Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Intrusion Responder Program

Published byWilfrid Wilkinson Modified over 5 years ago

Similar presentations

Presentation on theme: "Network Intrusion Responder Program"— Presentation transcript:

1 Network Intrusion Responder Program
Gateway ECTF Network Intrusion Responder Program NITRO SA Timothy Reboulet U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

2 U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

3 NITRO- a set of skills to conduct a successful network intrusion investigation that adheres to a formal methodology to ensure the admissibility of evidence in court, and the apprehension of the intruder. U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

4 Target Nieman Marcus Schnucks U.S. Department of Homeland Security
United States Secret Service 11/13/2018 Timothy R. Reboulet

5 U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

6 Types of Network Intrusion -Denial of Service (DoS)
-Malicious Code (virus, worm, Trojan Horse) -Unauthorized Access -Inappropriate Usage -Multiple Component U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

7 Traditional crime vs. Technology Based crime -Bank Robbery vs. Hacking
-Credit Card Theft vs. Credit Card Theft Online Fraudulent calls vs. Phishing U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

8 Networks Head Office Remote User Regional Office U.S. Department of
Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

9 -Intruder (advanced, intermediate, beginner) -Insider
Attacker Profiles -Intruder (advanced, intermediate, beginner) -Insider U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

10 -Social or Political Agenda -Espionage -Terrorism
Attacker Motivations -Money -Entertainment -Fame and Recognition -Social or Political Agenda -Espionage -Terrorism U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

11 Opportunistic vs. Targeted Attacks
-Opportunistic (POS, Mass Malware, SQL injection) -Targeted (APT-style attacks, State-sponsored espionage, SCADA attacks) U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

12 Stages of a Breach -Reconnaissance -Infiltration -Propagation -Capture
-Exfiltration U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

13 Detection U.S. Department of Homeland Security United States
Secret Service 11/13/2018 Timothy R. Reboulet

14 Initial Breach vs. Detection
Self Detection 28 days Law Enforcement 51.5 days Public Detection 87.5 days Regulatory Detection days U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

15 Overview of Investigation Process
-Scope Assessment -Data Acquisition -Forensic Analysis -Threat Detection -Containment and Remediation U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

16 U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

17 U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

18 Questions?

19 Critical Systems Protection
U.S. SECRET SERVICE Critical Systems Protection

20 OBJECTIVE The CSP Program seeks to identify networks of interest (NOI) and assess which computer networks, process-control systems or remotely-controlled devices could, if compromised, indirectly or directly impact the Secret Service-led operational security plan and/or affect the safety of the protectee(s).

21 MISSION -- Mitigate risk to Secret Service Protectees posed by information systems -- Lead the Critical Infrastructure Protection Sub-committee for National Special Security Events OVERALL GOAL -- Provide a secure cyber-environment for the Secret Service Protectees.

22 Critical Systems – USSS
ENERGY ILLUMINATION HVAC (environmental) SECURITY & OBSERVATION ACCESS CONTROL (physical/virtual) INFORMATION TECHNOLOGY SAFETY TELECOMMUNICATIONS INTERNAL TRANSPORTATION AUDIO & VISUAL CONTROL SYSTEMS Examples of Critical Systems Access Control (physical/virtual) Audio (public address) CCTV (coaxial and wireless) Electrical Elevators Fire Detection HVAC (environmental) Information Networks Panic Alarm Personnel (insider threat) Security Policy (comprehensive) Signage (jumbotrons) Telecommunications

23 Questions? U.S. Department of Homeland Security United States
Secret Service 11/13/2018 Timothy R. Reboulet

24 U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

25 SA Timothy Reboulet U.S. Secret Service timothy.reboulet@usss.dhs.gov
U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

26 Craig Byrkit – FBI Joey Smith – Schnucks Break Roundtable Questions
U.S. Department of Homeland Security United States Secret Service 11/13/2018 Timothy R. Reboulet

Download ppt "Network Intrusion Responder Program"

Similar presentations

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
4 Information Security.

4 Information Security.
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.

Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? The premeditated, politically motivated attack against information, computer systems,

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Bank Crime Investigation Techniques by means of Forensic IT

Bank Crime Investigation Techniques by means of Forensic IT
Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.

Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Submitted by: Abhashree Pradhan 0501227096 8CA (1)

Submitted by: Abhashree Pradhan CA (1)
Securing Information Systems

Securing Information Systems
CIS 2200 Kannan Mohan Department of CIS Zicklin School of Business, Baruch College.

CIS 2200 Kannan Mohan Department of CIS Zicklin School of Business, Baruch College.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.

Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.

Similar presentations

Ads by Google