Presentation is loading. Please wait.

Presentation is loading. Please wait.

PROCESS OF CONDUCTING A DOS/IDS INCIDENT ANALYSIS

Published byEric Hancock Modified over 8 years ago

Similar presentations

Presentation on theme: "PROCESS OF CONDUCTING A DOS/IDS INCIDENT ANALYSIS"— Presentation transcript:

1 PROCESS OF CONDUCTING A DOS/IDS INCIDENT ANALYSIS

2 As computer systems and the Internet have grown in size, complexity and usage the these systems has also grown. This has lead to a demand for automated systems for detecting malicious activity. This has lead to the development of a range of Intrusion Detection Systems

3 Intrusion Detection System
A Intrusion detection system is generally considered to be any system designed to detect attempts compromise the integrity, confidentiality or availability. A Network Intrusion Detection System (NIDS) aims to detect attempted compromises by monitoring network traffic. A host based IDS (HIDS) monitors a single system for signs of compromise. 

4 DISTRIBUTED DENIAL OF SERVICE
A distributed denial of service attack is malicous dos attack involving more than one source. DDOS attacks usually involve a large number of compromised systems attacking a single target.

5 TYPES OF ATTACKS Buffer Overflow Attacks SYN Attacks Teardrop Attacks
Smurf Attacks Viruses Infrastructure Attacks

6 SYMPTOMS OF DOS ATTACK Slow Network Performance.
A website is unavailable Inability to access anything outside LAN. Increase in the number of SPAM s.

7 SECURITY ANALYSIS Preparation Detection and Analysis
Containment, Eradication and Recovery Post Incident Recovery Documentation

8 PREPARATION Form Incident Response Team.
Main Contact Information. On-call Roster, Incident Report Mechanism. Incident operations center. Evidence Secure Storage. Spare Computers/Servers Removable Media. Digital forensic Kit Spare Printers Network Diagrams Network Baselines

9 MONITOR NETWORK FOR SIGNS OF INCIDENT
Reconnaissance activity Network Scanning Remote Logon attempts Increase in volume of traffic Log suspicious traffic Consolidate reports for analysis.

10 CONTAINMENT, ERADICATION AND RECOVERY
Identify the type of attack. Block the Attack. Blocked Access from Source IP Address. RECOVERY Update firewall Update all users passwords Reinstalled Software

11 POST INCIDENT ACTIVITY
Summary of Incident What can we do better What was good Evidence Handling Evidence Retention Subjective Overall Assessment

12 POST INCIDENT DOCUMENTATION
Create after actions report. Incident handling checklist Update Knowledge Base

13 WHAT CAN EMPLOYEES DO? Email and Attachments Password Policies
Scan all files Use Antivirus Physical Security

14 REFERENCES Allen, J. Christie, A. William, F. McHugh, J. Pickel, J. Stoner, E. (2000) State of the Practice of Intrusion Detection Technologies. Carnegie Mellon Software Engineering Institute. Richard P. Lippmann, Robert K. Cunningham, David J. Fried, Issac Graf, Kris R. Kendall, Seth E. Webster, Marc A. Zissman(1999). Results of the DARPA 1998 Offline Intrusion Detection Evaluation, slides presented at RAID 1999 Conference, September 7-9, 1999, West Lafayette, Indiana.  Haines, J, W. Lippmann, R, P. Fried, R, P. Korba, J. & Das, K. (1999) The 1999 DARPA Off-Line Intrusion Detection Evaluation.  Haines, J, W. Lippmann, R, P. Fried, R, P. Zissman, M, A. Tran, E. & Bosswell , S, B. (1999) DARPA Intrusion Detection Evaluation: Design and Procedures. Lincoln Laboratory, Massachusetts Institute of Technology.

Download ppt "PROCESS OF CONDUCTING A DOS/IDS INCIDENT ANALYSIS"

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Identifying and Responding to Security Incidents in the Law Firm

Identifying and Responding to Security Incidents in the Law Firm
Separate Domains of IT Infrastructure

Separate Domains of IT Infrastructure
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Information Networking Security and Assurance Lab National Chung Cheng University How to Evaluate Network Intrusion Detection Systems?

Information Networking Security and Assurance Lab National Chung Cheng University How to Evaluate Network Intrusion Detection Systems?
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
By Edith Butler Fall 2008. Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.

By Edith Butler Fall Our Security Ways we protect our valuables: Locks Security Alarm Video Surveillance, etc.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Security Guidelines and Management

Security Guidelines and Management
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

Similar presentations

Ads by Google