SlideShare a Scribd company logo

BSIT3CD_Continuation of Cyber incident response (1).pdf

S
StevenJoeBiago

incident response

Business
1 of 24
Download to read offline
CYBER INCIDENT RESPONSE Presented by: Biago, Steven Joe R. Ocado, Maria Concepcion L.
Content Discussion: 1. Incident Classification 2. Network Event monitoring 3. Network Monitoring Tools 4. Detecting Network Events
INCIDENT CLASSIFICATION Incident classification is the classification of the method(s) used by an attacker through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. An incident can cover one or more types of incident classification as described as follows. ○ Spam ○ System Compromise ○ Scan ○ Denial of Service ○ Copyright Issue ○ Phishing ○ Malware ○ XSS ○ Vulnerability ○ Fastflux ○ SQL Injection ○ Information Leak ○ Scam ○ Cryptojacking ○ Locker ○ Screenlocker ○ Wiper
All incidents that are processed by the information security response team shall be classified by the information security response team. Incident classification informs those involved of the severity and impact of the incident, and ensures that the incident receives the appropriate level of attention. Classification also ensures that the incident is reported to management in a timely manner. INCIDENT CLASSIFICATION
NETWORK EVENT MONITORING Event monitoring in networking is the process of collecting, analyzing, and signaling event occurrences to operating system processes, active database rules, and human operators. These event occurrences may stem from software or hardware like operating systems, database management systems, application software, and processors.
● The following occurrences may be designated as events for reporting purposes: ○ Changes to a system’s hardware inventory ○ Changes to a system’s software inventory ○ Application access failures ○ Failed login attempts ○ Job failures ○ Connection failures ○ No device response to polls ○ Disabled protocols
NETWORK EVENT MONITORING Common Network Devices to Monitor ● Routers: Routers help connect networks via the internet. ● Switches: Switches help connect devices such as servers, computers, printers, and more. Monitoring switches is critical to ensure network health and performance. It’s also essential to monitor traffic and hardware through the switch. ● Firewalls: The role of a firewall is to protect the network by controlling incoming and outgoing traffic. ● Servers: Server monitoring helps provide information about the network, data usage, and more.
What do network monitoring tools do? Network monitoring tools collect data in some form from active network devices, such as routers, switches, load balancers, servers, firewalls, or dedicated probes, which they analyze to understand the condition of the network. NETWORK MONITORING TOOLS What are network monitoring tools? Network monitoring tools gather and analyze network data to provide network administrators with information related to the status of network appliances, link saturation, active devices, the structure of network traffic or the sources of network problems and traffic anomalies
// WILL INSERT SAMPLE NETWORK MONITORING SOFTWARE TOOLS 1. Port Scanners ● Gather information across the network - No special permissions requires ● Determine up/down status - Ping or Address Resolution Protocol (ARP) ● Check for open ports - May indicate available services ● Scan Operating System - Determine without logging in ● Scan services - Version information
// WILL INSERT SAMPLE 2. Interface Monitoring ● Up or down - The most important statistic - No special rights or permissions required - Green is good, red is bad ● Alarming and Alerting - Notification in an interface fail to report - Email, SMS ● Short-term and long-term reporting - View availability over time ● Not focused on additional details - Additional monitoring may require SNMP
// WILL INSERT SAMPLE 3. Packet Flow Monitoring ● Gather traffic statistics - Metadata of actual traffic flows ● NetFlow (v5 and v9 are most common) - Standard collection method - Many products and options ● Probe and collector - Probe watches network communication - Summary records are sent to the collector ● Usually a separate reporting application - Closely tied to the collector
4. Simple Network Management Protocol (SNMP) - A database of data (MIB) ● SNMP versions - v1 = The original - Structured tables, in-the-clear - v2 = a good step ahead - Data type enhancement, bulk transfer, still in-the-clear - v3 = The new standard - Message integrity, authentication, encryption ● SNMP information can be very detailed - Access should be very limited // WILL INSERT SAMPLE
DETECTING NETWORK EVENTS A network-based intrusion detection system is designed to help organizations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic.
● NIDS and NIPS ○ Intrusion Detection System/ Intrusion Prevention System ■ Watch network traffic ● Intrusions ○ Exploits against operating systems, applications, etc. ○ Buffer overflows, cross-site scripting, other vulnerabilities ● Detection vs. Prevention ○ Detection - Alarm or alert ○ Prevention - Stop it before it gets into the network
Project objective: Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do
Understanding the problem Item 1 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation Item 2 Ut enim ad minim veniam, quis nostrud exercitation ● Duis aute irure dolor in reprehenderit in voluptate velit ● Esse cillum dolore eu fugiat nulla pariatur Item 3 Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
Understanding the market
Target audience Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt The competition: ● Lorem ipsum ● Dolor sit amet
INCIDENT CLASSIFICATION Trend 1 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Client Implications: ● Incididunt ut labore et dolore ● Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore Trend 2 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Client Implications: ● Incididunt ut labore et dolore ● Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore
Trend analysis Findings Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Client Implications: ● Incididunt ut labore et dolore ● Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore Item 1 Item 2 20XX 20 5 15 20XX 29 4 25 20XX 39 4 35 20XX 27 5 22
Proposed deliverables Deliverable 1 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore Deliverable 2 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore Deliverable 3 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore Deliverable 4 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore
Jan Feb Mar Apr May Jun Jul Jul Timeline Deployment In-production services Global go-live Advanced projects ● Example 1 ● Example 2
The Team Wendy Writer, CEO Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Ronny Reader, CFO Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat Abby Author, CTO Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur Berry Books, CPO Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum

Recommended

infoAssurance (1).pptx
infoAssurance (1).pptxinfoAssurance (1).pptx
infoAssurance (1).pptxStevenJoeBiago
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cyclepenetration Tester
 
M1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdfM1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdfShylesh BC
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacksdkaya
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxtalkaton
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdftalkaton
 

Recommended

infoAssurance (1).pptx
infoAssurance (1).pptxinfoAssurance (1).pptx
infoAssurance (1).pptxStevenJoeBiago
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cyclepenetration Tester
 
M1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdfM1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdfShylesh BC
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
Mitigating worm attacks
Mitigating worm attacksMitigating worm attacks
Mitigating worm attacksdkaya
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?Bhavin Shah
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxtalkaton
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdftalkaton
 
Mobile fraud detection using neural networks
Mobile fraud detection using neural networksMobile fraud detection using neural networks
Mobile fraud detection using neural networksVidhya Moorthy
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02PacSecJP
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareTzar Umang
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET Journal
 
Penetration testing using metasploit framework
Penetration testing using metasploit frameworkPenetration testing using metasploit framework
Penetration testing using metasploit frameworkPawanKesharwani
 
Observability in highly distributed systems
Observability in highly distributed systemsObservability in highly distributed systems
Observability in highly distributed systemsDevOps Indonesia
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxSUBHI7
 
13.02 Network Security
13.02 Network Security13.02 Network Security
13.02 Network SecurityAnjan Mahanta
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
1 (20 files merged).ppt
1 (20 files merged).ppt1 (20 files merged).ppt
1 (20 files merged).pptseshas1
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET Journal
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of CybercrimeStephen Cobb
 
GSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
GSA calls out Cyber Hunt skills in final Cybersecurity Contract OralsGSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
GSA calls out Cyber Hunt skills in final Cybersecurity Contract OralsDavid Sweigert
 
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsFederal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsSolarWinds
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial EmulationScott Sutherland
 
Identify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfIdentify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfMeresa Hiluf`
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 

More Related Content

Similar to BSIT3CD_Continuation of Cyber incident response (1).pdf

Mobile fraud detection using neural networks
Mobile fraud detection using neural networksMobile fraud detection using neural networks
Mobile fraud detection using neural networksVidhya Moorthy
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02PacSecJP
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareTzar Umang
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET Journal
 
Penetration testing using metasploit framework
Penetration testing using metasploit frameworkPenetration testing using metasploit framework
Penetration testing using metasploit frameworkPawanKesharwani
 
Observability in highly distributed systems
Observability in highly distributed systemsObservability in highly distributed systems
Observability in highly distributed systemsDevOps Indonesia
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxSUBHI7
 
13.02 Network Security
13.02 Network Security13.02 Network Security
13.02 Network SecurityAnjan Mahanta
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
1 (20 files merged).ppt
1 (20 files merged).ppt1 (20 files merged).ppt
1 (20 files merged).pptseshas1
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET Journal
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of CybercrimeStephen Cobb
 
GSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
GSA calls out Cyber Hunt skills in final Cybersecurity Contract OralsGSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
GSA calls out Cyber Hunt skills in final Cybersecurity Contract OralsDavid Sweigert
 
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsFederal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsSolarWinds
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial EmulationScott Sutherland
 
Identify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfIdentify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfMeresa Hiluf`
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 

Similar to BSIT3CD_Continuation of Cyber incident response (1).pdf (20)

Mobile fraud detection using neural networks
Mobile fraud detection using neural networksMobile fraud detection using neural networks
Mobile fraud detection using neural networks
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
 
Cloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-wareCloud security From Infrastructure to People-ware
Cloud security From Infrastructure to People-ware
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit Framework
 
Penetration testing using metasploit framework
Penetration testing using metasploit frameworkPenetration testing using metasploit framework
Penetration testing using metasploit framework
 
Observability in highly distributed systems
Observability in highly distributed systemsObservability in highly distributed systems
Observability in highly distributed systems
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
 
13.02 Network Security
13.02 Network Security13.02 Network Security
13.02 Network Security
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
1 (20 files merged).ppt
1 (20 files merged).ppt1 (20 files merged).ppt
1 (20 files merged).ppt
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and Mitigation
 
The Evolution of Cybercrime
The Evolution of CybercrimeThe Evolution of Cybercrime
The Evolution of Cybercrime
 
GSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
GSA calls out Cyber Hunt skills in final Cybersecurity Contract OralsGSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
GSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
 
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management ToolsFederal Webinar: Security Compliance with SolarWinds Network Management Tools
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
 
Identify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfIdentify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdf
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 

Recently uploaded

BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...lizamodels9
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creationsnakalysalcedo61
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry BelcherA.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry BelcherPerry Belcher
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCRsoniya singh
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckPitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckHajeJanKamps
 
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756dollysharma2066
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxAbhayThakur200703
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedKaiNexus
 
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 

Recently uploaded (20)

BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creations
 
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Mehrauli Delhi 💯Call Us 🔝8264348440🔝
 
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry BelcherA.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckPitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
 
KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)
 
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptx
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
 
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In BELLMONT HOTEL ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 

BSIT3CD_Continuation of Cyber incident response (1).pdf

  • 1. CYBER INCIDENT RESPONSE Presented by: Biago, Steven Joe R. Ocado, Maria Concepcion L.
  • 2. Content Discussion: 1. Incident Classification 2. Network Event monitoring 3. Network Monitoring Tools 4. Detecting Network Events
  • 3. INCIDENT CLASSIFICATION Incident classification is the classification of the method(s) used by an attacker through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. An incident can cover one or more types of incident classification as described as follows. ○ Spam ○ System Compromise ○ Scan ○ Denial of Service ○ Copyright Issue ○ Phishing ○ Malware ○ XSS ○ Vulnerability ○ Fastflux ○ SQL Injection ○ Information Leak ○ Scam ○ Cryptojacking ○ Locker ○ Screenlocker ○ Wiper
  • 4. All incidents that are processed by the information security response team shall be classified by the information security response team. Incident classification informs those involved of the severity and impact of the incident, and ensures that the incident receives the appropriate level of attention. Classification also ensures that the incident is reported to management in a timely manner. INCIDENT CLASSIFICATION
  • 5.
  • 6. NETWORK EVENT MONITORING Event monitoring in networking is the process of collecting, analyzing, and signaling event occurrences to operating system processes, active database rules, and human operators. These event occurrences may stem from software or hardware like operating systems, database management systems, application software, and processors.
  • 7. ● The following occurrences may be designated as events for reporting purposes: ○ Changes to a system’s hardware inventory ○ Changes to a system’s software inventory ○ Application access failures ○ Failed login attempts ○ Job failures ○ Connection failures ○ No device response to polls ○ Disabled protocols
  • 8. NETWORK EVENT MONITORING Common Network Devices to Monitor ● Routers: Routers help connect networks via the internet. ● Switches: Switches help connect devices such as servers, computers, printers, and more. Monitoring switches is critical to ensure network health and performance. It’s also essential to monitor traffic and hardware through the switch. ● Firewalls: The role of a firewall is to protect the network by controlling incoming and outgoing traffic. ● Servers: Server monitoring helps provide information about the network, data usage, and more.
  • 9. What do network monitoring tools do? Network monitoring tools collect data in some form from active network devices, such as routers, switches, load balancers, servers, firewalls, or dedicated probes, which they analyze to understand the condition of the network. NETWORK MONITORING TOOLS What are network monitoring tools? Network monitoring tools gather and analyze network data to provide network administrators with information related to the status of network appliances, link saturation, active devices, the structure of network traffic or the sources of network problems and traffic anomalies
  • 10. // WILL INSERT SAMPLE NETWORK MONITORING SOFTWARE TOOLS 1. Port Scanners ● Gather information across the network - No special permissions requires ● Determine up/down status - Ping or Address Resolution Protocol (ARP) ● Check for open ports - May indicate available services ● Scan Operating System - Determine without logging in ● Scan services - Version information
  • 11. // WILL INSERT SAMPLE 2. Interface Monitoring ● Up or down - The most important statistic - No special rights or permissions required - Green is good, red is bad ● Alarming and Alerting - Notification in an interface fail to report - Email, SMS ● Short-term and long-term reporting - View availability over time ● Not focused on additional details - Additional monitoring may require SNMP
  • 12. // WILL INSERT SAMPLE 3. Packet Flow Monitoring ● Gather traffic statistics - Metadata of actual traffic flows ● NetFlow (v5 and v9 are most common) - Standard collection method - Many products and options ● Probe and collector - Probe watches network communication - Summary records are sent to the collector ● Usually a separate reporting application - Closely tied to the collector
  • 13. 4. Simple Network Management Protocol (SNMP) - A database of data (MIB) ● SNMP versions - v1 = The original - Structured tables, in-the-clear - v2 = a good step ahead - Data type enhancement, bulk transfer, still in-the-clear - v3 = The new standard - Message integrity, authentication, encryption ● SNMP information can be very detailed - Access should be very limited // WILL INSERT SAMPLE
  • 14. DETECTING NETWORK EVENTS A network-based intrusion detection system is designed to help organizations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic.
  • 15. ● NIDS and NIPS ○ Intrusion Detection System/ Intrusion Prevention System ■ Watch network traffic ● Intrusions ○ Exploits against operating systems, applications, etc. ○ Buffer overflows, cross-site scripting, other vulnerabilities ● Detection vs. Prevention ○ Detection - Alarm or alert ○ Prevention - Stop it before it gets into the network
  • 16. Project objective: Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do
  • 17. Understanding the problem Item 1 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation Item 2 Ut enim ad minim veniam, quis nostrud exercitation ● Duis aute irure dolor in reprehenderit in voluptate velit ● Esse cillum dolore eu fugiat nulla pariatur Item 3 Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
  • 19. Target audience Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt The competition: ● Lorem ipsum ● Dolor sit amet
  • 20. INCIDENT CLASSIFICATION Trend 1 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Client Implications: ● Incididunt ut labore et dolore ● Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore Trend 2 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Client Implications: ● Incididunt ut labore et dolore ● Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore
  • 21. Trend analysis Findings Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Client Implications: ● Incididunt ut labore et dolore ● Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore Item 1 Item 2 20XX 20 5 15 20XX 29 4 25 20XX 39 4 35 20XX 27 5 22
  • 22. Proposed deliverables Deliverable 1 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore Deliverable 2 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore Deliverable 3 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore Deliverable 4 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore
  • 23. Jan Feb Mar Apr May Jun Jul Jul Timeline Deployment In-production services Global go-live Advanced projects ● Example 1 ● Example 2
  • 24. The Team Wendy Writer, CEO Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Ronny Reader, CFO Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat Abby Author, CTO Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur Berry Books, CPO Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum