it countless times. Companies put too much information about their organizations online, making this information publicly available to everyone. If critical information needs to be public then assume it will be used for a targeted attack and adjust your security posture accordingly. Critical information includes: employee forms, names / addresses, banners and logos, signed documents …etc. If your company needs to have this information out in the open on the Internet, then understand the risks that it poses and adjust your security posture to meet these requirements. Individuals with their names, addresses, titles …etc. are primary targets for spearphishing attacks. Limit your attack surface if you can.

9 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats An APT campaign is the result of a long-term research effort. IP addresses scanning and scraping your subnets may indicate that you are under surveillance. (Be concerned about physical security as well.) Employ COTS solutions to generate massive amounts of logs. Data mining solutions exist but you need a skilled analyst to sort through them. As an alternative you can outsource a network defense solution. Strategies for detecting and combating APT’s. Strategy: Monitor your Internet-facing network infrastructure. 111 Any systems connected to the Internet provide information, whether intentional or not, to a potential adversary. An APT campaign starts here and limiting your attack surface should begin here as well. If your not investing in a COTS solution to log this data and analyzing it, your missing out on potential surveillance being conducted. As a premier method for maintaining network cognizance and situational awareness of your networks activity you can outsource this task to companies that specialize in Network Defense Solutions.

10 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. APT primary initial access vector: “Spearphishing” “Spearphishing” continues to be the primary method used by APT’s to penetrate hardened networks. “Spearphishing” targets an organization’s users by leveraging Social Engineering techniques. Bottom line: If an attacker spends enough time and research targeting an individual or organization, they can craft the perfect that will fool anyone into opening an attachment or following a link. Spearphishing continues to be the primary method used by APT’s to penetrate hardened networks. It’s a tried and true method for circumventing the strongest network security infrastructures. By targeting the users not the technology, attackers can greatly increase the effectiveness of an APT campaign against your organization. All they need is for one person to open the targeted or click the malicious link in order to gain an initial foothold on your network. Image from online.wsj.com

11 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. Strategy: User education is paramount. “Spearphishing” is more difficult to repel using spam filters because it is not aimed at many users (like most spam campaigns). Instead, they target specific users, utilizing information gathered from open source research. They directly ask you for data ("please send me your password") by impersonating an official such as your IT department lead. They want you to click a link (“Watch this video on YouTube about the idiot that hurt himself!"). They want you to open an attachment or forward an attachment. Top strategies for combating spearphishing is two-fold: first and foremost is user education. The APT target for this intrusion method is your own employees. If your organization does not employ computer security guidelines and best practices along with periodic training and audits then you are greatly increasing the risk of becoming susceptible to this type of attack.

12 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. Strategy: Leverage existing technology. servers should be configured to filter executable content. Sending s to SPAM folders is worthless if users can get them. Implement a sandboxing solution for client apps (Browsers, Clients). This allows user to open suspicious s in a confined area without exposing the user’s desktop environment to attack. The other top strategy is to leverage your existing technology to work for you against the spearphishing attempts. servers should include aggressive filters to limit attachments that are not required for you to conduct your daily business activities, for example executable content. In conjunction with filters you should be employing a COTS anti-virus solutions to scan these attachments for the low hanging fruit of malware. (We’ll see later how the APT attackers use custom malware to bypass these security mechanisms). Image from

13 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. APT gaining an initial foothold: Exploiting the target computer. Getting the user to click a link or open an attachment is only the first step. The attacker requires a method for allowing the execution of trojan horse malware to be installed onto the victim computer (more on this later). This is accomplished by circumventing a specific application or operating system vulnerability using an exploit. Typically in an APT scenario, these exploits are “zero”-day or unknown to the public and have no protection. Exploitation of the host is nearly guaranteed. Sometimes APT attackers use exploits against recently patched vulnerabilities (1-day exploits) Because it takes time to patch vulnerable systems. Top targeted client software: Microsoft Office Suite, Adobe Products, Browsers (Internet Explorer and Firefox) and even the Windows Operating System itself. So an APT intruder has done the recon and crafted the perfect along with a malicious link or attachment. Without taking advantage of a vulnerability, getting code execution of the target is going to be difficult. To accomplish this feat APT attackers add to their arsenal exploits that take advantages of known and unknown vulnerabilities in client software or the operating system itself. Well-funded APT campaigns might have a dedicated group of individuals whose sole responsibility is to find these unknown vulnerabilities in order to guarantee exploitation of the remote computer system. These zero-day vulnerabilities and exploits are sold on the cyber black market for large sums of money, sometimes in the tens of thousands of US dollars. Even 1-day exploits have their uses in an APT campaign. Just because a vulnerability has been published by a software vendor, doesn’t necessarily mean that all potential targets have updated their systems. APT intruders will use combinations of these exploits to gain a foot-hold on a target system.

14 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. Strategy: Enterprise patch management solutions. Your organization should be employing an enterprise patch management solution capable of testing and rolling out updates rapidly against all of your software. APT intruders also leverage vendor security bulletins and patch updates for researching and developing 1-day exploits. If you’re not paying attention to these vendor updates, rest assured your adversaries are. Typical Process: Monitor for Release/Advisory, Evaluate (if no patches are available yet, develop a shield or workaround), acquire patch, prioritize and schedule, test and approve the patch, create and test deployment package, deploy, confirm deployment, cleanup package, document update baseline. Protection against known vulnerabilities rests solely on a vendor getting a patch out as quickly as possible to its customers where it can be tested properly before being rolled out using an Enterprise Patch Management Solution. By not taking advantage of vendor patches you are greatly exposing your network to an APT intruder’s ability to field a working exploit. Your organization should also have a tried and tested method for deploying updates across the enterprise. A typical procedure is outlined above, but this should be tailored to suite your organizations operational environment and production needs.

15 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. Strategy: Employ anti-zero day technology. APT’s largely target a host with a zero day assuming little or no host protection. By using specifically developed zero-day detection technology, organizations can effectively protect against this intrusion vector using the assumption that attackers cannot exploit what they don’t know about and are not expecting. APT RI SK The second top strategy is to employ anti-zero day technology. APT attackers craft their exploits targeting the vulnerabilities in client software or the operating system itself. Sometimes these vulnerabilities are unknown, or “zero-days”. If your organization can invest in an anti-zero day protection system then you can harden your hosts and networks against these types of exploits. APT intruders can only attack what they know about and are not expecting unique security solutions to be deployed on a target network. You can significantly tip the advantage in your favor against successful exploitation using this method of defense. 0-DAY ADVISORY VENDOR PATCH CREATED PoC PATCH MADE PUBLIC DEPLOYED TIME

16 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. APT gaining access to the network: Custom tools & malware. Once the victim’s computer has been successfully exploited and the payload executes, malware (malicious software) is executed. In the Chamber of Commerce attack, chances are there was an anti-virus with recently updated signatures running on the host, yet the attacker was able to successfully bypass this protection mechanism and gain access to the host. Another key difference in the APT threat is their ability to develop malware that is capable of evading detection from common security solutions. In some instances, if evasion is not possible the malware will attack the anti-virus itself. There is an underground market for selling security bypass techniques for malware, and well-funded APT campaigns have acquired or developed them. APT campaigns will make use of malware and tools that have been tested against popular anti-virus products in order to bypass this front-line security mechanism. APT’s differ greatly than other groups in their ability to develop and test their own hacking tools and malware. Being well-funded has its advantages and having tools that can bypass standard security solutions is a key differentiator between this threat and others.

17 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. Strategy: Computer forensics and intrusion analysis. Every organization should be able to conduct a forensics investigation at a basic level. For APT intruders, however, chances are you will need to defer to intrusion experts who specialize in finding the infected hosts, servers, routers …etc. Persistence is the key differentiator between APT’s and other intrusions. These attackers embed themselves deep within a network to maintain long-term access. Hacking tools are left behind either as binaries on disk or resident only in memory. To identify these tools there are forensic techniques that include auditing your network for only authorized and digitally signed software. For memory resident only tools and malware you will have to extract the rogue process running in memory and reverse engineer it to understand the code. Additionally, thorough network traffic analysis of your subnets will highlight suspicious connections and traffic entering and leaving your organization via the Internet. Find the programs that are communicating to find more potentially infected hosts and locations APTs are persistent in. Every organization should have an incident response team(s) capable of performing a basic forensics of infected host(s) and gathering unknown and suspicious binaries and restoring these systems back to a preconfigured baseline. For APTs however, chances are they are embedded not only on the single exploited host, but have moved laterally throughout the network, infecting more hosts and servers, gathering passwords and information to further propagate throughout the network. First and foremost monitoring network traffic analysis of the infected subnet(s) should help you to locate the exploited host(s). Searching for suspicious connections originating to and from the Internet to these hosts should point you in the right direction. Once you have a idea of which systems to investigate further, search for suspicious connections, services, programs and processes running that don’t belong. Using the concept of auditing unknown binaries should help you here. Look for programs that don’t appear in your baselines and that are not digitally signed by a legitimate vendor (ex. Microsoft). For memory resident one rogue processes you will have to forensically dump the memory of the infected program and send it for malware analysis and reverse engineering in order to get to its true nature. Using what you learned at this point you can deploy signatures and scripts to scan the rest of your network looking for similar programs. This should give you a good idea of how deep the APT intruders have burrowed into your network.

18 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. Strategy: Malware analysis. Malware analysis is one of the most sophisticated fields in the computer security arena. By reverse-engineering malware and tools left behind by an attacker, an organization can greatly increase its defense against an APT threat by understanding their tools at a low level. Malware analysis can feed your existing computer security solutions in terms of unique signatures, indicators and provide your security team with the ability to detect and protect against similar attacks. Malware analysis also aids in getting a “feel” for what the APT campaign is targeting and is a first step at determining attribution for who might be conducting the attack. Having a malware analysis capability either internally, or outsourcing one, is paramount in being about to defend against existing threats and protect against future ones. Organizations that are under an APT attack require a malware analysis capability. Forwarding malware to an anti-virus vendor for signatures is not going to keep an APT intruder out of your network. Instead you need to understand their tools and techniques, drawing on their technical sophistication to find attribution and defend against future attacks. Malware analysis can also help you locate other systems compromised on the network that you might not already know about. Finally malware analysis incorporates a unique offering in being able to feed your existing COTS security solutions through unique signatures and indicators.

19 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. Strategy: Continuous analysis should feed your defense systems. 2. Find infected hosts, servers, routers …etc. 3. Conduct forensics, intrusion and malware analysis. 4. Develop mitigation strategy using what you learned. 5. Deploy network detection signatures to IDS/IPS and scan devices and hosts across the Enterprise. 1. Monitor network traffic and hosts for suspicious activity. APT STRATEGY Your intrusion and malware analysis efforts directly feed into your APT mitigation strategy which results in locking down the intruders and finding other locations where they have burrowed themselves. The goal here is to use your existing network defense systems to their maximum potential!

20 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. APT propagating throughout the network: Finding the goldmine. Chances are the host exploited by the APT intruder doesn’t have the information they are looking for. Using tools they download into the network, they will eventually deploy sniffers, password extraction utilities and escalate to Administrator or Root level credentials. With these newfound credentials, it won’t be long before these adversaries login to enough routers, data warehouses and servers to locate the information they desire. At what point does your network security policies alert you to this suspicious and unauthorized activity? The APT adversary is interested in information, whether that be source code, technical schematics, proprietary company trade secrets, credit cards, formulas …etc. How protected is this information in your organization? If your network is rigorously monitored and configured properly, a single host compromise is not likely going to lead to your entire network becoming susceptible to the APT intrusion. APTs

21 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. Strategy: Implement and execute network security auditing. 2. Track all users and administrator activity. 3. Identify security holes in your existing policy and unauthorized accesses. 4. Determine causes of attempted access violations. 5. Proactively investigate and prevent all security violations. 1. Develop and satisfy Org. specific security policies. APT STRATEGY In the case of the Chamber of Commerce intrusions, the APT attackers were able to acquire Administrator level credentials for the network, thereby allowing unhindered access across the entire network. At what point was the network administrators implementing a sound security auditing policy? Understand where your critical information is being warehoused and keep careful controlled access of who has the credentials to see the information. Log all authorized and unauthorized access of this information.

22 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. APT getting the data out: Phoning home. Once the data store has been located the intruders will need to get information out of the network as covertly as possible. Sometimes APTs use standard ports and services (ex. WWW, 80, 443) other times they might use non-standard ports. Your network filtering, routing rules and access control lists (ACLs) should prevent non-standard traffic from leaving your network. Most likely, APTs will leverage encryption (SSL or other) over a standard port (443) to transfer the stolen data to their remote server. Connections to unknown or suspicious IP addresses passing large amounts of enciphered or encrypted data should be a clear indicator that a theft is taking place. Are your organization's network security policies and configurations equipped to report this anomalous information? All of the efforts used by APTs to get to the data will all be for nothing if they cannot get the data out of the target network unnoticed. Remember, the goal of the APT is to maintain a long-term presence on the network, slowly leaking stolen information while remaining hidden. How do they accomplish this? Likely they will use encryption and transfer the data over standard ports 80/443 which they know will not be firewalled off. Your organization should however be in a position to flag suspicious connections to IP addresses sending large amounts of encrypted or enciphered data to unknown IP addresses.

23 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. Strategy: Employ network anomaly detection systems. Network anomaly detection systems can “bubble to the top” suspicious connections leaving your network. The downside to these systems is you need a skilled network traffic analyst capable of digesting the data. Is it a false positive or do you really have an active intruder present within your network? As mentioned earlier, there are companies than can monitor your network for anomalies and report these events to you in near real-time. Anomaly detection systems when configured properly can alert you to an intruder operating within your network but the downside is you need a skilled network traffic analyst monitoring the logs in near real-time to make use of these devices.

24 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. Summary Identify critical information available to the public and limit / remove it. Monitor your Internet-facing network infrastructure. User education is paramount. Leverage existing technology. Use an Enterprise patch management solution. Employ anti-zero day technology. Employ computer forensics and intrusion analysis (incident response). Understand the threat, use malware analysis reporting. Continuous analysis should feed your defense systems. Implement and execute network security auditing. Employ network anomaly detection systems.

25 Strategies for detecting and combating APT’s.
Top Strategies for Detecting & Combating Advanced Persistent Threats: Advanced Persistent Threats Strategies for detecting and combating APT’s. Questions Contact Information: Mr. Raed Albuliwi Vice President, ANRC LLC.

Download ppt "Advanced Persistent Threats"

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Network security policy: best practices

Network security policy: best practices
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Topic 5: Basic Security.

Topic 5: Basic Security.

Similar presentations

Ads by Google