Counter reconnaissance
Basic profile <ul><li>Reconnaissance </li><ul><li>Open sources
“Internal” and other privileged sources </li></ul><li>Attack </li><ul><li>DoS
Intrusion </li></ul></ul>
Counter reconnaissance <ul><li>Purpose </li><ul><li>Know that they are looking, before they break in. </li></ul><li>Result...
Gather evidence
Prevention
Supply false information </li></ul></ul>
Log, logs, logs, logs <ul><li>Huge amounts of information. Use it! (Daily?)
Upcoming SlideShare
Loading in …5
×

Itet2 its counter recon

374 views
311 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
374
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Itet2 its counter recon

  1. 1. Counter reconnaissance
  2. 2. Basic profile <ul><li>Reconnaissance </li><ul><li>Open sources
  3. 3. “Internal” and other privileged sources </li></ul><li>Attack </li><ul><li>DoS
  4. 4. Intrusion </li></ul></ul>
  5. 5. Counter reconnaissance <ul><li>Purpose </li><ul><li>Know that they are looking, before they break in. </li></ul><li>Result of good counter reconnaissance </li><ul><li>Determine methodology
  6. 6. Gather evidence
  7. 7. Prevention
  8. 8. Supply false information </li></ul></ul>
  9. 9. Log, logs, logs, logs <ul><li>Huge amounts of information. Use it! (Daily?)
  10. 10. Use log analysers to data mine
  11. 11. Decentralized log are difficult, centralized are easier to analyse. </li></ul>
  12. 12. Log example <ul><li>Linux examples: see /var/log </li><ul><li>Ex. on the ipcop firewall </li></ul></ul>
  13. 13. Log software <ul><li>Cloud based logs </li><ul><li>Loggly </li></ul><li>Log-based intrusion detection </li><ul><li>OSSSEC </li></ul><li>Web log analysis </li><ul><li>Analog example
  14. 14. AWstats example </li></ul></ul>
  15. 15. Intrusion detection <ul><li>Sectools top 5 </li></ul>Bonus question: <ul><li>What happens when an IDS detects an intrusion? </li></ul>
  16. 16. SIEM <ul><li>Security information and event management
  17. 17. What is that? </li><ul><li>Light reading on the topic may be found here . </li></ul></ul>
  18. 18. Exercise <ul><li>What is found in the logs? </li><ul><li>As an alternative: your windows or linux machine
  19. 19. Any interesting events? </li></ul><li>Try the different nmap detection schemes
  20. 20. Are they detected? </li><ul><li>Install snort and try again. </li></ul></ul>

×