Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015CODE BLUE
We are in the IoT era. In this session, the function of GNURadio will be introduced with demonstration. GNURadio is a SDR (Software Defined Radio) tool to analyze wireless security such as Bluetooth LE. As an example of a SDR usage, I will demonstrate the replay attack for RF signal of ADS-B (Automatic Dependent Surveillance Broadcast) mounted on an aircraft and sniffer for wireless keyboards. Ideas of the counter measurement will also be discussed.
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015CODE BLUE
We are in the IoT era. In this session, the function of GNURadio will be introduced with demonstration. GNURadio is a SDR (Software Defined Radio) tool to analyze wireless security such as Bluetooth LE. As an example of a SDR usage, I will demonstrate the replay attack for RF signal of ADS-B (Automatic Dependent Surveillance Broadcast) mounted on an aircraft and sniffer for wireless keyboards. Ideas of the counter measurement will also be discussed.
In the following slides we will show you how to create a #DMZ using the #FortiGate
#Firewall. See next chapters on #FortiGate configuration. Stay with us!
Fortinet Ürün ailesine dair her tür bilgiyi edinebilirsiniz.
www.guneybilisim.com
https://www.linkedin.com/company/guneybilisim/
https://twitter.com/guney_bilisim
Presenter: Mikael Vingaard, EnergiNet.dk
The goal of having a Honeypot (a fake ‘vulnerable’ IT-system/ service) is to learn more about your attackers and the methods they will use to breach your ICS/SCADA systems – but how can the Energy Sector actual benefit from using a Honeypot?
The Danish information security researcher, Mikael Vingaard has taken various free open source software to deploy ICS/SCADA Honeypot systems, and will share his experiences from the research and present interesting findings from the collected informations.
The talk will be discuss the pros and cons of honeypots, how to use honeypots as an early-warning system and add some interesting points seen from the energy sector of using Honeypot systems.
The presentation will showcase that gaining access to actual ICS threat intelligence can be done – even in budget constrained organizations.
Snort Intrusion Detection / Prevention System on PFSense FirewallHuda Seyam
This project is devoted to presenting a solution to protect web pages that acquire passwords and user names against HTML brute force.
By performing a brute force password auditing against web servers that are using HTTP authentication with Nmap and detect this attack using snort IDS/IPS on PFSense Firewall.
Cyberoam offers next-generation firewall and UTM firewall that provide stateful and deep packet inspection for network, application and user identity-based security. Cyberoam firewall appliances provide ease of management and high security with flexibility.
Presenter: Chris Sistrunk
Why haven’t we seen more ICS-focused attacks? Perhaps it’s because we’re not looking for them. The current state of security in Industrial Control Systems is a widely publicized issue, but fixes to ICS security issues are long cycle, with some systems and devices that will unfortunately never have patches available.
In this environment, visibility into security threats to ICS is critical, and almost all of ICS monitoring has been focused on compliance, rather than looking for indicators/evidence of compromise. The non-intrusive nature of Network Security Monitoring (NSM) is a perfect fit for ICS. This presentation looks at using NSM as part of an incident response strategy in ICS, various options for implementing NSM, and some of the capabilities that NSM can bring to an ICS cyber security program.
In the following slides we will show you how to create a #DMZ using the #FortiGate
#Firewall. See next chapters on #FortiGate configuration. Stay with us!
Fortinet Ürün ailesine dair her tür bilgiyi edinebilirsiniz.
www.guneybilisim.com
https://www.linkedin.com/company/guneybilisim/
https://twitter.com/guney_bilisim
Presenter: Mikael Vingaard, EnergiNet.dk
The goal of having a Honeypot (a fake ‘vulnerable’ IT-system/ service) is to learn more about your attackers and the methods they will use to breach your ICS/SCADA systems – but how can the Energy Sector actual benefit from using a Honeypot?
The Danish information security researcher, Mikael Vingaard has taken various free open source software to deploy ICS/SCADA Honeypot systems, and will share his experiences from the research and present interesting findings from the collected informations.
The talk will be discuss the pros and cons of honeypots, how to use honeypots as an early-warning system and add some interesting points seen from the energy sector of using Honeypot systems.
The presentation will showcase that gaining access to actual ICS threat intelligence can be done – even in budget constrained organizations.
Snort Intrusion Detection / Prevention System on PFSense FirewallHuda Seyam
This project is devoted to presenting a solution to protect web pages that acquire passwords and user names against HTML brute force.
By performing a brute force password auditing against web servers that are using HTTP authentication with Nmap and detect this attack using snort IDS/IPS on PFSense Firewall.
Cyberoam offers next-generation firewall and UTM firewall that provide stateful and deep packet inspection for network, application and user identity-based security. Cyberoam firewall appliances provide ease of management and high security with flexibility.
Presenter: Chris Sistrunk
Why haven’t we seen more ICS-focused attacks? Perhaps it’s because we’re not looking for them. The current state of security in Industrial Control Systems is a widely publicized issue, but fixes to ICS security issues are long cycle, with some systems and devices that will unfortunately never have patches available.
In this environment, visibility into security threats to ICS is critical, and almost all of ICS monitoring has been focused on compliance, rather than looking for indicators/evidence of compromise. The non-intrusive nature of Network Security Monitoring (NSM) is a perfect fit for ICS. This presentation looks at using NSM as part of an incident response strategy in ICS, various options for implementing NSM, and some of the capabilities that NSM can bring to an ICS cyber security program.
Describe what you would do to protect a network from attack, mention .pdfjibinsh
Describe what you would do to protect a network from attack, mention any appliances or
products you can recommend.
Solution
Configuration Management
The main weapon in network attack defence is tight configuration management. The following
measures should be strictly implemented as part of configuration management.
• If the machines in your network should be running up-to-date copies of the operating system
and they are immediately updated whenever a new service pack or patch is released.
• All your configuration files in your Operating Systems or Applications should have enough
security.
• All the default passwords in your Operating Systems or Applications should be changed after
the installation.
• You should implement tight security for root/Administrator passwords
Firewalls
Another weapon for defense against network attack is Firewall. Firewall is a device and/or a
sotware that stands between a local network and the Internet, and filters traffic that might be
harmful. Firewalls can be classified in to four based on whether they filter at the IP packet level,
at the TCP session level, at the application level or hybrid.
1. Packet Filtering: Packet filtering firewalls are functioning at the IP packet level. Packet
filtering firewalls filters packets based on addresses and port number. Packet filtering firewalls
can be used as a weapon in network attack defense against Denial of Service (DoS) attacks and
IP Spoofing attacks.
2. Circuit Gateways: Circuit gateways firewalls operate at the transport layer, which means that
they can reassemble, examine or block all the packets in a TCP or UDP connection. Circuit
gateway firewalls can also Virtual Private Network (VPN) over the Internet by doing encryption
from firewall to firewall.
3. Application Proxies: Application proxy-based firewalls function at the application level. At
this level, you can block or control traffic generated by applications. Application Proxies can
provide very comprehensive protection against a wide range of threats.
4. Hybrid: A hybrid firewall may consist of a pocket filtering combined with an application
proxy firewall, or a circuit gateway combined with an application proxy firewall.
Encryption
Encryption is another great weapon used in defense against network attacks. Click the following
link to get a basic idea of encryption.
Encryption can provide protection against eavesdropping and sniffer attacks. Private Key
Infrastructure (PKI) Technologies, Internet Protocol Security (IPSec), and Virtual Private
Networks (VPN) when implemented properly, can secure you network against network attacks.
Other tips for defense against network attack are
• Privilege escalation at different levels and strict password policies
• Tight physical security for all your machines, especially servers.
• Tight physical security and isolation for your back up data..