3. INCIDENT CLASSIFICATION
Incident classification is the
classification of the method(s) used
by an attacker through unauthorized
access, destruction, disclosure,
modification of data, and/or denial
of service. An incident can cover one
or more types of incident
classification as described as follows.
○ Spam
○ System Compromise
○ Scan
○ Denial of Service
○ Copyright Issue
○ Phishing
○ Malware
○ XSS
○ Vulnerability
○ Fastflux
○ SQL Injection
○ Information Leak
○ Scam
○ Cryptojacking
○ Locker
○ Screenlocker
○ Wiper
4. All incidents that are processed by the information security
response team shall be classified by the information security
response team. Incident classification informs those
involved of the severity and impact of the incident, and
ensures that the incident receives the appropriate level of
attention. Classification also ensures that the incident is
reported to management in a timely manner.
INCIDENT CLASSIFICATION
5.
6. NETWORK EVENT MONITORING
Event monitoring in networking is the process of collecting,
analyzing, and signaling event occurrences to operating system
processes, active database rules, and human operators. These
event occurrences may stem from software or hardware like
operating systems, database management systems, application
software, and processors.
7. ● The following occurrences may be designated as events for reporting
purposes:
○ Changes to a system’s hardware inventory
○ Changes to a system’s software inventory
○ Application access failures
○ Failed login attempts
○ Job failures
○ Connection failures
○ No device response to polls
○ Disabled protocols
8. NETWORK EVENT MONITORING
Common Network Devices to Monitor
● Routers: Routers help connect networks via the internet.
● Switches: Switches help connect devices such as servers, computers,
printers, and more. Monitoring switches is critical to ensure network
health and performance. It’s also essential to monitor traffic and
hardware through the switch.
● Firewalls: The role of a firewall is to protect the network by
controlling incoming and outgoing traffic.
● Servers: Server monitoring helps provide information about the
network, data usage, and more.
9. What do network monitoring tools do?
Network monitoring tools collect data
in some form from active network
devices, such as routers, switches, load
balancers, servers, firewalls, or
dedicated probes, which they analyze
to understand the condition of the
network.
NETWORK MONITORING TOOLS
What are network monitoring tools?
Network monitoring tools gather and
analyze network data to provide
network administrators with
information related to the status of
network appliances, link saturation,
active devices, the structure of
network traffic or the sources of
network problems and traffic
anomalies
10. // WILL INSERT SAMPLE
NETWORK MONITORING SOFTWARE TOOLS
1. Port Scanners
● Gather information across the network
- No special permissions requires
● Determine up/down status
- Ping or Address Resolution
Protocol (ARP)
● Check for open ports
- May indicate available services
● Scan Operating System
- Determine without logging in
● Scan services
- Version information
11. // WILL INSERT SAMPLE
2. Interface Monitoring
● Up or down
- The most important statistic
- No special rights or permissions required
- Green is good, red is bad
● Alarming and Alerting
- Notification in an interface fail to report
- Email, SMS
● Short-term and long-term reporting
- View availability over time
● Not focused on additional details
- Additional monitoring may require SNMP
12. // WILL INSERT SAMPLE
3. Packet Flow Monitoring
● Gather traffic statistics
- Metadata of actual traffic flows
● NetFlow (v5 and v9 are most common)
- Standard collection method
- Many products and options
● Probe and collector
- Probe watches network communication
- Summary records are sent to the collector
● Usually a separate reporting application
- Closely tied to the collector
13. 4. Simple Network Management Protocol
(SNMP)
- A database of data (MIB)
● SNMP versions
- v1 = The original
- Structured tables, in-the-clear
- v2 = a good step ahead
- Data type enhancement, bulk
transfer, still in-the-clear
- v3 = The new standard
- Message integrity, authentication,
encryption
● SNMP information can be very detailed
- Access should be very limited
// WILL INSERT SAMPLE
14. DETECTING NETWORK EVENTS
A network-based intrusion detection system is designed
to help organizations monitor their cloud, on-premise and
hybrid environments for suspicious events that could
indicate a compromise. This includes policy violations
and port scanning, plus unknown source and destination
traffic.
15. ● NIDS and NIPS
○ Intrusion Detection System/ Intrusion Prevention System
■ Watch network traffic
● Intrusions
○ Exploits against operating systems, applications, etc.
○ Buffer overflows, cross-site scripting, other vulnerabilities
● Detection vs. Prevention
○ Detection - Alarm or alert
○ Prevention - Stop it before it gets into the network
17. Understanding the problem
Item 1
Lorem ipsum dolor sit
amet, consectetur
adipiscing elit, sed do
eiusmod tempor
incididunt ut labore et
dolore magna aliqua.
Ut enim ad minim veniam,
quis nostrud exercitation
Item 2
Ut enim ad minim veniam,
quis nostrud exercitation
● Duis aute irure dolor
in reprehenderit in
voluptate velit
● Esse cillum dolore eu
fugiat nulla pariatur
Item 3
Excepteur sint occaecat
cupidatat non proident,
sunt in culpa qui officia
deserunt mollit anim id est
laborum.
19. Target audience
Lorem ipsum dolor sit amet,
consectetur adipiscing elit, sed do
eiusmod tempor incididunt
The competition:
● Lorem ipsum
● Dolor sit amet
20. INCIDENT CLASSIFICATION
Trend 1
Lorem ipsum dolor sit amet, consectetur
adipiscing elit, sed do eiusmod tempor
Client Implications:
● Incididunt ut labore et dolore
● Consectetur adipiscing elit, sed do
eiusmod tempor incididunt ut labore
Trend 2
Lorem ipsum dolor sit amet, consectetur
adipiscing elit, sed do eiusmod tempor
Client Implications:
● Incididunt ut labore et dolore
● Consectetur adipiscing elit, sed do
eiusmod tempor incididunt ut labore
21. Trend analysis
Findings
Lorem ipsum dolor sit amet, consectetur
adipiscing elit, sed do eiusmod tempor
Client Implications:
● Incididunt ut labore et dolore
● Consectetur adipiscing elit, sed do
eiusmod tempor incididunt ut labore
Item 1
Item 2
20XX
20
5
15
20XX
29
4
25
20XX
39
4
35
20XX
27
5
22
22. Proposed deliverables
Deliverable 1
● Lorem ipsum dolor sit amet
● Sed do eiusmod tempor incididunt ut labore
Deliverable 2
● Lorem ipsum dolor sit amet
● Sed do eiusmod tempor incididunt ut labore
Deliverable 3
● Lorem ipsum dolor sit amet
● Sed do eiusmod tempor incididunt ut labore
Deliverable 4
● Lorem ipsum dolor sit amet
● Sed do eiusmod tempor incididunt ut labore
23. Jan Feb Mar Apr May Jun Jul Jul
Timeline
Deployment In-production services
Global go-live
Advanced projects
● Example 1
● Example 2
24. The Team
Wendy Writer, CEO
Lorem ipsum dolor sit amet,
consectetur adipiscing elit,
sed do eiusmod tempor
Ronny Reader, CFO
Ut enim ad minim veniam,
quis nostrud exercitation
ullamco laboris nisi ut
aliquip ex ea commodo
consequat
Abby Author, CTO
Duis aute irure dolor in
reprehenderit in voluptate
velit esse cillum dolore eu
fugiat nulla pariatur
Berry Books, CPO
Excepteur sint occaecat
cupidatat non proident, sunt
in culpa qui officia deserunt
mollit anim id est laborum