Presentation is loading. Please wait.

Presentation is loading. Please wait.

APA of Isfahan University of Technology In the name of God.

Published byEdwina Jones Modified over 8 years ago

Similar presentations

Presentation on theme: "APA of Isfahan University of Technology In the name of God."— Presentation transcript:

1 APA of Isfahan University of Technology In the name of God

2  Computer Security Incident  The term “security incident” is defined as the act of non- compliance with the security policy, procedure, or a core security requirement that impacts the confidentiality, integrity and availability of health information. 2

3 Containment,Eradication,Recovery Post-IncidentActivities DetectionAndAnalysis Preparation 3 The organization is ready to respond to incidents, and also prevents incidents by ensuring that systems, networks, and applications are sufficiently secure. networks, and applications are sufficiently secure. The organization get the incident report or sign of incident searching for type and cause of it. and cause of it. The organization can act to mitigate the impact of the incident by containing it and ultimately recovering from it. The organization members share “lessons learned” from the incident.

4 2)Preventing Incidents  Recommended practices for securing networks :  Patch Management  Host Security  Network Security  Malicious Code Prevention 4

5 5

6 6

7 Definition : Denial of Service (DoS) A Denial of Service (DoS) is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources. 7

8 DDos DDos: Distributed Denial of Service 8

9 DDos Types Of DDos Attacks : 1)Reflector Attack 9

10 DDos Types Of DDos Attacks : 2)Amplifier Attack 10

11 DDos Types Of DDos Attacks : 3)Flood Attack 11

12 Step 1 :Preparation 1) Preparation I. ISP II. IDS Configuration III. Resource Monitoring IV. Maintain Paper Copy of Handling Documents 12

13 Step 1 :Preparation 1) Prevention I. Control Traffic II. On Internet-accessible hosts, disable all unneeded services III. Implement redundancy for key functions IV. Ensure that networks and systems are not running near maximum capacity 13

14 Step2: Detection and Analysis Precursors and Reactions :  Low Volume of Traffic Caused by Reconnaissance Activities  Block ways of attack  A new DoS tool  Investigate it and change configurations 14

15 Step2: Detection and Analysis Indication Of Each Type of DoS:  Network Based DoS against a host  Network Based DoS against network  DoS against OS of A host  DoS against an application on a particular host 15

16 Step2: Detection and Analys is  IP address in most cases is spoofed  Logs may be helpful to find the Attacker.  When an outage occurs, no one may realize that a DoS attack caused it  Outages are so common!  Network-based DoS attacks are difficult for IDPS sensors to detect with a high degree of accuracy  User Get False alerts so disable it.  Attacker use zombies  Agents are not sinful. 16

17 Step3: 1)Containment Strategies Simple Solution : Filtering All Traffic by IP Spoofed Ips  Most of the time not possible Solution : Filtering based on Characteristics (port, Protocol,…) 17

18 Step3: 1)Containment Strategies Other Strategies : I. Correct vulnerability II. Relocate The Target III. Attack the Attacker ! 18

19 19

20 Definition : unauthorized access An unauthorized access incident occurs when a person gains access to resources that the person was not intended to have 20

21 Special Characteristic :  These kinds of Attacks mostly occur in several steps.  First The attacker gain limited access through a vulnerability then try to gain higher level of access.  So : Tracking The Incident is Important. 21

22 Step 1 :Preparation 1) Preparation 1) Education 2) Configuration 3) Control 2) Prevention  Network Security  Host Security  Authentication and Authorization  Physical Security 22

23 Step2: Detection and Analysis  Have many types of occurrence.  Lots of Precursors and Indications  Must be customized to environment-specific 23

24 Step2: Detection and Analysis Precursors: 24  Detecting reconnaissance activities through IDPS  A failed physical access attempt to a system.  A user report of a social engineering attempt.  A new exploit for gaining unauthorized access is released publicly

25 Step2: Detection and Analysis Types of unauthorized access and possible Indications:  Root compromise of a host  Unauthorized data modification  Unauthorized usage of standard user account  Physical Intruder  Unauthorized data access 25

26 Step2: Detection and Analysis Problem:  It is difficult to distinguish malicious activity from benign one Solution:  Change management process 26

27 Step2: Detection and Analysis Prioritization Problem:  Calculating current and future impact is difficult Solution:  The incident may need to be prioritized before the analysis is complete  It Must be done based on an estimate of the current impact Considering the criticality of the resources Next Step: Considering the criticality of the resources 27

28 Step3: 1)Containment Strategies Problem:  Response time is important. Analyzing step may take a long time Solution:  Perform an initial analysis, then prioritize, response and another analysis stage 28

29 Step3: 1)Containment Strategies : Shutting down the system !!! Easy Solution : Shutting down the system !!! The Moderate one:  A combination of:  Isolate the affected systems  Disable the affected service  Eliminate the attacker’s route into the environment.  Disable user accounts that may have been used in the attack  Enhance physical security measures 29

30 Step3: 2)Eradication And Recovery  Recovery is based on level of access  In case of root access  system restore  Mitigate the vulnerability 30

31 31

32 Definition : Inappropriate Usage An Inappropriate Usage incident occurs when a user performs actions that violate acceptable computing use policies. 32

33 Examples:  Download password cracking tools.  Send spam promoting a personal business  Email harassing messages to coworkers  Set up an unauthorized Web site on one of the organization’s computers  Use file sharing services to acquire or distribute pirated materials  Transfer sensitive materials from the organization to external locations. 33

34 Examples: (Attack annoying outside entities from inside Organization)  An internal user  Defacing another organization’s public Web site.  Purchasing items from online retailers with stolen credit card numbers.  A third party  Sending spam emails with spoofed source email addresses that appear to belong to the organization.  Performing a DoS against an organization by generating packets with spoofed source IP addresses that belong to the organization. 34

35 Types of Inappropriate use :  Personal e-mail  Deliberate Disclosure of Sensitive information  Inadvertent Misuse 35

36 Impacts of inappropriate Usage on Organization:  Loss of productivity  Increased risk of liability and legal action  Reduction (or loss)of network bandwidth  Increased risk of virus infection and other malicious code 36

37 Step 1 :Preparation 1) Preparation  Coordinate with :  representatives of the organization’s human resources  Physical security team  Set Proxy and Log users activities  Configure IDPS Software 37

38 Step 1 :Preparation 2) Prevention  Configure:  Firewall  Email Server  Set:  URL filtering Rule  Limitation on use of Encrypted Protocols 38

39 Step2: Detection and Analysis  Usually no precursor, Just users report  Analyzing Reports(is a report real or no?) Problem:  Incidents Reported from outside Solution:  Accurate and complete Logging 39

40 Step2: Detection and Analysis Different activities and Indication:  Attack against external party  IDPS alerts and Logs  Access to inappropriate materials  Users report, IDPS alerts and Logs  Users report, IDPS alerts and Logs  Unauthorized Access Usage  Unusual Traffic, New Process, New Files, Users report, IDPS alerts and Logs. 40

41 Step2: Detection and Analysis Prioritization:  Business impact of these incidents is different  It depends on: I. Whether the activity is criminal II. How much damage the organization’s reputation may sustain 41

42 Step2: Detection and Analysis Prioritization: Example of Response time table 42

43 Step3: Containment, Eradication And Recovery  Generally no such step is needed  May be just reinstalling uninstalled software  Evidence gathering is Important 43

Download ppt "APA of Isfahan University of Technology In the name of God."

Similar presentations

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.

Similar presentations

Ads by Google