SlideShare a Scribd company logo

Intelligence Intelligence (Uber)

Download as PPTX, PDF
D
Divya Kothari
1 of 25
INTELLIGENCE INTELLIGENCE IMT 553 - FINAL PROJECT Presented by: DIVYA KOTHARI karthik Krishnamurthy Nausheen Jawed Navin Hegde Sandeep Bhat(For educational purposes only)
SOURCES OF THREATS/RISKS 1. People 2. Process 3. External events 4. Technology From an Information Assurance perspective, we chose to concentrate on Technology related risks. Scope: Since Uber is driven through network, the scope of our project is Network Security
CRITICAL ASSETS 1. Software - Uber Application 2. Database server 3. Public facing servers 4. Internal servers 5. Directory (Access Management System) 6. Customer base
Observable Types According to Kaspersky, the main two sources of threats penetration are - Internet - Email In this context, the observable types we chose are: 1. IP address 2. Domain names 3. Email and email artifacts
IP Address - Desired State 1. Prevent access to dangerous hosts 2. Prevent dangerous hosts from accessing external facing systems
Integrating IP Address in a Risk Management Program Risk: 1. Unauthorized access to confidential company information 2. Unauthorized access to customer database 3. Systems unavailability Major Risk Driver: Compromise of network security
Methods for IP compromise: 1. Eavesdropping 2. IP Spoofing 3. Data Modification 4. Man in the middle attack Mitigation Plan: IP Blacklisting Integrating IP Address in a Risk Management Program
IP Address - Validating Sources Factors used to validate the source: 1. No. of entries in the source 2. Diversity in the Geo-location of the IP address 3. False positive (to verify integrity of sources)
IP Address- Validating Sources Step 1: Take three IP address sources Step 2: Count the number of entries in each source Step 3: By random sampling, we chose 5% of IP’s from each list Step 4: Find the geo-location of the chosen IP’s using mxtoolbox Step 5: Group the geo-location of the IP’s by continents Step 6: Check for False positive for the samples chosen Step 7: Assign a weighted score to the factors that have been used to validate the source Step 8: Give a relative total score to each source based on the weight of the metrics
IP Address - Demo
IP Address - Demo Result Metrics Source 1 Source 2 Source 3 Score Weighted Score Score Weighted Score Score Weighted Score No of entries (0.5) 3 (3*0.5)1.5 2 (2*0.5)1 1 (1*0.5)0.5 Diversity (geolocation) (0.3) 3 (3*0.3)0.9 2 (2*0.3)0.6 1 1(1*0.3)0.3 False positive (0.2) 2 (2*0.2)0.4 2 (2*0.2)0.4 2 (2*0.2)0.4 Total score 2.8 2 1.2
Domain Names - Desired State 1. Prevent access to malicious domains 2. Prevent spam emails originating from malicious domains 3. Prevent emails that have phishing links
Integrating Domain Names in a Risk Management Program Risk: 1. Unauthorized access to confidential company information 2. Unauthorized access to customer database 3. Systems unavailability Risk Drivers: 1. Inbound Compromise - Could be through phishing emails sent from malicious domains. 2. Outbound - Could occur through employees trying to access these domains Mitigation Plan: Domain Name Blacklisting
Domain Names - Validating Sources Factors used to validate the source: 1. No of entries in the source 2. False positive (to verify integrity of sources)
Domain Names: Validating Sources Step 1: Take three domain name sources Step 2: Count the number of entries in each source Step 3: By random sampling, we chose 5% of domain names from each list Step 4: Check the validity of the domain names using mxtoolbox Step 5: Assign a weighted score to the factors that have been used to validate the source Step 6: Give a relative total score to each source based on the weight of the metrics
Domain names - Sample Toolbox
Domain NAMES - DEMO Result Metrics Source 1 Source 2 Source 3 Score Weighted Score Score Weighted Score Score Weighted Score No of entries (0.6) 2 (2*0.6)1.2 3 (3*0.6)1.8 1 (1*0.6)0.6 False positive (0.4) 2 (2*0.4)0.8 1 (1*0.4)0.4 3 (3*0.4)1.2 Total score 2 2.2 1.8
Email artifacts - Desired State 1. Prevent emails that have phishing links (move to spam) 2. Prevent emails with malicious attachments
Email Artifacts - Validating Sources It's helpful to validate as many aspects of the email address as possible: the syntax the email against a list of bad email addresses the domain against a list of bad domains a list of mailbox domains whether or not the domain exists
Priority list of observable types 1. IP Address 2. Domain Names 3. Email and email artifacts
Limitations 1. Random Sampling 2. Not enough factors considered 3. Not taking subnets into IP consideration
Recommendations 1. Periodic assessment of effectiveness of sources 2. Intelligence framework should be complementary 3. Update sources based on newly identified threats 4. Employee awareness programs 5. Incident Response Team
APPENDIX Following are the primary six cyber intelligence resources we used to test our methodology: FOR DOMAIN NAME: ● http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt ● https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist ● http://malc0de.com/bl/BOOT FOR IP ADDRESSES: ● http://www.blocklist.de/lists/apache.txt ● http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt ● http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt
BIBLIOGRAPHY Content: ● Juzenaite, R. 5th August, 2015, “The Most Hacker-Active Countries” Infosecinstitute. Accessed on 10th May, 2016. Retrieved from: http://resources.infosecinstitute.com/the-most-hacker-active-countries-part-i/ ● Kaspersky Lab Support “Safety 101: Main sources of threats penetration” Kaspersky Lab. Accessed on 16th May, 2016. Retrieved from: http://support.kaspersky.com/us/viruses/general/789#block2 ● Lam, James (2003) “Enterprise Risk Management: From Incentives to Controls” Hoboken, NJ: Wiley. 2003 (Print) Accessed on 2nd May, 2016. ● Microsoft TechNet, 21st January 2005 “Security Issues with IP” Microsoft TechNet. Accessed on 7th May, 2016. Retrieved from: https://technet.microsoft.com/en-us/library/cc783463(v=ws.10).aspx Image Credits: ● https://play.google.com/store/apps/details?id=com.ubercab ● http://www.technobuffalo.com/2014/08/12/uber-is-about-expand-to-other-apps/ ● http://thenextweb.com/insider/2015/07/15/why-uber-is-buying-map-companies/ ● http://techcrunch.com/2014/01/09/big-uberx-price-cuts/ ● http://www.post-gazette.com/business/legal/2015/03/18/Uber-and-Lyft-face-independent-contractor- challenge/stories/201503170013
Thank you Questions?

Recommended

Automatic detction of web apps vulnerability
Automatic detction of web apps vulnerabilityAutomatic detction of web apps vulnerability
Automatic detction of web apps vulnerability임채호 박사님
 
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREMINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREIJNSA Journal
 
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREMINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREIJNSA Journal
 
Spam detection using machine learning based binary classifier_043660
Spam detection using machine learning based binary classifier_043660Spam detection using machine learning based binary classifier_043660
Spam detection using machine learning based binary classifier_043660syaidatulamirah
 
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...IJCSIS Research Publications
 
IRJET- Attack Detection Strategies in Wireless Sensor Network
IRJET- Attack Detection Strategies in Wireless Sensor NetworkIRJET- Attack Detection Strategies in Wireless Sensor Network
IRJET- Attack Detection Strategies in Wireless Sensor NetworkIRJET Journal
 
Tracking Spam Mails Using SPRT Algorithm With AAA
Tracking Spam Mails Using SPRT Algorithm With AAATracking Spam Mails Using SPRT Algorithm With AAA
Tracking Spam Mails Using SPRT Algorithm With AAAIRJET Journal
 
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODSA STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODSijaia
 

Recommended

Automatic detction of web apps vulnerability
Automatic detction of web apps vulnerabilityAutomatic detction of web apps vulnerability
Automatic detction of web apps vulnerability임채호 박사님
 
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREMINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREIJNSA Journal
 
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREMINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWARE
MINING PATTERNS OF SEQUENTIAL MALICIOUS APIS TO DETECT MALWAREIJNSA Journal
 
Spam detection using machine learning based binary classifier_043660
Spam detection using machine learning based binary classifier_043660Spam detection using machine learning based binary classifier_043660
Spam detection using machine learning based binary classifier_043660syaidatulamirah
 
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...IJCSIS Research Publications
 
IRJET- Attack Detection Strategies in Wireless Sensor Network
IRJET- Attack Detection Strategies in Wireless Sensor NetworkIRJET- Attack Detection Strategies in Wireless Sensor Network
IRJET- Attack Detection Strategies in Wireless Sensor NetworkIRJET Journal
 
Tracking Spam Mails Using SPRT Algorithm With AAA
Tracking Spam Mails Using SPRT Algorithm With AAATracking Spam Mails Using SPRT Algorithm With AAA
Tracking Spam Mails Using SPRT Algorithm With AAAIRJET Journal
 
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODSA STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODSijaia
 
Uber Smart: KM Goes Big
Uber Smart: KM Goes BigUber Smart: KM Goes Big
Uber Smart: KM Goes BigMalcolm Ryder
 
Uber Case Comp
Uber Case CompUber Case Comp
Uber Case CompYasmine Creese-Brown
 
Information system of Uber
Information system of UberInformation system of Uber
Information system of Ubersisilin93
 
Uber Presentation
Uber PresentationUber Presentation
Uber PresentationKyle Lake
 
Uber Interview Questions and Process: How to Pass Easily
Uber Interview Questions and Process: How to Pass EasilyUber Interview Questions and Process: How to Pass Easily
Uber Interview Questions and Process: How to Pass EasilyInterview Steps
 
UBER Strategy
UBER StrategyUBER Strategy
UBER StrategyHooJin Yoon
 
SOC-as-a-Service - comSpark 2019
SOC-as-a-Service - comSpark 2019SOC-as-a-Service - comSpark 2019
SOC-as-a-Service - comSpark 2019Advanced Technology Consulting (ATC)
 
The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...IRJET Journal
 
Final report
Final reportFinal report
Final reportRahul Sihag
 
Study of Various Techniques to Filter Spam Emails
Study of Various Techniques to Filter Spam EmailsStudy of Various Techniques to Filter Spam Emails
Study of Various Techniques to Filter Spam EmailsIRJET Journal
 
4. Forensic Investigation Techniques By Neil Hare Brown.pptx
4. Forensic Investigation Techniques By Neil Hare Brown.pptx4. Forensic Investigation Techniques By Neil Hare Brown.pptx
4. Forensic Investigation Techniques By Neil Hare Brown.pptxAMIRHAMZA18953
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET Journal
 
Analysis on NIMDA Worm in Windows | Exploitation | Detection | Propagation
Analysis on NIMDA Worm in Windows | Exploitation | Detection | PropagationAnalysis on NIMDA Worm in Windows | Exploitation | Detection | Propagation
Analysis on NIMDA Worm in Windows | Exploitation | Detection | PropagationGayan Weerarathna
 
Spamato
SpamatoSpamato
Spamatoguest62227f
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_applicationUmut IŞIK
 
Detecting Spambot as an Antispam Technique for Web Internet BBS
Detecting Spambot as an Antispam Technique for Web Internet BBSDetecting Spambot as an Antispam Technique for Web Internet BBS
Detecting Spambot as an Antispam Technique for Web Internet BBSijsrd.com
 
Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...
Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...
Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...Carolyn Duby
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Identifying Malicious Data in Social Media
Identifying Malicious Data in Social MediaIdentifying Malicious Data in Social Media
Identifying Malicious Data in Social MediaIRJET Journal
 
grade 6.pptx
grade 6.pptxgrade 6.pptx
grade 6.pptxManisha367566
 
Integration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniquesIntegration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniquesiaemedu
 
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYCOUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYIJNSA Journal
 

More Related Content

Viewers also liked

Uber Smart: KM Goes Big
Uber Smart: KM Goes BigUber Smart: KM Goes Big
Uber Smart: KM Goes BigMalcolm Ryder
 
Information system of Uber
Information system of UberInformation system of Uber
Information system of Ubersisilin93
 
Uber Presentation
Uber PresentationUber Presentation
Uber PresentationKyle Lake
 
Uber Interview Questions and Process: How to Pass Easily
Uber Interview Questions and Process: How to Pass EasilyUber Interview Questions and Process: How to Pass Easily
Uber Interview Questions and Process: How to Pass EasilyInterview Steps
 

Viewers also liked (6)

Uber Smart: KM Goes Big
Uber Smart: KM Goes BigUber Smart: KM Goes Big
Uber Smart: KM Goes Big
 
Uber Case Comp
Uber Case CompUber Case Comp
Uber Case Comp
 
Information system of Uber
Information system of UberInformation system of Uber
Information system of Uber
 
Uber Presentation
Uber PresentationUber Presentation
Uber Presentation
 
Uber Interview Questions and Process: How to Pass Easily
Uber Interview Questions and Process: How to Pass EasilyUber Interview Questions and Process: How to Pass Easily
Uber Interview Questions and Process: How to Pass Easily
 
UBER Strategy
UBER StrategyUBER Strategy
UBER Strategy
 

Similar to Intelligence Intelligence (Uber)

The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...IRJET Journal
 
Study of Various Techniques to Filter Spam Emails
Study of Various Techniques to Filter Spam EmailsStudy of Various Techniques to Filter Spam Emails
Study of Various Techniques to Filter Spam EmailsIRJET Journal
 
4. Forensic Investigation Techniques By Neil Hare Brown.pptx
4. Forensic Investigation Techniques By Neil Hare Brown.pptx4. Forensic Investigation Techniques By Neil Hare Brown.pptx
4. Forensic Investigation Techniques By Neil Hare Brown.pptxAMIRHAMZA18953
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET Journal
 
Analysis on NIMDA Worm in Windows | Exploitation | Detection | Propagation
Analysis on NIMDA Worm in Windows | Exploitation | Detection | PropagationAnalysis on NIMDA Worm in Windows | Exploitation | Detection | Propagation
Analysis on NIMDA Worm in Windows | Exploitation | Detection | PropagationGayan Weerarathna
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_applicationUmut IŞIK
 
Detecting Spambot as an Antispam Technique for Web Internet BBS
Detecting Spambot as an Antispam Technique for Web Internet BBSDetecting Spambot as an Antispam Technique for Web Internet BBS
Detecting Spambot as an Antispam Technique for Web Internet BBSijsrd.com
 
Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...
Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...
Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...Carolyn Duby
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Identifying Malicious Data in Social Media
Identifying Malicious Data in Social MediaIdentifying Malicious Data in Social Media
Identifying Malicious Data in Social MediaIRJET Journal
 
Integration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniquesIntegration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniquesiaemedu
 
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYCOUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYIJNSA Journal
 
Ista presentation-apache spark
Ista presentation-apache sparkIsta presentation-apache spark
Ista presentation-apache sparkvinaykumar R
 
BotMagnifier: Locating Spambots on the Internet
BotMagnifier: Locating Spambots on the InternetBotMagnifier: Locating Spambots on the Internet
BotMagnifier: Locating Spambots on the InternetGianluca Stringhini
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)theijes
 

Similar to Intelligence Intelligence (Uber) (20)

SOC-as-a-Service - comSpark 2019
SOC-as-a-Service - comSpark 2019SOC-as-a-Service - comSpark 2019
SOC-as-a-Service - comSpark 2019
 
The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...The Detection of Suspicious Email Based on Decision Tree ...
The Detection of Suspicious Email Based on Decision Tree ...
 
Final report
Final reportFinal report
Final report
 
Study of Various Techniques to Filter Spam Emails
Study of Various Techniques to Filter Spam EmailsStudy of Various Techniques to Filter Spam Emails
Study of Various Techniques to Filter Spam Emails
 
4. Forensic Investigation Techniques By Neil Hare Brown.pptx
4. Forensic Investigation Techniques By Neil Hare Brown.pptx4. Forensic Investigation Techniques By Neil Hare Brown.pptx
4. Forensic Investigation Techniques By Neil Hare Brown.pptx
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and Mitigation
 
Analysis on NIMDA Worm in Windows | Exploitation | Detection | Propagation
Analysis on NIMDA Worm in Windows | Exploitation | Detection | PropagationAnalysis on NIMDA Worm in Windows | Exploitation | Detection | Propagation
Analysis on NIMDA Worm in Windows | Exploitation | Detection | Propagation
 
Spamato
SpamatoSpamato
Spamato
 
Threat modelling with_sample_application
Threat modelling with_sample_applicationThreat modelling with_sample_application
Threat modelling with_sample_application
 
Detecting Spambot as an Antispam Technique for Web Internet BBS
Detecting Spambot as an Antispam Technique for Web Internet BBSDetecting Spambot as an Antispam Technique for Web Internet BBS
Detecting Spambot as an Antispam Technique for Web Internet BBS
 
Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...
Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...
Providence Future of Data Meetup - Apache Metron Open Source Cybersecurity Pl...
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 
Identifying Malicious Data in Social Media
Identifying Malicious Data in Social MediaIdentifying Malicious Data in Social Media
Identifying Malicious Data in Social Media
 
grade 6.pptx
grade 6.pptxgrade 6.pptx
grade 6.pptx
 
Integration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniquesIntegration of feature sets with machine learning techniques
Integration of feature sets with machine learning techniques
 
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYCOUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
 
Ista presentation-apache spark
Ista presentation-apache sparkIsta presentation-apache spark
Ista presentation-apache spark
 
BotMagnifier: Locating Spambots on the Internet
BotMagnifier: Locating Spambots on the InternetBotMagnifier: Locating Spambots on the Internet
BotMagnifier: Locating Spambots on the Internet
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
 

More from Divya Kothari

The American Health Care System - Long Paper
The American Health Care System - Long PaperThe American Health Care System - Long Paper
The American Health Care System - Long PaperDivya Kothari
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkDivya Kothari
 
Effect of Multitasking on GPA - Research Paper
Effect of Multitasking on GPA - Research PaperEffect of Multitasking on GPA - Research Paper
Effect of Multitasking on GPA - Research PaperDivya Kothari
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportDivya Kothari
 
Homer Pithawala_Referral
Homer Pithawala_ReferralHomer Pithawala_Referral
Homer Pithawala_ReferralDivya Kothari
 
Umesh Aswar_Referral
Umesh Aswar_ReferralUmesh Aswar_Referral
Umesh Aswar_ReferralDivya Kothari
 
1986_Chernobyl_Meltdown.pptx
1986_Chernobyl_Meltdown.pptx1986_Chernobyl_Meltdown.pptx
1986_Chernobyl_Meltdown.pptxDivya Kothari
 

More from Divya Kothari (11)

The American Health Care System - Long Paper
The American Health Care System - Long PaperThe American Health Care System - Long Paper
The American Health Care System - Long Paper
 
Security Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. FrameworkSecurity Compliance Models- Checklist v. Framework
Security Compliance Models- Checklist v. Framework
 
Effect of Multitasking on GPA - Research Paper
Effect of Multitasking on GPA - Research PaperEffect of Multitasking on GPA - Research Paper
Effect of Multitasking on GPA - Research Paper
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment Report
 
Homer Pithawala_Referral
Homer Pithawala_ReferralHomer Pithawala_Referral
Homer Pithawala_Referral
 
Umesh Aswar_Referral
Umesh Aswar_ReferralUmesh Aswar_Referral
Umesh Aswar_Referral
 
Recognition_Letter
Recognition_LetterRecognition_Letter
Recognition_Letter
 
The Vyapam Case
The Vyapam CaseThe Vyapam Case
The Vyapam Case
 
1986_Chernobyl_Meltdown.pptx
1986_Chernobyl_Meltdown.pptx1986_Chernobyl_Meltdown.pptx
1986_Chernobyl_Meltdown.pptx
 

Intelligence Intelligence (Uber)

  • 1. INTELLIGENCE INTELLIGENCE IMT 553 - FINAL PROJECT Presented by: DIVYA KOTHARI karthik Krishnamurthy Nausheen Jawed Navin Hegde Sandeep Bhat(For educational purposes only)
  • 2. SOURCES OF THREATS/RISKS 1. People 2. Process 3. External events 4. Technology From an Information Assurance perspective, we chose to concentrate on Technology related risks. Scope: Since Uber is driven through network, the scope of our project is Network Security
  • 3. CRITICAL ASSETS 1. Software - Uber Application 2. Database server 3. Public facing servers 4. Internal servers 5. Directory (Access Management System) 6. Customer base
  • 4. Observable Types According to Kaspersky, the main two sources of threats penetration are - Internet - Email In this context, the observable types we chose are: 1. IP address 2. Domain names 3. Email and email artifacts
  • 5. IP Address - Desired State 1. Prevent access to dangerous hosts 2. Prevent dangerous hosts from accessing external facing systems
  • 6. Integrating IP Address in a Risk Management Program Risk: 1. Unauthorized access to confidential company information 2. Unauthorized access to customer database 3. Systems unavailability Major Risk Driver: Compromise of network security
  • 7. Methods for IP compromise: 1. Eavesdropping 2. IP Spoofing 3. Data Modification 4. Man in the middle attack Mitigation Plan: IP Blacklisting Integrating IP Address in a Risk Management Program
  • 8. IP Address - Validating Sources Factors used to validate the source: 1. No. of entries in the source 2. Diversity in the Geo-location of the IP address 3. False positive (to verify integrity of sources)
  • 9. IP Address- Validating Sources Step 1: Take three IP address sources Step 2: Count the number of entries in each source Step 3: By random sampling, we chose 5% of IP’s from each list Step 4: Find the geo-location of the chosen IP’s using mxtoolbox Step 5: Group the geo-location of the IP’s by continents Step 6: Check for False positive for the samples chosen Step 7: Assign a weighted score to the factors that have been used to validate the source Step 8: Give a relative total score to each source based on the weight of the metrics
  • 10. IP Address - Demo
  • 11. IP Address - Demo Result Metrics Source 1 Source 2 Source 3 Score Weighted Score Score Weighted Score Score Weighted Score No of entries (0.5) 3 (3*0.5)1.5 2 (2*0.5)1 1 (1*0.5)0.5 Diversity (geolocation) (0.3) 3 (3*0.3)0.9 2 (2*0.3)0.6 1 1(1*0.3)0.3 False positive (0.2) 2 (2*0.2)0.4 2 (2*0.2)0.4 2 (2*0.2)0.4 Total score 2.8 2 1.2
  • 12. Domain Names - Desired State 1. Prevent access to malicious domains 2. Prevent spam emails originating from malicious domains 3. Prevent emails that have phishing links
  • 13. Integrating Domain Names in a Risk Management Program Risk: 1. Unauthorized access to confidential company information 2. Unauthorized access to customer database 3. Systems unavailability Risk Drivers: 1. Inbound Compromise - Could be through phishing emails sent from malicious domains. 2. Outbound - Could occur through employees trying to access these domains Mitigation Plan: Domain Name Blacklisting
  • 14. Domain Names - Validating Sources Factors used to validate the source: 1. No of entries in the source 2. False positive (to verify integrity of sources)
  • 15. Domain Names: Validating Sources Step 1: Take three domain name sources Step 2: Count the number of entries in each source Step 3: By random sampling, we chose 5% of domain names from each list Step 4: Check the validity of the domain names using mxtoolbox Step 5: Assign a weighted score to the factors that have been used to validate the source Step 6: Give a relative total score to each source based on the weight of the metrics
  • 16. Domain names - Sample Toolbox
  • 17. Domain NAMES - DEMO Result Metrics Source 1 Source 2 Source 3 Score Weighted Score Score Weighted Score Score Weighted Score No of entries (0.6) 2 (2*0.6)1.2 3 (3*0.6)1.8 1 (1*0.6)0.6 False positive (0.4) 2 (2*0.4)0.8 1 (1*0.4)0.4 3 (3*0.4)1.2 Total score 2 2.2 1.8
  • 18. Email artifacts - Desired State 1. Prevent emails that have phishing links (move to spam) 2. Prevent emails with malicious attachments
  • 19. Email Artifacts - Validating Sources It's helpful to validate as many aspects of the email address as possible: the syntax the email against a list of bad email addresses the domain against a list of bad domains a list of mailbox domains whether or not the domain exists
  • 20. Priority list of observable types 1. IP Address 2. Domain Names 3. Email and email artifacts
  • 21. Limitations 1. Random Sampling 2. Not enough factors considered 3. Not taking subnets into IP consideration
  • 22. Recommendations 1. Periodic assessment of effectiveness of sources 2. Intelligence framework should be complementary 3. Update sources based on newly identified threats 4. Employee awareness programs 5. Incident Response Team
  • 23. APPENDIX Following are the primary six cyber intelligence resources we used to test our methodology: FOR DOMAIN NAME: ● http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt ● https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist ● http://malc0de.com/bl/BOOT FOR IP ADDRESSES: ● http://www.blocklist.de/lists/apache.txt ● http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt ● http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt
  • 24. BIBLIOGRAPHY Content: ● Juzenaite, R. 5th August, 2015, “The Most Hacker-Active Countries” Infosecinstitute. Accessed on 10th May, 2016. Retrieved from: http://resources.infosecinstitute.com/the-most-hacker-active-countries-part-i/ ● Kaspersky Lab Support “Safety 101: Main sources of threats penetration” Kaspersky Lab. Accessed on 16th May, 2016. Retrieved from: http://support.kaspersky.com/us/viruses/general/789#block2 ● Lam, James (2003) “Enterprise Risk Management: From Incentives to Controls” Hoboken, NJ: Wiley. 2003 (Print) Accessed on 2nd May, 2016. ● Microsoft TechNet, 21st January 2005 “Security Issues with IP” Microsoft TechNet. Accessed on 7th May, 2016. Retrieved from: https://technet.microsoft.com/en-us/library/cc783463(v=ws.10).aspx Image Credits: ● https://play.google.com/store/apps/details?id=com.ubercab ● http://www.technobuffalo.com/2014/08/12/uber-is-about-expand-to-other-apps/ ● http://thenextweb.com/insider/2015/07/15/why-uber-is-buying-map-companies/ ● http://techcrunch.com/2014/01/09/big-uberx-price-cuts/ ● http://www.post-gazette.com/business/legal/2015/03/18/Uber-and-Lyft-face-independent-contractor- challenge/stories/201503170013

Editor's Notes

  1. http://support.kaspersky.com/us/viruses/general/789#block2
  2. IPSec can be used to secure communication with other organizations, ensuring authentication and confidentiality and providing a key exchange mechanism.
  3. (Implications of the same) - Access to sensitive information - CIA https://technet.microsoft.com/en-us/library/cc783463(v=ws.10).aspx
  4. False positive - Over a period of time IP addresses might be reassigned. It is important to keep entries updated and discard ‘valid’ entries which should not be blacklisted.
  5. https://technet.microsoft.com/en-us/library/cc783463(v=ws.10).aspx