Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security administrators The experts need better tools too!

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Security administrators The experts need better tools too!"— Presentation transcript:

1 Security administrators The experts need better tools too!

2 Agenda Projects? Projects? –Final conflicts? –Report and presentations Security admins Security admins General wrap-up General wrap-up

3 Report and presentation Intro and motivation Intro and motivation Describe the study - tasks, surveys, how many users, etc. Describe the study - tasks, surveys, how many users, etc. Describe the results – tables of data, issues observed, etc. Describe the results – tables of data, issues observed, etc. Describe the implications – what do the results mean? What would someone do with these results? Describe the implications – what do the results mean? What would someone do with these results? Future work – how would you modify study based on your pilot? What future studies does this suggest? Future work – how would you modify study based on your pilot? What future studies does this suggest?

4 Security Administrator Knowledge Growing more and more difficult Growing more and more difficult Decade ago: Decade ago: –possible for intimate knowledge of smaller computer systems, fewer applications and infrastructures to support –An intruder also likely needed intimate knowledge, less malicious code out there Now: Now: –large operating systems, 10s of thousands of files, large infrastructures –Widely distributed attack tools, very interconnected networks, infection occurs everywhere all the time Slides adapted from Matthew DeSantis, CMU

5 (Some) tools of the trade Intrusion Detection Systems (IDS) Intrusion Detection Systems (IDS) –Monitor network traffic and alert to suspicious patterns Scanning tools Scanning tools –Look for known vulnerabilities in networks and machines File/host integrity tools File/host integrity tools –Virus detection –Filesystem monitoring Home made scripts Home made scripts –Filter and process log files, run services, etc. Information sources Information sources –Descriptions of attacks, source code, etc.

6 Admin challenges Problems complex, still require human judgement to determine and solve Problems complex, still require human judgement to determine and solve Information overload Information overload –Large numbers of alerts and emails –Large log files –Many tools to help with different tasks Usability still not an aspect of these tools Usability still not an aspect of these tools –Command lines rule –No standards for tool output, difficult to synthesize

7 Solutions? Identify work practices and needs of these users Identify work practices and needs of these users –What is the implications of having security experts as users? –What usability properties do tools need to have? Visualization Visualization –Help users identify patterns in high volume data –Synthesize data from multiple sources to provide higher level views –Challenge: another thing to attack

8 Example - NVisionIP http://security.ncsa.uiuc.edu/distribution/NVisionIPDownLoad.html Visualize traffic flows to/from every machine on a large computer network Visualize traffic flows to/from every machine on a large computer network

9 Rumint Visualize network packets Visualize network packets http://www.rumint.org/

10 Rainstorm IDS Visualize IDS alarm events over an entire network space Visualize IDS alarm events over an entire network space

11 Wormhole detection Weichao Wang and Aidong Lu, UNCC Weichao Wang and Aidong Lu, UNCC

12 What else? Advantages, disadvantages of visualizations? Advantages, disadvantages of visualizations? Why don’t sysadmins use more of these visualization tools? Why don’t sysadmins use more of these visualization tools? What else could potentially make security administrator’s jobs easier? What else could potentially make security administrator’s jobs easier? What do end user’s need to know about security administrators? What do end user’s need to know about security administrators?

13 Course wrap-up Big lessons: Big lessons: –HCI can play a role in security and privacy solutions –Security and privacy are secondary tasks –Usability is not necessarily contrary to security –As with anything, tradeoffs in approaches –Good user-centered design can improve today’s tools

14 So what have you learned? What are the biggest lessons you take away from this course? What are the biggest lessons you take away from this course? How will you incorporate what you have learned into your job or life? How will you incorporate what you have learned into your job or life? What are important new themes to study in this area? What are important new themes to study in this area? –What needs additional focus? –anything we didn’t cover you think is really important?

15 Next week Give me 24 hours to give you feedback on a project draft Give me 24 hours to give you feedback on a project draft Presentations: 6:30pm in CHHS 285 Presentations: 6:30pm in CHHS 285

Download ppt "Security administrators The experts need better tools too!"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
Netflow Data-Mining Techniques Chris Poetzel Argonne National Laboratory Scott Pinkerton.

Netflow Data-Mining Techniques Chris Poetzel Argonne National Laboratory Scott Pinkerton.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Anomaly Detection Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention with Snort Dr. Jim Chen, Victor Tsao, Barry Williams, Tokunbo Olojo, John Smet,

Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention with Snort Dr. Jim Chen, Victor Tsao, Barry Williams, Tokunbo Olojo, John Smet,
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
NAV Project Update By: Meghan Allen and Peter McLachlan.

NAV Project Update By: Meghan Allen and Peter McLachlan.
1 IS380 Class Agenda 01/11/05 Sock H. Chung 1.Syllabus 2.Chapter 1 3.Introduction 4.Email Request.

1 IS380 Class Agenda 01/11/05 Sock H. Chung 1.Syllabus 2.Chapter 1 3.Introduction 4. Request.
Semester wrap-up …my final slides.. More on HCI Class on Ubiquitous Computing next spring Courses in visualization, virtual reality, gaming, etc. where.

Semester wrap-up …my final slides.. More on HCI Class on Ubiquitous Computing next spring Courses in visualization, virtual reality, gaming, etc. where.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Welcome to CS 450 Internet Security: A Measurement-based Approach.

Welcome to CS 450 Internet Security: A Measurement-based Approach.
Report on statistical Intrusion Detection systems By Ganesh Godavari.

Report on statistical Intrusion Detection systems By Ganesh Godavari.
Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)

Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)
Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Similar presentations

Ads by Google