SlideShare a Scribd company logo

Hacking3e ppt ch15

•Download as PPTX, PDF•
•
S
Skillspire LLC

cybersecurity

Education
1 of 35
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Hacker Techniques, Tools, and Incident Handling Chapter 15 Defensive Technologies
Page 2 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.  Identify security controls and defensive technologies. Learning Objective
Page 3 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.  Intrusion detection/prevention systems  Firewalls and other detection methods  Common security issues Key Concepts
Page 4 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Defense in Depth
Page 5 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Intrusion Detection Systems: Key Terms Intrusion Misuse Intrusion detection Misuse detection
Page 6 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. IDS Mechanisms Signature recognition Anomaly detection
Page 7 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. IDS Response Matrix
Page 8 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of IDSs Network-based intrusion detection system (NIDS) Host-based intrusion detection system (HIDS) Log file monitoring File integrity checking
Page 9 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. NIDS and HIDS Features
Page 10 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. IDS Components  Pattern recognition and pattern matching to known attacks  Analysis of traffic for abnormal communication  Integrity checking of files  Tracking of user and system activity  Traffic monitoring  Traffic analysis  Events log monitoring and analysis
Page 11 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Components of a NIDS
Page 12 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Components of a NIDS (Cont.) Steps an IDS uses for signature-based detection: 1. A host creates a network packet. At this point nothing is known other than the packet exists and was sent from a host in the network. 2. The sensor sniffs the packet off the network segment. This sensor is placed so it can read the packet. 3. The IDS and the sensor match the packet with known signatures of misuse. When a match is detected, an alert is generated and sent to the command console.
Page 13 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Components of a NIDS (Cont.) Steps an IDS uses for signature-based detection: 4. The command console receives and displays the alert, which notifies the security administrator or system owner of the intrusion. 5. The system owner responds based on the information the IDS provides. 6. The alert is logged for future analysis and reference. This information can be logged in a local database or in a central location shared by several systems.
Page 14 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Components of a HIDS
Page 15 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Setting Goals Response Capability Response Accountability
Page 16 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Limitations of an IDS  Know strength and weaknesses of your IDS technology  IDS supplements existing security technologies  IDS only detects and reports what you tell it to  Understand and update your network  If hardware supporting the IDS fails, the IDS may become ineffective or worthless  IDS provides a way to detect an attack but not how to deal with it — this belongs to the organization’s intrusion prevention system (IPS)  IDS may generate extensive data which must be analyzed to ensure attacks are caused
Page 17 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Intrusion Prevention Systems IPS responses to an attack Regulating and stopping suspicious traffic Blocking access to systems Locking out misused user accounts
Page 18 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Purpose of Firewalls  Control the flow of network traffic  Separate networks and organizations into different zones of trust  On perimeter, form a logical and physical barrier between the organization’s network and everything outside  Segment a network internally or within the organization
Page 19 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Firewall Modes Packet filtering Stateful inspection Application proxying
Page 20 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Limitations of a Firewall Viruses Misuse Secondary connections Social engineering Poor design
Page 21 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Implementing Firewalls: Single Packet-Filtering Device  Network is protected by a single packet-filtering device configured to permit or deny access
Page 22 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Implementing Firewalls: Multi-homed Device  Device has multiple network interfaces that use rules to determine how packets will be forwarded between interfaces
Page 23 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Implementing Firewalls: Screened Host  Network is protected by a device that combines the features of proxy servers with packet filtering
Page 24 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Implementing Firewalls: Demilitarized Zone (DMZ)  Region of network or zone that is sandwiched between two firewalls  Set up to host publicly available services
Page 25 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Firewall Policy  The blueprint that dictates how the firewall is installed, configured, and managed  Represents a subset of the overall organizational security policy  Two common approaches: • Implicitly allow everything, explicitly deny only those things you do not want • Implicitly deny everything, allow only those things you know you need
Page 26 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Network Connectivity Policy  Network scanning prohibited except by approved personnel  Only certain types of network communication allowed  Users may access the web via port 80, as required  User may access email on port 25, as required  Users may not access Network News Transfer Protocol (NNTP)  Antivirus software and updates must be installed and running and computers and servers  Only network administrators may install new hardware on any computer  Don’t allow unauthorized connections to the Internet
Page 27 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Contracted Worker Statement No access to unauthorized resources Not permitted to scan the network May not use FTP unless granted permission in writing
Page 28 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Firewall Administrator Statement Be trained on firewall in use Be aware of all authorized applications and services Reports to an entity such as chief information officer Must have procedure to reach firewall administrator in even of a security incident
Page 29 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Honeynets and Honeypots  Honeypot: A computer configured to attract attackers to it; acts as a decoy • Placed in a location so that if an attacker is able to get around the firewall and other security devices, honeypot draws attention away from more sensitive assets  Honeynet: A group of vulnerable systems (honeypots) or a network
Page 30 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Legal Issues Legal Entrapment
Page 31 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Role of Controls  Administrative, technical, and physical controls are part of a layered approach  By combining layers, you gain: • Advantage of multiple mechanisms to protect systems • Advantage of having a hedge against failure; if one layer or mechanism fails, you have others to fall back on
Page 32 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Common Controls  Administrative • Implicit deny, least privilege, separation of duties, job rotation, required vacation, privilege management  Technical • Access control software, malware solutions, passwords, security tokens, biometrics, antivirus software  Physical • Alternative power sources, flood management, fences, guards, locks, fire suppression system, biometrics, building design and location
Page 33 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Information and Event Management (SIEM) Collection of software and devices that help security professionals manage their environments Monitors log files, network traffic, and processes for security events Provides real-time analysis, stores activity for trend analysis, and triggers alerts for suspect activity Provides tools to manage security controls and the collection of security event data
Page 34 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Sources for Guidance  A Security Technical Implementation Guide (STIG): • National Institute of Standards and Technology (NIST) National Checklist Program Repository (https://nvd.nist.gov/ncp/repository) • Information Assurance Support Environment (IASE) STIGs (https://iase.disa.mil/stigs/Pages/index.aspx) • STIG search tool (https://stigviewer.com/)
Page 35 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary  Intrusion detection/prevention systems  Firewalls and other detection methods  Common security issues

Recommended

Hacking3e ppt ch13
Hacking3e ppt ch13Hacking3e ppt ch13
Hacking3e ppt ch13Skillspire LLC
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03Skillspire LLC
 
Hacking3e ppt ch09
Hacking3e ppt ch09Hacking3e ppt ch09
Hacking3e ppt ch09Skillspire LLC
 
Hacking3e ppt ch01
Hacking3e ppt ch01Hacking3e ppt ch01
Hacking3e ppt ch01Skillspire LLC
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05Skillspire LLC
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10Skillspire LLC
 
Hacking3e ppt ch04
Hacking3e ppt ch04Hacking3e ppt ch04
Hacking3e ppt ch04Skillspire LLC
 
Hacking3e ppt ch11
Hacking3e ppt ch11Hacking3e ppt ch11
Hacking3e ppt ch11Skillspire LLC
 

Recommended

Hacking3e ppt ch13
Hacking3e ppt ch13Hacking3e ppt ch13
Hacking3e ppt ch13Skillspire LLC
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03Skillspire LLC
 
Hacking3e ppt ch09
Hacking3e ppt ch09Hacking3e ppt ch09
Hacking3e ppt ch09Skillspire LLC
 
Hacking3e ppt ch01
Hacking3e ppt ch01Hacking3e ppt ch01
Hacking3e ppt ch01Skillspire LLC
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05Skillspire LLC
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10Skillspire LLC
 
Hacking3e ppt ch04
Hacking3e ppt ch04Hacking3e ppt ch04
Hacking3e ppt ch04Skillspire LLC
 
Hacking3e ppt ch11
Hacking3e ppt ch11Hacking3e ppt ch11
Hacking3e ppt ch11Skillspire LLC
 
Funsec3e ppt ch14
Funsec3e ppt ch14Funsec3e ppt ch14
Funsec3e ppt ch14Skillspire LLC
 
Hacking3e ppt ch02
Hacking3e ppt ch02Hacking3e ppt ch02
Hacking3e ppt ch02Skillspire LLC
 
Hacking3e ppt ch06
Hacking3e ppt ch06Hacking3e ppt ch06
Hacking3e ppt ch06Skillspire LLC
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11Skillspire LLC
 
Forensic3e ppt ch03
Forensic3e ppt ch03Forensic3e ppt ch03
Forensic3e ppt ch03Skillspire LLC
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Dr. Ahmed Al Zaidy
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13Skillspire LLC
 
Forensic3e ppt ch07
Forensic3e ppt ch07Forensic3e ppt ch07
Forensic3e ppt ch07Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch13
Funsec3e ppt ch13Funsec3e ppt ch13
Funsec3e ppt ch13Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch10
Funsec3e ppt ch10Funsec3e ppt ch10
Funsec3e ppt ch10Skillspire LLC
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowTechSoup
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementseadeloitte
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWithum
 
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxSecurity Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxjeffreye3
 
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxSecurity Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxkenjordan97598
 

More Related Content

What's hot

Funsec3e ppt ch14
Funsec3e ppt ch14Funsec3e ppt ch14
Funsec3e ppt ch14Skillspire LLC
 
Hacking3e ppt ch02
Hacking3e ppt ch02Hacking3e ppt ch02
Hacking3e ppt ch02Skillspire LLC
 
Hacking3e ppt ch06
Hacking3e ppt ch06Hacking3e ppt ch06
Hacking3e ppt ch06Skillspire LLC
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11Skillspire LLC
 
Forensic3e ppt ch03
Forensic3e ppt ch03Forensic3e ppt ch03
Forensic3e ppt ch03Skillspire LLC
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Dr. Ahmed Al Zaidy
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13Skillspire LLC
 
Forensic3e ppt ch07
Forensic3e ppt ch07Forensic3e ppt ch07
Forensic3e ppt ch07Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch13
Funsec3e ppt ch13Funsec3e ppt ch13
Funsec3e ppt ch13Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch10
Funsec3e ppt ch10Funsec3e ppt ch10
Funsec3e ppt ch10Skillspire LLC
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowTechSoup
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementseadeloitte
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWithum
 

What's hot (20)

Funsec3e ppt ch14
Funsec3e ppt ch14Funsec3e ppt ch14
Funsec3e ppt ch14
 
Hacking3e ppt ch02
Hacking3e ppt ch02Hacking3e ppt ch02
Hacking3e ppt ch02
 
Hacking3e ppt ch06
Hacking3e ppt ch06Hacking3e ppt ch06
Hacking3e ppt ch06
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11
 
Forensic3e ppt ch03
Forensic3e ppt ch03Forensic3e ppt ch03
Forensic3e ppt ch03
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 Aitp
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06
 
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13
 
Forensic3e ppt ch07
Forensic3e ppt ch07Forensic3e ppt ch07
Forensic3e ppt ch07
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
 
Funsec3e ppt ch13
Funsec3e ppt ch13Funsec3e ppt ch13
Funsec3e ppt ch13
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
 
Funsec3e ppt ch10
Funsec3e ppt ch10Funsec3e ppt ch10
Funsec3e ppt ch10
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access management
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9
 
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for NonprofitsWebinar: Understanding the Cyber Threat Landscape for Nonprofits
Webinar: Understanding the Cyber Threat Landscape for Nonprofits
 

Similar to Hacking3e ppt ch15

Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxSecurity Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxjeffreye3
 
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxSecurity Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxkenjordan97598
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsDam Frank
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityOnward Security
 
ENSA_Module_3.pptx
ENSA_Module_3.pptxENSA_Module_3.pptx
ENSA_Module_3.pptxSkyBlue659156
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik SecurityRofiq Fauzi
 
A REVIEW ON INTRUSION DETECTION SYSTEM
A REVIEW ON INTRUSION DETECTION SYSTEMA REVIEW ON INTRUSION DETECTION SYSTEM
A REVIEW ON INTRUSION DETECTION SYSTEMLaurie Smith
 
Emulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect IntelligenceEmulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect IntelligenceAdam Pennington
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update SlidesJim Kaplan CIA CFE
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
info-sys-security3.pptx
info-sys-security3.pptxinfo-sys-security3.pptx
info-sys-security3.pptxMhndHTaani
 
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdfBelayet Hossain
 
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Inno Eroraha [NetSecurity]
 
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...Brian Bissett
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threatsSsendiSamuel
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Gabriel Dusil
 

Similar to Hacking3e ppt ch15 (20)

Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxSecurity Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docx
 
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docxSecurity Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docx
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT Systems
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
 
ENSA_Module_3.pptx
ENSA_Module_3.pptxENSA_Module_3.pptx
ENSA_Module_3.pptx
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik Security
 
A REVIEW ON INTRUSION DETECTION SYSTEM
A REVIEW ON INTRUSION DETECTION SYSTEMA REVIEW ON INTRUSION DETECTION SYSTEM
A REVIEW ON INTRUSION DETECTION SYSTEM
 
Emulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect IntelligenceEmulating an Adversary with Imperfect Intelligence
Emulating an Adversary with Imperfect Intelligence
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
info-sys-security3.pptx
info-sys-security3.pptxinfo-sys-security3.pptx
info-sys-security3.pptx
 
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
3.8 Ways to Establish Secure Protocols in a Digital Organization.pdf
 
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
 
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...
Presentation given at Bio-IT World 2016 as a Senior Member of the IEEE on the...
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threats
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
 

More from Skillspire LLC

Introduction to analytics
Introduction to analyticsIntroduction to analytics
Introduction to analyticsSkillspire LLC
 
Review version 4
Review version 4Review version 4
Review version 4Skillspire LLC
 
Review version 3
Review version 3Review version 3
Review version 3Skillspire LLC
 
Review version 2
Review version 2Review version 2
Review version 2Skillspire LLC
 

More from Skillspire LLC (20)

Logistics
LogisticsLogistics
Logistics
 
Introduction to analytics
Introduction to analyticsIntroduction to analytics
Introduction to analytics
 
Lecture 31
Lecture 31Lecture 31
Lecture 31
 
Lecture 30
Lecture 30Lecture 30
Lecture 30
 
Lecture 29
Lecture 29Lecture 29
Lecture 29
 
Review
ReviewReview
Review
 
Review version 4
Review version 4Review version 4
Review version 4
 
Review version 3
Review version 3Review version 3
Review version 3
 
Review version 2
Review version 2Review version 2
Review version 2
 
Lecture 25
Lecture 25Lecture 25
Lecture 25
 
Lecture 24
Lecture 24Lecture 24
Lecture 24
 
Lecture 23 p1
Lecture 23 p1Lecture 23 p1
Lecture 23 p1
 
Lecture 21
Lecture 21Lecture 21
Lecture 21
 
Lecture 17
Lecture 17Lecture 17
Lecture 17
 
Lecture 16
Lecture 16Lecture 16
Lecture 16
 
Lecture 15
Lecture 15Lecture 15
Lecture 15
 
Lecture 14
Lecture 14Lecture 14
Lecture 14
 
Lecture 14
Lecture 14Lecture 14
Lecture 14
 
Lecture 13
Lecture 13Lecture 13
Lecture 13
 
Lecture 12
Lecture 12Lecture 12
Lecture 12
 

Recently uploaded

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 

Recently uploaded (20)

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 

Hacking3e ppt ch15

  • 1. © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Hacker Techniques, Tools, and Incident Handling Chapter 15 Defensive Technologies
  • 2. Page 2 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.  Identify security controls and defensive technologies. Learning Objective
  • 3. Page 3 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.  Intrusion detection/prevention systems  Firewalls and other detection methods  Common security issues Key Concepts
  • 4. Page 4 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Defense in Depth
  • 5. Page 5 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Intrusion Detection Systems: Key Terms Intrusion Misuse Intrusion detection Misuse detection
  • 6. Page 6 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. IDS Mechanisms Signature recognition Anomaly detection
  • 7. Page 7 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. IDS Response Matrix
  • 8. Page 8 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of IDSs Network-based intrusion detection system (NIDS) Host-based intrusion detection system (HIDS) Log file monitoring File integrity checking
  • 9. Page 9 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. NIDS and HIDS Features
  • 10. Page 10 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. IDS Components  Pattern recognition and pattern matching to known attacks  Analysis of traffic for abnormal communication  Integrity checking of files  Tracking of user and system activity  Traffic monitoring  Traffic analysis  Events log monitoring and analysis
  • 11. Page 11 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Components of a NIDS
  • 12. Page 12 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Components of a NIDS (Cont.) Steps an IDS uses for signature-based detection: 1. A host creates a network packet. At this point nothing is known other than the packet exists and was sent from a host in the network. 2. The sensor sniffs the packet off the network segment. This sensor is placed so it can read the packet. 3. The IDS and the sensor match the packet with known signatures of misuse. When a match is detected, an alert is generated and sent to the command console.
  • 13. Page 13 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Components of a NIDS (Cont.) Steps an IDS uses for signature-based detection: 4. The command console receives and displays the alert, which notifies the security administrator or system owner of the intrusion. 5. The system owner responds based on the information the IDS provides. 6. The alert is logged for future analysis and reference. This information can be logged in a local database or in a central location shared by several systems.
  • 14. Page 14 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Components of a HIDS
  • 15. Page 15 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Setting Goals Response Capability Response Accountability
  • 16. Page 16 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Limitations of an IDS  Know strength and weaknesses of your IDS technology  IDS supplements existing security technologies  IDS only detects and reports what you tell it to  Understand and update your network  If hardware supporting the IDS fails, the IDS may become ineffective or worthless  IDS provides a way to detect an attack but not how to deal with it — this belongs to the organization’s intrusion prevention system (IPS)  IDS may generate extensive data which must be analyzed to ensure attacks are caused
  • 17. Page 17 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Intrusion Prevention Systems IPS responses to an attack Regulating and stopping suspicious traffic Blocking access to systems Locking out misused user accounts
  • 18. Page 18 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Purpose of Firewalls  Control the flow of network traffic  Separate networks and organizations into different zones of trust  On perimeter, form a logical and physical barrier between the organization’s network and everything outside  Segment a network internally or within the organization
  • 19. Page 19 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Firewall Modes Packet filtering Stateful inspection Application proxying
  • 20. Page 20 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Limitations of a Firewall Viruses Misuse Secondary connections Social engineering Poor design
  • 21. Page 21 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Implementing Firewalls: Single Packet-Filtering Device  Network is protected by a single packet-filtering device configured to permit or deny access
  • 22. Page 22 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Implementing Firewalls: Multi-homed Device  Device has multiple network interfaces that use rules to determine how packets will be forwarded between interfaces
  • 23. Page 23 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Implementing Firewalls: Screened Host  Network is protected by a device that combines the features of proxy servers with packet filtering
  • 24. Page 24 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Implementing Firewalls: Demilitarized Zone (DMZ)  Region of network or zone that is sandwiched between two firewalls  Set up to host publicly available services
  • 25. Page 25 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Firewall Policy  The blueprint that dictates how the firewall is installed, configured, and managed  Represents a subset of the overall organizational security policy  Two common approaches: • Implicitly allow everything, explicitly deny only those things you do not want • Implicitly deny everything, allow only those things you know you need
  • 26. Page 26 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Network Connectivity Policy  Network scanning prohibited except by approved personnel  Only certain types of network communication allowed  Users may access the web via port 80, as required  User may access email on port 25, as required  Users may not access Network News Transfer Protocol (NNTP)  Antivirus software and updates must be installed and running and computers and servers  Only network administrators may install new hardware on any computer  Don’t allow unauthorized connections to the Internet
  • 27. Page 27 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Contracted Worker Statement No access to unauthorized resources Not permitted to scan the network May not use FTP unless granted permission in writing
  • 28. Page 28 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Firewall Administrator Statement Be trained on firewall in use Be aware of all authorized applications and services Reports to an entity such as chief information officer Must have procedure to reach firewall administrator in even of a security incident
  • 29. Page 29 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Honeynets and Honeypots  Honeypot: A computer configured to attract attackers to it; acts as a decoy • Placed in a location so that if an attacker is able to get around the firewall and other security devices, honeypot draws attention away from more sensitive assets  Honeynet: A group of vulnerable systems (honeypots) or a network
  • 30. Page 30 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Legal Issues Legal Entrapment
  • 31. Page 31 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Role of Controls  Administrative, technical, and physical controls are part of a layered approach  By combining layers, you gain: • Advantage of multiple mechanisms to protect systems • Advantage of having a hedge against failure; if one layer or mechanism fails, you have others to fall back on
  • 32. Page 32 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Common Controls  Administrative • Implicit deny, least privilege, separation of duties, job rotation, required vacation, privilege management  Technical • Access control software, malware solutions, passwords, security tokens, biometrics, antivirus software  Physical • Alternative power sources, flood management, fences, guards, locks, fire suppression system, biometrics, building design and location
  • 33. Page 33 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Information and Event Management (SIEM) Collection of software and devices that help security professionals manage their environments Monitors log files, network traffic, and processes for security events Provides real-time analysis, stores activity for trend analysis, and triggers alerts for suspect activity Provides tools to manage security controls and the collection of security event data
  • 34. Page 34 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Sources for Guidance  A Security Technical Implementation Guide (STIG): • National Institute of Standards and Technology (NIST) National Checklist Program Repository (https://nvd.nist.gov/ncp/repository) • Information Assurance Support Environment (IASE) STIGs (https://iase.disa.mil/stigs/Pages/index.aspx) • STIG search tool (https://stigviewer.com/)
  • 35. Page 35 Hacker Techniques, Tools, and Incident Handling © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary  Intrusion detection/prevention systems  Firewalls and other detection methods  Common security issues