SlideShare a Scribd company logo

2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia

IGN MANTRA
IGN MANTRA

Workshop incident response n handling-honeynet Universitas Indonesia

Engineering
1 of 68
Download to read offline
ACAD-CSIRT : National Cyber Security and Academic Situational Updated IGN Mantra, Chairman & Founder Academic CSIRT mantra@acad-csirt.or.id, incident@acad-csirt.or.id Honeynet Universitas Indonesia Seminar & Workshop 10-11 September 2019
Incident Response and Handling Digital Forensics IGN MANTRA, CEI ACAD-CSIRT Workshop Honeynet Indonesia, Universitas Indonesia, 11 September 2019
Outline • Introduction • The Incident Response Process • Preparation • Identification • Containment • Eradication • Recovery • Lessons Learned • The Attacker Process • Reconnaissance • Scanning • Exploitation • Keeping Access • Covering Tracks • Conclusion
Introduction • ACAD-CSIRT • Academic CSIRT, Indonesia • Started in 2009, Komunitas InfoSec dan CSIRT Academy • Non Profit Org. • Support, Consulting, Training, Research Products • Locations – Jakarta, Tangerang, Bandung, Surabaya, Bali, NAD • Informatika, Perbanas Institute, Jakarta • Informatika, Swiss German University, Tangerang • Informatika, ITS Surabaya • Assessment Team: Policy, Computer Security, Network, WebApp and DB, Wireless, and Digital Forensics
Introduction • IGN Mantra - (mantra@acad-csirt.or.id), (incident@acad-csirt.or.id) • Founder, Co Founder (IDSIRTII), Co Founder (IHP) • Senior Security Analyst • Senior Incident Response Analyst • Coordinator of Incident Response Program • EC-COUNCIL CEI, SANS Certified Incident Handler and Network • PhD (candidate), Information Security Research.
Incident Response and Digital Forensics § One of the least practiced, most stressful, highly scrutinized areas of Information Security. § Every incident is unique and can incorporate many different areas of the affected organization. § Incident analysts must be able to think quickly, remain calm and consider all possibilities.
Common Incident Types • Economic Espionage • Intellectual Property Theft • Unauthorized Access • Stolen Passwords and Data • Unauthorized Use • Inappropriate E-Mail and Web Habits • Malicious Code • Worms with Backdoors (Sasser) • Insider Threats
6 Steps of the Incident Handler Methodology § Preparation § Identification § Containment § Eradication § Recovery § Lessons Learned
Preparation: • The key to a successful response is preparation. • Form a strategy. • Design a procedure. • Gather Resources. • Practice, practice, practice.
Preparation: • Identify the “Core Team” • Technical (IT, InfoSec and System Owners) • Management • Legal Department • Forensics • Public Relations • Human Resources • Physical Security and Maintenance • Telecommunications
Preparation: • Organizing Individuals • All members of the CSIRT team should know their role and how they will interact with the other members. • Outsourced or “third party” members should have contracts in place. • Contacts for Law Enforcement should be known and situations for their involvement discussed.
Preparation: • Develop a Procedure • Incident response can be a high-stress time. A well documented procedure, that is easy to follow, can greatly reduce the anxiety. • Develop a call tree and notification procedures • Brainstorm likely scenarios. • Identify general information needed in most scenarios ahead of time. • Make checklists and forms for as much as possible.
Preparation: • Communication • Communication is incredibly important during an incident. Not only the people involved, but the method which it is done. • Updates should be frequent. • Out-of-Band Communications are very important. • Faxes • Cell Phones • Be careful with the Blackberry’s
Preparation: • Access Rights • The incident response team must have access to systems without the administrators authorization. • Controversial Issue • User Accounts, Passwords and Encryption keys • Third-party storage methods are available
Preparation: • Policies • Protect the organization from legal liability and allow investigators to do their job. • Warning Banners are readily displayed. • Search policy is detailed in employee manual. • Human Resources and Legal have signed off. • Employees have acknowledged knowing their expectations on privacy. • Beware of international laws (European Privacy Directive)
Preparation: • Gathering Resources • Incident analysts should have all information ready and be able to respond to the incident. • Procedures, Checklists and Forms are ready. • Access credentials are available or individuals with them are known. • System information, network diagrams, software and intellectual property are documented thoroughly.
Preparation: • Training • SANS Institute and GIAC Certifications • Track 4: Incident Response and Hacker Techniques • Track ??: Digital Forensics • Vendor Training • Guidance Software • Access Data • Partners • Incident Response Scenarios
Identification: “Incidents can’t always be prevented, but must always be detected.”
Incident: Intentional or Unintentional § Multiple failed logins to the domain administrator account. § Administrator credentials were cached on a users workstation and they are attempting to login. § Someone is actively attempting to brute-force the account.
Identification: • Goals • Determine Scope • Identify what systems, people and informational assets are involved in the event. • Preserve Evidence • Protect the facts of the incident while determining the scenario.
Identification: Suspicious Events • Unexplained Occurrences • New Accounts or Files • File Modifications • IDS Triggers • Firewall Entries • Accounting Discrepancies • Poor Performance/Unresponsive services • System Instability
Identification: Passive Identification • Sniffers and Traffic Analysis • Cyclical Buffers allow full recording of events at the packet level to a point, depending on size and utilization. • Target machine evidence is still preserved. • Assist in determining new attacks for which signatures have not yet been written.
Identification: Passive Identification • Intrusion Detection Systems • Least invasive method • Target machine evidence is preserved • Logs must still be protected • Write-Once, Read-Many Media
Identification: Passive Identification • Tripwire-style File Modification • A hash of the file is taken and stored in a secure database. Any modification to that file results in a change of the hash. • Very indicative of a successful compromise. • Can be noisy during patching and must be tuned after every software upgrade.
Identification: HoneyPots and HoneyTokens • Specific systems or accounts with additional logging and notification to alert on suspicious activity. • Operators must be careful of entrapment. • Systems have to be secured and heavily monitored. • Systems cannot invite intruders – • No “hackme” accounts • No “Salary Database” systems
Identification: Chain of Custody • Evidence must be accounted for from the time it is collected until the time it is submitted to the court. • Each piece of evidence must be under the control of one, identifiable person at all times. • A change in control of the evidence must be recorded. • Evidence in storage must be protected from contamination. (ie… sealed and secured)
Containment - Now that the events have been identified as an incident and a chain- of-custody for evidence has been established, we will take the first step into system modification by beginning our containment.
Containment: • Vendor Coordination • Work closely with your vendors and know how to open security-related tickets with high priority. • ISPs can prevent some Denial of Service situations. • They are more familiar with attacks because they have seen them with other clients and are up-to-date on advisories. • Additional people working towards identification, containment and recovery. • We are used to the pressure!
Containment: • Identifying the Trust Model • The trust model identifies not only the technology, but also the people that are involved in the incident. • What connectivity does the network or system have to other areas in the organization? • What information is contained within it? • Who needs to be involved and to what extent?
Containment: • Documentation Strategies • Documentation should be collected from most volatile to least volatile and least invasive to most invasive. • Volatile evidence includes RAM, running processes and active connections. • Be careful of running system commands from anything but recovery media.
Containment: • Should we Quarantine? • Changes to a system may be easily observed by an active attacker. • Rootkits may identify a pulled network connection or extensive system modification and protect the attacker. • Some exploits are entirely memory resident and will disappear when the power is pulled.
Containment: • Initial Analysis • Keep a low profile • Never analyze the original • Make frequent updates to CSIRT • Acquire log files • Stick to the facts and avoid blame • Consider all possibilities but keep it simple
Containment: • Backups • Numerous backups allow both investigation and preservation of evidence. • Different strategies exist and depend on the situation. • Original is kept as evidence • Backup 1 – Placed back in production • Backup 2 – Forensic Analysis • Backup 3, 4, etc… separate copies for analysis
Containment: • Digital Forensics • Numerous separate analysis all yield the same results. • Requires specialty hardware, software and training. • Bit by Bit copying and analysis of data. • Recovery of deleted data. • Identification of altered system files (trojans) and binaries in a safe environment.
Containment: • Digital Forensics: Hardware Write Blockers • No modification to the data itself, we want to observe and duplicate only. • Hardware device or driver between acquisition machine and target system. • May use NIC, USB, FireWire or IDE/SCSI channels. • Intercepts write commands and gives logical return results. • Allows browsing of the filesystem during acquisition.
Containment: • Digital Forensics: Forensic Software • Allows quick and efficient analysis of the information contained on the device. • Guidance Software’s EnCase used by law enforcement. • Linux Forensics CD’s are coming along in maturity. (still must use write blockers!!!) • Scripts allow quick searching of keywords in files and deleted data. • Hash comparisons verify original files, known dangerous applications and aid the examiner in avoiding the bad stuff.
Containment: • Digital Forensics: What are we looking for? • Many areas of interesting data are forgotten about. • Cached web content • Email Files (PST’s) • Recoverable Deleted Files • Specific Incidents: CAD drawings, Engineering diagrams, Pornography • Known file signatures of hacking tools, backdoors, etc…
Containment: • Digital Forensics: Other devices? • May not be able to submit as evidence in court, but can assist the Incident Handler in their investigation. • Personal Organizers (PIMs): Blackberry, Palm Pilots, IPAQ’s. • SIM Cards/Cell phones • USB Tokens/Flash Drives
Containment: • Digital Forensics: Not Perfect! • Some tools have been written specifically to defeat forensics software. • DoD: 7-Pass, random-write method for secure deletion of magnetic media. (Rainbow Method) • Windows: Eraser • Unix: Wipe
Containment: • Slowing the Attack • Change passwords and access rights. • Change hostnames and IPs. • Null Route suspicious traffic. • Block IPs or Networks. • Apply Patches to similar systems. • Shutdown services.
Eradication - Once an incident has been contained we attempt the total removal of malicious applications from a system or network.
Eradication: • Remove or Restore • The decision of whether to remove malicious files or restore from backups is a difficult task. • Rootkits almost always demand a rebuild. • Verification of backups is a must. • Patches may not be available and a total change of architectures may be necessary.
Eradication: • Improve Defenses • Implement additional detection and protection methods and strengthen existing technologies and processes. • Apply firewall and router filters. • Perform “mini-assessments” using the same tools and techniques as your attackers. • Look for the same exploits and backdoors on multiple machines.
Recovery - Once the threat has been removed the organization must begin the process of returning the business to normal operation.
Recovery: • Returning to Operation • System owners make the final call on returning to production. • Owners depend on the systems and know their true value. • If a disagreement occurs on whether to return to production or not it should be documented by the analysts and the owner should acknowledge responsibility.
Recovery: • Monitoring • At this point in the process you should have enough information to identify the attack if it occurs again. • Create custom IDS signatures if possible. • Verify proper operation to baseline configurations. • Implement additional logging on network, hosts and applications.
Lessons Learned - The lessons learned meeting provides a method for the organization to coordinate knowledge of an incident, suggest changes in procedures and policies for the future and justify the implementation of new safeguards.
Lessons Learned: • Recap Meeting • Should occur promptly after eradication of an incident while details are fresh in the team members heads. • Create a timeline of events. • Provide a consensus of notes and documentation. • Finalize facts for a final report.
7 Deadly Sins • Failure to report/ask for help • Incomplete/Non-Existent Notes • Mishandling/Damaging Evidence • Failure to create backups • Failure to eradicate or contain • Failure to prevent re-infection • Failure to apply lessons learned
Attacker Methodology § Reconnaissance § Profiling the Target § Scanning § Identifying Weaknesses § Exploitation § Breaking the Law § Keeping Access § Backdoors § Covering Tracks § Staying out of Jail
Reconnaissance: • The target is profiled – • Employee Information (name, numbers, titles) • Systems Information (usenet postings, job listings) • Process Information (vendors and transactions) • Location Information (external networks, physical locations)
Scanning: • Port and Vulnerability scanners are run to identify vulnerable systems. • Open Ports and Services • Vulnerable Applications • Default Usernames and Passwords • Weak Encryption Implementations
Exploitation: • Execution of attack – usually the first point at which the law is broken. • Goals • Gaining Access • Elevating Access • Extracting Information • Denying Service (DoS)
Keeping Access: • Addition of Admin-level User Accounts • Enabling of default, insecure services • Installation of “Backdoor” or “root kit” applications allowing the attacker to retain access despite system modifications. • Application Level • Traditional Rootkit • Kernel Level Rootkit
Covering Tracks: • Modification of system logs, applications and processes to prevent identification by administrators. • Hiding files and Directories (… and alt-255 dirs) • Changes in /var/log • Changes in shell history • Removal of events (windows)
Our Example Scenario • An attacker uses a “0-day” exploit to infiltrate the target organization, install a backdoor and retrieve critical intellectual property for a competitor. • Normal security procedures alert the administrators to suspicious activity and the incident response plan is activated.
Attacker Perspective: Reconnaissance • Google and the corporate web site are used to identify the organizational structure of key personnel including HR managers and executive management. • Low-Profile, no data sent directly to organization. • Impossible to detect.
Attacker Perspective: Harvesting • Freely-available scanning tools are used to identify email addresses from the corporate website. • Same method as SPAM groups. • Many sites do not use generic web addresses.
Attacker Perspective: Exploitation • Attacker sends malicious application to email addresses obtained during scanning. • Users open emails (possibly through social engineering) and are immediately infected. • Attacker can be listening for connections from infected machines and have immediate control over systems.
Attacker Perspective: Keeping Access
Incident Timeline
Incident Timeline: Preparation • IR Team established and roles defined. • Daily procedures established for log analysis and identification. • Containment procedures are outlined in policy. (Restoration takes priority) • Roles and Responsibilities are defined
Incident Timeline: Identification • Bandwidth graphing shows abnormal usage • Passive sniffing identifies responsible host
Incident Timeline: Containment • No “watch and learn” policy, power is pulled from the host. • System is imaged using forensic tools and Hardware Write-Blockers which prevent alteration of data during backup. • Employee is interviewed to determine method of infection.
Incident Timeline: Eradication and Recovery • System is restored from the organizations hardened base image and patches are applied. (Analysis can continue through restore)
Incident Timeline: Lessons Learned • Social Engineering Awareness • File attachment blocking • Firewall Rule Revisions • IDS Signature changes • Patch Management • Advisory Alert Services
Questions?

Recommended

Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
Workshop Computer & Cyber Security, STTB Bandung, 23 Desember 2017
Workshop Computer & Cyber Security, STTB Bandung, 23 Desember 2017Workshop Computer & Cyber Security, STTB Bandung, 23 Desember 2017
Workshop Computer & Cyber Security, STTB Bandung, 23 Desember 2017IGN MANTRA
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Security Awareness
Security AwarenessSecurity Awareness
Security AwarenessDinesh O Bareja
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsAbbie Hosta
 

Recommended

Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
Workshop Computer & Cyber Security, STTB Bandung, 23 Desember 2017
Workshop Computer & Cyber Security, STTB Bandung, 23 Desember 2017Workshop Computer & Cyber Security, STTB Bandung, 23 Desember 2017
Workshop Computer & Cyber Security, STTB Bandung, 23 Desember 2017IGN MANTRA
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Security Awareness
Security AwarenessSecurity Awareness
Security AwarenessDinesh O Bareja
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsAbbie Hosta
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chainaletarw
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problemShiva Bissessar
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
 
Information security
Information securityInformation security
Information securityVijayananda Mohire
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securitysiswarren
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01ITNet
 
Topic11
Topic11Topic11
Topic11Anne Starr
 
The red book
The red book The red book
The red book habiba Elmasry
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Data security
Data securityData security
Data securitySoumen Mondal
 
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsDeep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercisesisc2-hellenic
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Mark John Lado, MIT
 
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...Jane Alexander
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsSam Bowne
 

More Related Content

What's hot

Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chainaletarw
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securitysiswarren
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01ITNet
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsDeep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercisesisc2-hellenic
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Mark John Lado, MIT
 
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...Jane Alexander
 

What's hot (20)

Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
 
Information security
Information securityInformation security
Information security
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of security
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
 
Topic11
Topic11Topic11
Topic11
 
The red book
The red book The red book
The red book
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
Data security
Data securityData security
Data security
 
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsDeep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from Patents
 
5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...
 
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
 

Similar to 2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia

Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsSam Bowne
 
CNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookCNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookSam Bowne
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
Intrusion detection 2001
Intrusion detection 2001Intrusion detection 2001
Intrusion detection 2001eaiti
 
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...Sam Bowne
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopPriyanka Aash
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
 
CNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsCNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsSam Bowne
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!Xavier Mertens
 

Similar to 2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia (20)

Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
 
CNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookCNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management Handbook
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
Intrusion detection 2001
Intrusion detection 2001Intrusion detection 2001
Intrusion detection 2001
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
Incident response
Incident responseIncident response
Incident response
 
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
 
Defcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shopDefcon 22-tim-mcguffin-one-man-shop
Defcon 22-tim-mcguffin-one-man-shop
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
CNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsCNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 Leads
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
CyberOps.pptx
CyberOps.pptxCyberOps.pptx
CyberOps.pptx
 
All your logs are belong to you!
All your logs are belong to you!All your logs are belong to you!
All your logs are belong to you!
 
All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!
 

More from IGN MANTRA

Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020
Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020
Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020IGN MANTRA
 
Acad csirt cyber security rtik bali 22 july 2020
Acad csirt cyber security rtik bali 22 july 2020Acad csirt cyber security rtik bali 22 july 2020
Acad csirt cyber security rtik bali 22 july 2020IGN MANTRA
 
Ign mantra ppt menulis artikel dan buku ict
Ign mantra ppt menulis artikel dan buku ictIgn mantra ppt menulis artikel dan buku ict
Ign mantra ppt menulis artikel dan buku ictIGN MANTRA
 
2020 07-16 aspek security n hukum cctv-ign mantra
2020 07-16 aspek security n hukum cctv-ign mantra2020 07-16 aspek security n hukum cctv-ign mantra
2020 07-16 aspek security n hukum cctv-ign mantraIGN MANTRA
 
2020 07-16 data security lokal-internet it up pancasila
2020 07-16 data security lokal-internet it up pancasila2020 07-16 data security lokal-internet it up pancasila
2020 07-16 data security lokal-internet it up pancasilaIGN MANTRA
 
2020 07-02 cyber crime n data security-ign mantra
2020 07-02 cyber crime n data security-ign mantra2020 07-02 cyber crime n data security-ign mantra
2020 07-02 cyber crime n data security-ign mantraIGN MANTRA
 
2020 06-30 cyber security kbk kkni aptikom-ign mantra
2020 06-30 cyber security kbk kkni aptikom-ign mantra2020 06-30 cyber security kbk kkni aptikom-ign mantra
2020 06-30 cyber security kbk kkni aptikom-ign mantraIGN MANTRA
 
2020 06-20 data security lokal-internet ngampooz
2020 06-20 data security lokal-internet ngampooz2020 06-20 data security lokal-internet ngampooz
2020 06-20 data security lokal-internet ngampoozIGN MANTRA
 
2020 06-22 cyber security career competence-iaii-ign mantra
2020 06-22 cyber security career competence-iaii-ign mantra2020 06-22 cyber security career competence-iaii-ign mantra
2020 06-22 cyber security career competence-iaii-ign mantraIGN MANTRA
 
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0 Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0 IGN MANTRA
 
Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019
Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019
Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019IGN MANTRA
 
2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...
2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...
2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...IGN MANTRA
 
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 finalIGN MANTRA
 
2018 11-12 acad-csirt updated cyber security pemda bssn
2018 11-12 acad-csirt updated cyber security pemda bssn2018 11-12 acad-csirt updated cyber security pemda bssn
2018 11-12 acad-csirt updated cyber security pemda bssnIGN MANTRA
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
SEMINAR Computer & Cyber Security Career in the World, IT UP
SEMINAR Computer & Cyber Security Career in the World, IT UPSEMINAR Computer & Cyber Security Career in the World, IT UP
SEMINAR Computer & Cyber Security Career in the World, IT UPIGN MANTRA
 
10 Tips Career in Cyber Security to Stmik Sumedang
10 Tips Career in Cyber Security to Stmik Sumedang10 Tips Career in Cyber Security to Stmik Sumedang
10 Tips Career in Cyber Security to Stmik SumedangIGN MANTRA
 
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...IGN MANTRA
 

More from IGN MANTRA (20)

Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020
Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020
Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020
 
Acad csirt cyber security rtik bali 22 july 2020
Acad csirt cyber security rtik bali 22 july 2020Acad csirt cyber security rtik bali 22 july 2020
Acad csirt cyber security rtik bali 22 july 2020
 
Ign mantra ppt menulis artikel dan buku ict
Ign mantra ppt menulis artikel dan buku ictIgn mantra ppt menulis artikel dan buku ict
Ign mantra ppt menulis artikel dan buku ict
 
2020 07-16 aspek security n hukum cctv-ign mantra
2020 07-16 aspek security n hukum cctv-ign mantra2020 07-16 aspek security n hukum cctv-ign mantra
2020 07-16 aspek security n hukum cctv-ign mantra
 
2020 07-16 data security lokal-internet it up pancasila
2020 07-16 data security lokal-internet it up pancasila2020 07-16 data security lokal-internet it up pancasila
2020 07-16 data security lokal-internet it up pancasila
 
2020 07-02 cyber crime n data security-ign mantra
2020 07-02 cyber crime n data security-ign mantra2020 07-02 cyber crime n data security-ign mantra
2020 07-02 cyber crime n data security-ign mantra
 
2020 06-30 cyber security kbk kkni aptikom-ign mantra
2020 06-30 cyber security kbk kkni aptikom-ign mantra2020 06-30 cyber security kbk kkni aptikom-ign mantra
2020 06-30 cyber security kbk kkni aptikom-ign mantra
 
2020 06-20 data security lokal-internet ngampooz
2020 06-20 data security lokal-internet ngampooz2020 06-20 data security lokal-internet ngampooz
2020 06-20 data security lokal-internet ngampooz
 
2020 06-22 cyber security career competence-iaii-ign mantra
2020 06-22 cyber security career competence-iaii-ign mantra2020 06-22 cyber security career competence-iaii-ign mantra
2020 06-22 cyber security career competence-iaii-ign mantra
 
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0 Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
 
Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019
Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019
Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019
 
2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...
2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...
2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...
 
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final
 
2018 11-12 acad-csirt updated cyber security pemda bssn
2018 11-12 acad-csirt updated cyber security pemda bssn2018 11-12 acad-csirt updated cyber security pemda bssn
2018 11-12 acad-csirt updated cyber security pemda bssn
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
 
SEMINAR Computer & Cyber Security Career in the World, IT UP
SEMINAR Computer & Cyber Security Career in the World, IT UPSEMINAR Computer & Cyber Security Career in the World, IT UP
SEMINAR Computer & Cyber Security Career in the World, IT UP
 
10 Tips Career in Cyber Security to Stmik Sumedang
10 Tips Career in Cyber Security to Stmik Sumedang10 Tips Career in Cyber Security to Stmik Sumedang
10 Tips Career in Cyber Security to Stmik Sumedang
 
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...
 

Recently uploaded

Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfRagavanV2
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...tanu pandey
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfSuman Jyoti
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueBhangaleSonal
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 

Recently uploaded (20)

Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 

2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia

  • 1. ACAD-CSIRT : National Cyber Security and Academic Situational Updated IGN Mantra, Chairman & Founder Academic CSIRT mantra@acad-csirt.or.id, incident@acad-csirt.or.id Honeynet Universitas Indonesia Seminar & Workshop 10-11 September 2019
  • 2. Incident Response and Handling Digital Forensics IGN MANTRA, CEI ACAD-CSIRT Workshop Honeynet Indonesia, Universitas Indonesia, 11 September 2019
  • 3. Outline • Introduction • The Incident Response Process • Preparation • Identification • Containment • Eradication • Recovery • Lessons Learned • The Attacker Process • Reconnaissance • Scanning • Exploitation • Keeping Access • Covering Tracks • Conclusion
  • 4. Introduction • ACAD-CSIRT • Academic CSIRT, Indonesia • Started in 2009, Komunitas InfoSec dan CSIRT Academy • Non Profit Org. • Support, Consulting, Training, Research Products • Locations – Jakarta, Tangerang, Bandung, Surabaya, Bali, NAD • Informatika, Perbanas Institute, Jakarta • Informatika, Swiss German University, Tangerang • Informatika, ITS Surabaya • Assessment Team: Policy, Computer Security, Network, WebApp and DB, Wireless, and Digital Forensics
  • 5. Introduction • IGN Mantra - (mantra@acad-csirt.or.id), (incident@acad-csirt.or.id) • Founder, Co Founder (IDSIRTII), Co Founder (IHP) • Senior Security Analyst • Senior Incident Response Analyst • Coordinator of Incident Response Program • EC-COUNCIL CEI, SANS Certified Incident Handler and Network • PhD (candidate), Information Security Research.
  • 6. Incident Response and Digital Forensics § One of the least practiced, most stressful, highly scrutinized areas of Information Security. § Every incident is unique and can incorporate many different areas of the affected organization. § Incident analysts must be able to think quickly, remain calm and consider all possibilities.
  • 7. Common Incident Types • Economic Espionage • Intellectual Property Theft • Unauthorized Access • Stolen Passwords and Data • Unauthorized Use • Inappropriate E-Mail and Web Habits • Malicious Code • Worms with Backdoors (Sasser) • Insider Threats
  • 8. 6 Steps of the Incident Handler Methodology § Preparation § Identification § Containment § Eradication § Recovery § Lessons Learned
  • 9. Preparation: • The key to a successful response is preparation. • Form a strategy. • Design a procedure. • Gather Resources. • Practice, practice, practice.
  • 10. Preparation: • Identify the “Core Team” • Technical (IT, InfoSec and System Owners) • Management • Legal Department • Forensics • Public Relations • Human Resources • Physical Security and Maintenance • Telecommunications
  • 11. Preparation: • Organizing Individuals • All members of the CSIRT team should know their role and how they will interact with the other members. • Outsourced or “third party” members should have contracts in place. • Contacts for Law Enforcement should be known and situations for their involvement discussed.
  • 12. Preparation: • Develop a Procedure • Incident response can be a high-stress time. A well documented procedure, that is easy to follow, can greatly reduce the anxiety. • Develop a call tree and notification procedures • Brainstorm likely scenarios. • Identify general information needed in most scenarios ahead of time. • Make checklists and forms for as much as possible.
  • 13. Preparation: • Communication • Communication is incredibly important during an incident. Not only the people involved, but the method which it is done. • Updates should be frequent. • Out-of-Band Communications are very important. • Faxes • Cell Phones • Be careful with the Blackberry’s
  • 14. Preparation: • Access Rights • The incident response team must have access to systems without the administrators authorization. • Controversial Issue • User Accounts, Passwords and Encryption keys • Third-party storage methods are available
  • 15. Preparation: • Policies • Protect the organization from legal liability and allow investigators to do their job. • Warning Banners are readily displayed. • Search policy is detailed in employee manual. • Human Resources and Legal have signed off. • Employees have acknowledged knowing their expectations on privacy. • Beware of international laws (European Privacy Directive)
  • 16. Preparation: • Gathering Resources • Incident analysts should have all information ready and be able to respond to the incident. • Procedures, Checklists and Forms are ready. • Access credentials are available or individuals with them are known. • System information, network diagrams, software and intellectual property are documented thoroughly.
  • 17. Preparation: • Training • SANS Institute and GIAC Certifications • Track 4: Incident Response and Hacker Techniques • Track ??: Digital Forensics • Vendor Training • Guidance Software • Access Data • Partners • Incident Response Scenarios
  • 18. Identification: “Incidents can’t always be prevented, but must always be detected.”
  • 19. Incident: Intentional or Unintentional § Multiple failed logins to the domain administrator account. § Administrator credentials were cached on a users workstation and they are attempting to login. § Someone is actively attempting to brute-force the account.
  • 20. Identification: • Goals • Determine Scope • Identify what systems, people and informational assets are involved in the event. • Preserve Evidence • Protect the facts of the incident while determining the scenario.
  • 21. Identification: Suspicious Events • Unexplained Occurrences • New Accounts or Files • File Modifications • IDS Triggers • Firewall Entries • Accounting Discrepancies • Poor Performance/Unresponsive services • System Instability
  • 22. Identification: Passive Identification • Sniffers and Traffic Analysis • Cyclical Buffers allow full recording of events at the packet level to a point, depending on size and utilization. • Target machine evidence is still preserved. • Assist in determining new attacks for which signatures have not yet been written.
  • 23. Identification: Passive Identification • Intrusion Detection Systems • Least invasive method • Target machine evidence is preserved • Logs must still be protected • Write-Once, Read-Many Media
  • 24. Identification: Passive Identification • Tripwire-style File Modification • A hash of the file is taken and stored in a secure database. Any modification to that file results in a change of the hash. • Very indicative of a successful compromise. • Can be noisy during patching and must be tuned after every software upgrade.
  • 25. Identification: HoneyPots and HoneyTokens • Specific systems or accounts with additional logging and notification to alert on suspicious activity. • Operators must be careful of entrapment. • Systems have to be secured and heavily monitored. • Systems cannot invite intruders – • No “hackme” accounts • No “Salary Database” systems
  • 26. Identification: Chain of Custody • Evidence must be accounted for from the time it is collected until the time it is submitted to the court. • Each piece of evidence must be under the control of one, identifiable person at all times. • A change in control of the evidence must be recorded. • Evidence in storage must be protected from contamination. (ie… sealed and secured)
  • 27. Containment - Now that the events have been identified as an incident and a chain- of-custody for evidence has been established, we will take the first step into system modification by beginning our containment.
  • 28. Containment: • Vendor Coordination • Work closely with your vendors and know how to open security-related tickets with high priority. • ISPs can prevent some Denial of Service situations. • They are more familiar with attacks because they have seen them with other clients and are up-to-date on advisories. • Additional people working towards identification, containment and recovery. • We are used to the pressure!
  • 29. Containment: • Identifying the Trust Model • The trust model identifies not only the technology, but also the people that are involved in the incident. • What connectivity does the network or system have to other areas in the organization? • What information is contained within it? • Who needs to be involved and to what extent?
  • 30. Containment: • Documentation Strategies • Documentation should be collected from most volatile to least volatile and least invasive to most invasive. • Volatile evidence includes RAM, running processes and active connections. • Be careful of running system commands from anything but recovery media.
  • 31. Containment: • Should we Quarantine? • Changes to a system may be easily observed by an active attacker. • Rootkits may identify a pulled network connection or extensive system modification and protect the attacker. • Some exploits are entirely memory resident and will disappear when the power is pulled.
  • 32. Containment: • Initial Analysis • Keep a low profile • Never analyze the original • Make frequent updates to CSIRT • Acquire log files • Stick to the facts and avoid blame • Consider all possibilities but keep it simple
  • 33. Containment: • Backups • Numerous backups allow both investigation and preservation of evidence. • Different strategies exist and depend on the situation. • Original is kept as evidence • Backup 1 – Placed back in production • Backup 2 – Forensic Analysis • Backup 3, 4, etc… separate copies for analysis
  • 34. Containment: • Digital Forensics • Numerous separate analysis all yield the same results. • Requires specialty hardware, software and training. • Bit by Bit copying and analysis of data. • Recovery of deleted data. • Identification of altered system files (trojans) and binaries in a safe environment.
  • 35. Containment: • Digital Forensics: Hardware Write Blockers • No modification to the data itself, we want to observe and duplicate only. • Hardware device or driver between acquisition machine and target system. • May use NIC, USB, FireWire or IDE/SCSI channels. • Intercepts write commands and gives logical return results. • Allows browsing of the filesystem during acquisition.
  • 36. Containment: • Digital Forensics: Forensic Software • Allows quick and efficient analysis of the information contained on the device. • Guidance Software’s EnCase used by law enforcement. • Linux Forensics CD’s are coming along in maturity. (still must use write blockers!!!) • Scripts allow quick searching of keywords in files and deleted data. • Hash comparisons verify original files, known dangerous applications and aid the examiner in avoiding the bad stuff.
  • 37. Containment: • Digital Forensics: What are we looking for? • Many areas of interesting data are forgotten about. • Cached web content • Email Files (PST’s) • Recoverable Deleted Files • Specific Incidents: CAD drawings, Engineering diagrams, Pornography • Known file signatures of hacking tools, backdoors, etc…
  • 38. Containment: • Digital Forensics: Other devices? • May not be able to submit as evidence in court, but can assist the Incident Handler in their investigation. • Personal Organizers (PIMs): Blackberry, Palm Pilots, IPAQ’s. • SIM Cards/Cell phones • USB Tokens/Flash Drives
  • 39. Containment: • Digital Forensics: Not Perfect! • Some tools have been written specifically to defeat forensics software. • DoD: 7-Pass, random-write method for secure deletion of magnetic media. (Rainbow Method) • Windows: Eraser • Unix: Wipe
  • 40. Containment: • Slowing the Attack • Change passwords and access rights. • Change hostnames and IPs. • Null Route suspicious traffic. • Block IPs or Networks. • Apply Patches to similar systems. • Shutdown services.
  • 41. Eradication - Once an incident has been contained we attempt the total removal of malicious applications from a system or network.
  • 42. Eradication: • Remove or Restore • The decision of whether to remove malicious files or restore from backups is a difficult task. • Rootkits almost always demand a rebuild. • Verification of backups is a must. • Patches may not be available and a total change of architectures may be necessary.
  • 43. Eradication: • Improve Defenses • Implement additional detection and protection methods and strengthen existing technologies and processes. • Apply firewall and router filters. • Perform “mini-assessments” using the same tools and techniques as your attackers. • Look for the same exploits and backdoors on multiple machines.
  • 44. Recovery - Once the threat has been removed the organization must begin the process of returning the business to normal operation.
  • 45. Recovery: • Returning to Operation • System owners make the final call on returning to production. • Owners depend on the systems and know their true value. • If a disagreement occurs on whether to return to production or not it should be documented by the analysts and the owner should acknowledge responsibility.
  • 46. Recovery: • Monitoring • At this point in the process you should have enough information to identify the attack if it occurs again. • Create custom IDS signatures if possible. • Verify proper operation to baseline configurations. • Implement additional logging on network, hosts and applications.
  • 47. Lessons Learned - The lessons learned meeting provides a method for the organization to coordinate knowledge of an incident, suggest changes in procedures and policies for the future and justify the implementation of new safeguards.
  • 48. Lessons Learned: • Recap Meeting • Should occur promptly after eradication of an incident while details are fresh in the team members heads. • Create a timeline of events. • Provide a consensus of notes and documentation. • Finalize facts for a final report.
  • 49. 7 Deadly Sins • Failure to report/ask for help • Incomplete/Non-Existent Notes • Mishandling/Damaging Evidence • Failure to create backups • Failure to eradicate or contain • Failure to prevent re-infection • Failure to apply lessons learned
  • 50. Attacker Methodology § Reconnaissance § Profiling the Target § Scanning § Identifying Weaknesses § Exploitation § Breaking the Law § Keeping Access § Backdoors § Covering Tracks § Staying out of Jail
  • 51. Reconnaissance: • The target is profiled – • Employee Information (name, numbers, titles) • Systems Information (usenet postings, job listings) • Process Information (vendors and transactions) • Location Information (external networks, physical locations)
  • 52. Scanning: • Port and Vulnerability scanners are run to identify vulnerable systems. • Open Ports and Services • Vulnerable Applications • Default Usernames and Passwords • Weak Encryption Implementations
  • 53. Exploitation: • Execution of attack – usually the first point at which the law is broken. • Goals • Gaining Access • Elevating Access • Extracting Information • Denying Service (DoS)
  • 54. Keeping Access: • Addition of Admin-level User Accounts • Enabling of default, insecure services • Installation of “Backdoor” or “root kit” applications allowing the attacker to retain access despite system modifications. • Application Level • Traditional Rootkit • Kernel Level Rootkit
  • 55. Covering Tracks: • Modification of system logs, applications and processes to prevent identification by administrators. • Hiding files and Directories (… and alt-255 dirs) • Changes in /var/log • Changes in shell history • Removal of events (windows)
  • 56. Our Example Scenario • An attacker uses a “0-day” exploit to infiltrate the target organization, install a backdoor and retrieve critical intellectual property for a competitor. • Normal security procedures alert the administrators to suspicious activity and the incident response plan is activated.
  • 57.
  • 58. Attacker Perspective: Reconnaissance • Google and the corporate web site are used to identify the organizational structure of key personnel including HR managers and executive management. • Low-Profile, no data sent directly to organization. • Impossible to detect.
  • 59. Attacker Perspective: Harvesting • Freely-available scanning tools are used to identify email addresses from the corporate website. • Same method as SPAM groups. • Many sites do not use generic web addresses.
  • 60. Attacker Perspective: Exploitation • Attacker sends malicious application to email addresses obtained during scanning. • Users open emails (possibly through social engineering) and are immediately infected. • Attacker can be listening for connections from infected machines and have immediate control over systems.
  • 63. Incident Timeline: Preparation • IR Team established and roles defined. • Daily procedures established for log analysis and identification. • Containment procedures are outlined in policy. (Restoration takes priority) • Roles and Responsibilities are defined
  • 64. Incident Timeline: Identification • Bandwidth graphing shows abnormal usage • Passive sniffing identifies responsible host
  • 65. Incident Timeline: Containment • No “watch and learn” policy, power is pulled from the host. • System is imaged using forensic tools and Hardware Write-Blockers which prevent alteration of data during backup. • Employee is interviewed to determine method of infection.
  • 66. Incident Timeline: Eradication and Recovery • System is restored from the organizations hardened base image and patches are applied. (Analysis can continue through restore)
  • 67. Incident Timeline: Lessons Learned • Social Engineering Awareness • File attachment blocking • Firewall Rule Revisions • IDS Signature changes • Patch Management • Advisory Alert Services