SlideShare a Scribd company logo
1 of 46
Download to read offline
Slide - 1,[object Object],Dan VanBelleghem,[object Object],Senior Information Assurance Engineer - SRA,[object Object],Penetration Testing,[object Object],Security Training,[object Object],Security Readiness Reviews,[object Object],Incident Response,[object Object],Security Assessments,[object Object],Director of Security Programs - Network Forensics,[object Object],Security Assistance Teams for US DoD - BAH,[object Object],Security Audits and Assessments for Fortune 500 - D&T,[object Object]
Slide - 2,[object Object],Network Mystery Quiz,[object Object],Do you know:,[object Object],What is happening on your network?,[object Object],What users are doing?,[object Object],If users are compliant with policy?,[object Object],If users’ internal and external network communications affect the enterprise security posture?,[object Object],If anomalous behavior is detectable on the network?,[object Object],Why network diagrams are not enough?,[object Object]
Slide - 3,[object Object],Objectives,[object Object],The objectives of this session are to provide an overview of the following:,[object Object],Examples of network activities that are often overlooked,[object Object],Techniques used in solving mysteries,[object Object],Benefits from audit & monitoring,[object Object],Recommendations for performing audit & monitoring,[object Object]
Slide - 4,[object Object],Observations,[object Object],[object Object]
Discovery, analysis and lessons learned will be discussed for each of the following examples:
Uncovering DDOS agents
Harassing e-mails
Rogue servers and applications
System administrator misuse,[object Object]
Firewall policy allowed DNS traffic
Firewalls managed in Colorado
DNS servers managed locally at other national offices,[object Object]
Slide - 7,[object Object],DDOS ,[object Object],victim.com,[object Object],Local Offices,[object Object],Attacker,[object Object],INTERNET,[object Object],F,[object Object],victim.com,[object Object],HQ,[object Object],[object Object]
Root access gained
Trust relationships exploited
DDOS agent plantedSecondary ,[object Object],DNS,[object Object],Primary ,[object Object],DNS,[object Object],Local ,[object Object],DNS,[object Object]
Slide - 8,[object Object],DDOS Agent Discovery,[object Object],Techniques used for discovery,[object Object],[object Object]
“unusual traffic”
Firewall logs reviewed
DNS server and OS logs reviewed,[object Object]
DNS server (OS and application) logs not reviewed
IP spoofing not monitored internally
Integrity checking not performed,[object Object]
Automate
Outsource
Monitor and review network traffic patterns and trends
Network monitors
Network device logs
Perform host integrity checking for critical assets
Tripwire
System profile checkers,[object Object]
An internal employee was suspected but could not be confirmed,[object Object]
Slide - 13,[object Object]
Slide - 14,[object Object]
Slide - 15,[object Object]
Slide - 16,[object Object],Harassing E-mails (cont.),[object Object]
Slide - 17,[object Object]
Slide - 18,[object Object]
Slide - 19,[object Object]
Slide - 20,[object Object]
Slide - 21,[object Object]
Slide - 22,[object Object],Harassing E-mails,[object Object],Recommendations,[object Object],[object Object]
Monitor for non-production e-mail traffic
Develop monitoring scripts or procure commercial tools,[object Object]
Enabling write access on anonymous ftp services for convenience
Users installing unauthorized services (e.g., web servers) to the production networkRogue Servers/Applications,[object Object]

More Related Content

What's hot

Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017FRSecure
 
Slide Deck CISSP Class Session 7
Slide Deck CISSP Class Session 7Slide Deck CISSP Class Session 7
Slide Deck CISSP Class Session 7FRSecure
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
 
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017FRSecure
 
Trustport - Roman Veleba
Trustport - Roman VelebaTrustport - Roman Veleba
Trustport - Roman VelebaJan Fried
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017FRSecure
 
Slide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramFRSecure
 
How to Prepare for the CISSP Exam
How to Prepare for the CISSP ExamHow to Prepare for the CISSP Exam
How to Prepare for the CISSP Examkoidis
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection amiable_indian
 
Ciss previsionnotes
Ciss previsionnotesCiss previsionnotes
Ciss previsionnotesmadunix
 
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...Dr. Amrita .
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousRaffael Marty
 
The Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined NetworksThe Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined NetworksPriyanka Aash
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 

What's hot (20)

Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
 
Slide Deck CISSP Class Session 7
Slide Deck CISSP Class Session 7Slide Deck CISSP Class Session 7
Slide Deck CISSP Class Session 7
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
 
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
 
Trustport - Roman Veleba
Trustport - Roman VelebaTrustport - Roman Veleba
Trustport - Roman Veleba
 
Incident response
Incident responseIncident response
Incident response
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
 
Slide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 10 – FRSecure CISSP Mentor Program
Slide Deck Class Session 10 – FRSecure CISSP Mentor Program
 
How to Prepare for the CISSP Exam
How to Prepare for the CISSP ExamHow to Prepare for the CISSP Exam
How to Prepare for the CISSP Exam
 
Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection
 
Ciss previsionnotes
Ciss previsionnotesCiss previsionnotes
Ciss previsionnotes
 
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
2 14-1346479656-1- a study of feature selection methods in intrusion detectio...
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
The Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined NetworksThe Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined Networks
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network Vapt
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 

Similar to Network Security Forensics

Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber AnalyticsNovetta
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?Dmitry Evteev
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big DataRaffael Marty
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRhys A. Mossom
 
inforamtion security full notes unit 1.ppt
inforamtion security full notes unit 1.pptinforamtion security full notes unit 1.ppt
inforamtion security full notes unit 1.pptit160320737038
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingAnita D'Amico
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)TI Safe
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copyyuliana_mar
 
Resove network problem.pptx
Resove network problem.pptxResove network problem.pptx
Resove network problem.pptxTadeseBeyene
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.pptAssadLeo1
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 

Similar to Network Security Forensics (20)

Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
 
Penetration testing, What’s this?
Penetration testing, What’s this?Penetration testing, What’s this?
Penetration testing, What’s this?
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolio
 
inforamtion security full notes unit 1.ppt
inforamtion security full notes unit 1.pptinforamtion security full notes unit 1.ppt
inforamtion security full notes unit 1.ppt
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security Sensemaking
 
Network forensics
Network forensicsNetwork forensics
Network forensics
 
Testbed For Ids
Testbed For IdsTestbed For Ids
Testbed For Ids
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
 
security onion
security onionsecurity onion
security onion
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
 
Resove network problem.pptx
Resove network problem.pptxResove network problem.pptx
Resove network problem.pptx
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
 
Become a Cloud Security Ninja
Become a Cloud Security NinjaBecome a Cloud Security Ninja
Become a Cloud Security Ninja
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 

Network Security Forensics