Container intrusions Do You Even IDS

•Download as PPTX, PDF•

0 likes•57 views

This presentation covers my research into the comparative efficacy assessment of various free and open source intrusion detection and analysis platforms and methods as applied to traditional vs. Linux container networks.

Technology

SANS Technology Institute - Candidate for Master of Science Degree 3
Linux Containers: Benefits and
History
1979 Unix v7
Change Root
(chroot)
Early 2000’s
FreeBSD
Jails, Linux
VServer,
Solaris Zones
2002 – 2007
Control
Groups
(cgroups),
Namespaces
2008 – 2014
LXC, Docker,
rkt

SANS Technology Institute - Candidate for Master of Science Degree 4
Linux Containers: a Security
Primer
• Containers security challenges:
complexity and speed

SANS Technology Institute - Candidate for Master of Science Degree 5
Linux Containers: a Security
Primer
• The lack of scholarly research into
container security

SANS Technology Institute - Candidate for Master of Science Degree 6
Linux Containers: a Security
Primer
• The vulnerability and threat landscape
of Linux containers
• Synergistic-power attack
• Process isolation escape
• Data leakage attacks (emanations)
• Spectre/Meltdown – memory read bounds
control and process isolation violation
• Compounded vulnerabilities
• Microservices and deployment density surface
area

SANS Technology Institute - Candidate for Master of Science Degree 7
Linux Containers: a Security
Primer
• Container security platforms and CI/CD
pipeline security
• Code contributor identity and access controls
• Code commit integrity validation
• Vulnerability management (host, packages,
images)
• Network, host, and container runtime
component hardening
• Log management, security analytics, and threat
hunting

SANS Technology Institute - Candidate for Master of Science Degree 8
• Intrusion detection and analysis in
traditional networks
• Static or pre-defined application network
port mappings
• Linux kernel audit (some kernel tapping)
• Network interface tapping
• Network traffic profiling and security
analytics
Linux Containers: a Security
Primer

SANS Technology Institute - Candidate for Master of Science Degree 9
• Intrusion detection and analysis in
container networks
• Bag of System Calls (BoSC)
• Kernel tapping modules (common place)
• Network interface tapping (software overlay
networks)
• Network observability analytics
• Adaptive application traffic profiling
• Adaptive application network port mapping
Linux Containers: a Security
Primer

SANS Technology Institute - Candidate for Master of Science Degree 10
Lab Environment

SANS Technology Institute - Candidate for Master of Science Degree 11
• Detection of scanning activity
• Detection of application attacks
• Detection of malware deployment
• Detection of malware execution
• Detection of malicious command and
control
• Detection of malicious privilege
escalation
IDS Effectiveness Criteria &
Test Cases

SANS Technology Institute - Candidate for Master of Science Degree 12
IDS Effectiveness Criteria &
Test Cases
• Detection of malicious data exfiltration
• Detection of file integrity violations
• Detection of leaked system data
• Auto-detection of anomalous behavior
• Auto-detection of attacker, victim,
infrastructure relationship
• Capability for forensic artifact retrieval
(PCAP, flow, logs)

SANS Technology Institute - Candidate for Master of Science Degree 13
Points Criteria
1 Not effective (method did not work)
2 Moderately effective (method worked, but did not allow for
complete functionality, or equivalent to a traditional network
implementation)
Note: potential for assessor bias
3 Effective (method worked as effectively as a traditional
network implementation)
Scoring System

SANS Technology Institute - Candidate for Master of Science Degree 14
• Scenarios and Results
• Security Onion with Snort and OSSEC protecting a
virtualized web server hosting DVWA = 44
• Security Onion with Snort and OSSEC protecting a
Dockerized web server hosting DVWA = 40
• Wazuh with OSSEC HIDS and PCI DSS module
protecting a Dockerized web server hosting DVWA
= 38
• Sysdig Falco with the falco-probe kernel module
protecting a Dockerized web server hosting DVWA
= 43
Research Review & Results

SANS Technology Institute - Candidate for Master of Science Degree 15
• Intrusion detection and analysis in
traditional vs. container networks
• Research, testing, and results
• The field is hot, the practice is young,
the vulnerabilities are ongoing, and the
threats are real
Summary

This document summarizes the OBIWAN platform, a middleware platform that aims to make programming distributed applications easier. It does this by providing an object broker infrastructure, automatic replication of objects, distributed garbage collection, and a security framework. The platform is paradigm flexible and allows programmers to choose the programming model best suited to their application. It also details some of the key data structures and algorithms used in distributed garbage collection and security.

Securing your Kubernetes applications

Néstor Salceda

While there have been many improvements around securing containers, there is still a large gap in monitoring the behavior of containers in production. That is the reason we created Falco, the open source behavioral activity monitor for containerized environments. Falco can detect and alert on anomalous behaviour at the application, file system and network level. In this session we get a deep dive into Falco and explain the following points: * How does behavioral security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor? * How Falco does its magic? * What Falco can detect? Creating your own rules and customize the existing ones for your Kubernetes applications. * How to deploy Falco in your Kubernetes cluster? * Reacting to security incidents, what we can do to stop the attackers in real-time? * Post-mortem analysis and forensics on containers with Sysdig Inspect. Even when containers does not exist anymore!

Incident Response in Cyber-Relevant Time - OpenC2

Vasileios Mavroeidis

The document discusses incident response in cyber-relevant time and the need for automation and standardization to enable faster response times. It introduces OpenC2 as an emerging open standard for command and control that aims to provide unambiguous machine-to-machine communication through a common language and protocols. OpenC2 focuses on the "acting" portion of cyber defense by coordinating defensive actions across different security systems through open specifications.

Ian Powers Resume

Ian Powers

Ian Powers is seeking a position in information and cyber security. He has a Bachelor of Science in Cyber Security & Intelligence from Embry-Riddle Aeronautical University with a 3.833 GPA. His relevant coursework includes intro to cyber security, malware analysis, computer forensics, and networking security. He has experience attending security conferences and speaking on password security. Currently, he leads a cyber security group focused on competitions and gives lectures on security tools.

Implementing Active Security with Sysdig Falco - Barcelona Software Crafters

Néstor Salceda

Woah! We have our application deployed in a cluster and ready to manage or fleet of containers. And is really awesome, we can scale them automatically! But, but... WTF?! What does it mean this message about "File below a known binary directory opened for writing"? Which container opened a file under /bin to write in among the other 9813 containers in my deployment? When you are managing a Docker cluster with a lot of nodes and containers, finding which one originates the alert may be cumbersome. Time matters and the faster we can react to a security issue the better to avoid greater damage. Automation is an important point in DevSecOps mindset, and in this talk we are going to learn how to implement custom playbooks with Open Source Software and deploy it using serverless technology for deploying an active security system which uses Sysdig Falco for detecting security threats.

Container Security Mmanagement

Suresh Thivanka Rupasinghe

Secure Application Development in the Age of Continuous Delivery

Black Duck by Synopsys

As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016. Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: • How known vulnerabilities can make their way into production deployments • How deployment of vulnerable code can be minimized • How to determine the vulnerability status of a container • How to determine the risk associated with a specific package

Keeping Up with the Adversary: Creating a Threat-Based Cyber Team

Priyanka Aash

This document discusses a methodology for detecting vulnerabilities in software based on analysis of the project's Git history. It proposes an approach called HVD that considers whether lines of code were added or removed in code changes, which could improve precision over existing techniques. An evaluation using a dataset of over 350,000 commits found that HVD increased the area under the precision-recall curve by 18.8% compared to a baseline that ignores line additions and removals. Features related to computer resources like memory, CPU and networking were found to most significantly contribute to the classification model. The study demonstrates that automatically detecting vulnerabilities from Git data can produce results aligned with human intuition.

Monitoring & Securing Microservices in Kubernetes

Michael Ducy

ieeeprojectsvadapalani

DESIGN AND IMPLEMENTATION OF DATA ENCRYPTION SOFTWARE

Ayanda Demilade

This document presents the design and implementation of data encryption software by Ayanda Demilade Isaac. It discusses the background and need for data encryption. The aim is to compare the encryption techniques of Data Encryption Standard (DES), Triple DES (TDES) and Rijndael, and determine which is more efficient. A literature review analyzes the works, limitations and vulnerabilities of each technique. The research methodology involves a comparative analysis of the encryption algorithms. The results show plain text and cipher text figures. It concludes that Rijndael is more efficient than DES and remains unbroken. Future work could benchmark encryption of different media types like video and audio using Rijndael.

Outpost24 webinar mastering container security in modern day dev ops

Outpost24

Security Testing ModernApps_v1.0

Neelu Tripathy

In the recent years, the traditional application monolith has broken down into a hefty chunk of micro-services thereby increasing the attack surface. We will look at how this increases the entry points into the complex modern day application ecosystem. The modern security tester needs various skills to pen-test such apps including the understanding of containers to successfully break or defend such applications. When we tie this with the fast paced devOps life cycles for applications and explore the challenges when scaling security for such applications across the organization. Hence, this webinar discusses traditional and relatively newer methods of Pen-testing web applications. Thereby illustrating how the changing business requirements and Agile life cycles for applications affect Security testing for modern applications. Key Takeaways: - what do the traditional Pen testing/Security testing Techniques entail? - How is the landscape for Applications changing and how it affects security testing? - What are the key essentials for testing modern applications? - what can be done to scaling Security Assessments(Testing) for Modern & Agile life cycles?

Hunting on the Cheap

EndgameInc

For organizations and individuals with limited security budgets, successfully hunting for cyber adversaries can be a daunting challenge. Threat Intelligence can be expensive and sometimes nothing more than IoCs or blacklists. In this talk, Endgame’s threat research team will present a series of techniques that can enable organizations to leverage free or almost-free sources of data and open-source tools to “hunt on the cheap.” They’ll explain how to: retrieve attackers’ tools from globally distributed honeynets that look like your organization or a juicy launching point to attackers; enrich the data past basic file/tool hashes to identify malicious command and control IPs/domains through automated binary analysis using open-source sandboxes and tools; and use passive DNS data to identify active infections and enrich existing data sets. Attendees will learn how to apply these three techniques to hunt for adversaries within their own networks. They will also learn about the various open-source solutions available, such as graph databases, that make these techniques inexpensive and within the scope of many organizations. Anjum Ahuja, Senior Threat Researcher, Endgame Jamie Butler, Chief Scientist, Endgame Andrew Morris, Threat Researcher, Endgame

Virtual Machine Introspection - Future of the Cloud

Tjylen Veselyj

Finding Diversity In Remote Code Injection Exploits

amiable_indian

1. The document analyzes the diversity among remote code injection exploits by collecting exploit samples from network traces, extracting and emulating shellcodes, and clustering the shellcodes based on an exedit distance metric. 2. It finds that exploits can be grouped into families based on the vulnerability targeted. The LSASS and ISystemActivator exploit families show subtle variations among related exploits, while RemoteActivation exploits exhibit more diversity. 3. Analyzing exploit phylogenies reveals code sharing among families and subtle variations within families, providing insights into the emergence of polymorphism in malware payloads.

Verigraph

Iben Rodriguez

VERIGRAPH: A pre-deployment verification service for Virtualized Network Functions (aka NFV virtual appliances) running on OpenStack with OPNFV. Formal Methods: rigorous mathematical methods based on mathematical models for analysing (computer-based) systems Formal Verification: applied to SDN/NFV-based networks Verify a formal network model satisfies some invariants or network policies (e.g., absence of loops and black holes, reachability, security policies, etc.)

OpenDaylight Brisbane User Group - OpenDaylight Security

David Jorm

The document discusses OpenDaylight's approach to security. It begins with an introduction to the speaker and an overview of the SDN attack surface. It then discusses recent OpenDaylight vulnerabilities like issues with Netconf and host tracking. Defensive technologies like Topoguard and Security-mode ONOS are presented. The document also covers security response best practices for open source projects and secure engineering practices. It provides an assessment of OpenDaylight's current security status and outlines a vision for improved security response and engineering.

Syrian Malware

Kaspersky

This document summarizes a report by Kaspersky Lab on evolving malware attacks originating in Syria. Malicious actors are using social engineering techniques like Skype messages, Facebook posts, and YouTube videos to distribute malware disguised as security programs. The malware payloads identified include remote access Trojans (RATs) like ShadowTech RAT and Dark Comet RAT. Over 100 malware samples have been found targeting activists and others in Syria, Lebanon, Turkey and other countries. The actors operate from locations including Syria, Russia, and Lebanon, and are constantly evolving their methods.

Malware analysis, threat intelligence and reverse engineering

bartblaze

The Log4Shell Vulnerability – explained: how to stay secure

Kaspersky

On December 9th, researchers uncovered a zero-day critical vulnerability in the Apache Log4j library used by millions of Java applications. CVE-2021-44228 or “Log4Shell” is a RCE vulnerability that allows attackers to execute arbitrary code and potentially take full control over an infected system. The vulnerability has been ranked a 10/10 on the CVSSv3 severity scale. While the Apache Foundation has already released a patch for this CVE, it can take weeks or months for vendors to update their software, and there are already widespread scans being conducted by malicious attackers to exploit Log4Shell. What should companies or organizations do? Join Marco Preuss, Head of Europe’s Global Research and Analysis (GReAT) team, Marc Rivero and Dan Demeter, Senior Security Researchers with GReAT, for an in-depth discussion on Log4Shell and a live Q&A session. To see the full webinar, please visit: https://securelist.com/webinars/log4shell-vulnerability-how-to-stay-secure/?utm_source=Slideshare&utm_medium=partner&utm_campaign=gl_jespo_je0066&utm_content=link&utm_term=gl_Slideshare_organic_s966w1tou5a0snh

AusCERT 2016: CVE and alternatives

David Jorm

Understanding container security

John Kinsella

This document discusses container security, providing a brief history of containers, security benefits and challenges of containers, and approaches to container vulnerability management and responding to attacks. It notes that while containers are not new, their adoption has increased rapidly in recent years. The document outlines security advantages like smaller surface areas but also challenges like managing vulnerabilities across many moving parts. It recommends strategies like using official images, hardening hosts, scanning for vulnerabilities, and practicing incident response for containers.

ML13198A410.pdf

ParasPatel967737

This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.

What's hot

ieeeprojectsvadapalani

Ofer rivlin BGU - department seminar

Ofer Rivlin, CISSP

Under-reported Security Defects in Kubernetes Manifests

Akond Rahman

OTechs Hacking and Penetration Testing (BackTrack/Kali) Training Course

Osman Suliman

What Questions Do Programmers Ask About Configuration as Code?

Akond Rahman

Vulnerability Detection Based on Git History

Kenta Yamamoto

Monitoring & Securing Microservices in Kubernetes

Michael Ducy

ieeeprojectsvadapalani

DESIGN AND IMPLEMENTATION OF DATA ENCRYPTION SOFTWARE

Ayanda Demilade

Outpost24 webinar mastering container security in modern day dev ops

Outpost24

Security Testing ModernApps_v1.0

Neelu Tripathy

Hunting on the Cheap

EndgameInc

Virtual Machine Introspection - Future of the Cloud

Tjylen Veselyj

Finding Diversity In Remote Code Injection Exploits

amiable_indian

Verigraph

Iben Rodriguez

OpenDaylight Brisbane User Group - OpenDaylight Security

David Jorm

Syrian Malware

Kaspersky

Malware analysis, threat intelligence and reverse engineering

bartblaze

The Log4Shell Vulnerability – explained: how to stay secure

Kaspersky

AusCERT 2016: CVE and alternatives

David Jorm

What's hot (20)

Ofer rivlin BGU - department seminar

Under-reported Security Defects in Kubernetes Manifests

OTechs Hacking and Penetration Testing (BackTrack/Kali) Training Course

What Questions Do Programmers Ask About Configuration as Code?

Vulnerability Detection Based on Git History

Monitoring & Securing Microservices in Kubernetes

DESIGN AND IMPLEMENTATION OF DATA ENCRYPTION SOFTWARE

Outpost24 webinar mastering container security in modern day dev ops

Security Testing ModernApps_v1.0

Hunting on the Cheap

Virtual Machine Introspection - Future of the Cloud

Finding Diversity In Remote Code Injection Exploits

Verigraph

OpenDaylight Brisbane User Group - OpenDaylight Security

Syrian Malware

Malware analysis, threat intelligence and reverse engineering

The Log4Shell Vulnerability – explained: how to stay secure

AusCERT 2016: CVE and alternatives

Similar to Container intrusions Do You Even IDS

Understanding container security

John Kinsella

ML13198A410.pdf

ParasPatel967737

ML13198A410.pdf

KalsoomTahir2

shivam sahu (firewall).pdfb jndvhjfvhjjf

sahushivam4928

ML13198A410.pdf

ParvezAhmed59842

This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The conclusion is that firewalls must be part of a comprehensive security program, as they cannot prevent, detect, or respond to attacks alone.

An Attacker Looks at Docker: Approaching Multi-Container Applications

Priyanka Aash

Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale applications. This is likely to make life a lot easier for attackers. While exploitation and manipulation of traditional monolithic applications might require specialized experience and training in the target languages and execution environment, applications made up of services distributed among multiple containers can be effectively explored and exploited "from within" using many of the system- and network-level techniques that attackers, such as penetration testers, already know. The goal of this talk is to provide a penetration tester experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. Docker is used as a concrete example for the case study. A penetration tester can expect to leave this presentation with a practical exposure to multi-container application post-exploitation that is as buzzword-free as is possible with such a trendy topic.

An Attacker Looks at Docker: Approaching Multi-Container Applications

Priyanka Aash

"Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale applications. The good news: this is likely to make your life easier as an attacker. While exploitation and manipulation of traditional monolithic applications might require specialized experience and training in the target languages and execution environment, applications made up of services distributed among multiple containers can be effectively explored and exploited ""from within"" using many of the system- and network-level techniques that attackers, such as penetration testers, already know. The goal of this talk is to provide a hacker experienced in exploitation and post-exploitation of networks and systems with an exposure to containerization and the implications it has on offensive operations. Docker is used as a concrete example for the case study. A hacker can expect to leave this presentation with a practical exposure to multi-container application post-exploitation."

Too soft[ware defined] networks SD-Wan vulnerability assessment

Sergey Gordeychik

This document discusses security assessments of software-defined wide area networks (SD-WANs). It begins with an introduction to SD-WAN features and architectures. It then outlines the researchers' approach, which involves examining the SD-WAN attack surface and testing for security issues. The document summarizes potential threats in areas like the control plane, data plane, and virtual network functions. It also provides the perspectives of different roles involved in SD-WANs, such as network engineers, software architects, and security analysts. The researchers conducted a security assessment of SD-WAN that involved examining access control, platform security, management interfaces, and other components.

Offensive cyber security engineer pragram course agenda

ShivamSharma909

This document provides an overview of an offensive cyber security engineer training program offered by infosectrain.com. The 120-hour instructor-led online program includes training in ethical hacking, penetration testing, cyber security tools and techniques. It aims to provide students with skills in areas like reconnaissance, scanning, vulnerability analysis, exploitation, post-exploitation, and reporting. The program covers topics such as Active Directory penetration testing, password cracking, and privilege escalation. It includes hands-on labs and prepares students for the EC-Council Certified Ethical Hacker certification exam.

Offensive cyber security engineer updated

InfosecTrain

Offensive cyber security engineer

ShivamSharma909

Containers and Security for DevOps

Salesforce Engineering

Cem Gurkok presented on containers and security. The presentation covered threats to containers like container exploits and tampering of images. It discussed securing the container pipeline through steps like signing, authentication, and vulnerability scans. It also covered monitoring containers and networks, digital forensics techniques, hardening containers and hosts, and vulnerability management.

Soc analyst course content v3

ShivamSharma909

The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats. https://www.infosectrain.com/courses/soc-analyst-expert-training/

Soc analyst course content

ShivamSharma909

Mining Software Repositories for Security: Data Quality Issues Lessons from T...

CREST

This presentation highlights a range of issues that arise when dealing with data quality, and poses several recommendations, including: Consideration of Label Noise in Negative Class • Semi-Supervised, e.g., self-training, positive or Unlabeled training on unlabeled set • Consideration of Timeliness • Currently labeled data & more positive samples; Preserve data sequence for training • Use of Data Visualization • Try to achieve better data understandability for non data scientists • Creation and Use of Diverse Language Datasets • Bug seeding into semantically similar languages • Use of Data Quality Assessment Criteria • Determine and use specific data quality assessment approaches • Better Data Sharing and Governance

5 Ways to Secure Your Containers for Docker and Beyond

Black Duck by Synopsys

Presented by Tim Mackey, Senior Technology Evangelist, Black Duck Software on August 17. To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk. Tim Mackey, Senior Technical Evangelist at Black Duck Software, provides guidance for developing container security policies and procedures around threats such as: 1. Network security 2. Access control 3. Tamper management and trust 4. Denial of service and SLAs 5. Vulnerabilities Register today to learn about the biggest security challenges you face when deploying containers, and how you can effectively deal with those threats. Watch the webinar on BrightTalk: http://bit.ly/2bpdswg

Azure 101: Shared responsibility in the Azure Cloud

Paulo Renato

Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.

DCSF19 Container Security: Theory & Practice at Netflix

Docker, Inc.

Michael Wardrop, Netflix Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads. As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.

Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris

OW2

There’s a constant rise of the container usage in the existing cloud ecosystem. Most companies are evaluating how to migrate to newer, flexible and automated platform for content and application delivery. The containers are building themselves alone across the business, but who's securing them? This presentation discusses the evolution of infrastructure solutions from servers to containers, how can they be secured. What opensource security options are available today? Where is the future leading towards container security? What will come after containers?

DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff

DevSecCon

This document discusses securing the software development lifecycle (SDLC) when using containers. It begins with an introduction to SDLC models like waterfall and agile. It then covers challenges in applying application security with containers, including unclear boundaries and responsibilities. The main body details how to apply security practices at each phase of the SDLC for containers: requirements, design, implementation, testing, and operations. Key practices include threat modeling, secure coding, image validation, and monitoring. It concludes with emphasizing the importance of involving security champions throughout the process.

Similar to Container intrusions Do You Even IDS (20)

Understanding container security

ML13198A410.pdf

shivam sahu (firewall).pdfb jndvhjfvhjjf

ML13198A410.pdf

An Attacker Looks at Docker: Approaching Multi-Container Applications

Too soft[ware defined] networks SD-Wan vulnerability assessment

Offensive cyber security engineer pragram course agenda

Offensive cyber security engineer updated

Offensive cyber security engineer

Containers and Security for DevOps

Soc analyst course content v3

Soc analyst course content

Mining Software Repositories for Security: Data Quality Issues Lessons from T...

5 Ways to Secure Your Containers for Docker and Beyond

Azure 101: Shared responsibility in the Azure Cloud

DCSF19 Container Security: Theory & Practice at Netflix

Applied Security for Containers, OW2con'18, June 7-8, 2018, Paris

DevSecCon Tel Aviv 2018 - End2End containers SSDLC by Vitaly Davidoff

Recently uploaded

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?

Speck&Tech

ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune. Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile. BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

Presentation of the OECD Artificial Intelligence Review of Germany

innovationoecd

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

SOFTTECHHUB

As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Large Language Model (LLM) and it’s Geospatial Applications

Rohit Gautam

Mind map of terminologies used in context of Generative AI

Kumud Singh

How to use Firebase Data Connect For Flutter

Daiki Mogmet Ito

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Artificial Intelligence for XMLDevelopment

Octavian Nadolu

In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject. We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup. Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved. The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring. The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise. By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

Building RAG with self-deployed Milvus vector database and Snowpark Container...

Zilliz

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

Data structures and Algorithms in Python.pdf

TIPNGVN2

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

20 Comprehensive Checklist of Designing and Developing a Website

Pixlogix Infotech

Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Recently uploaded (20)

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?

UiPath Test Automation using UiPath Test Suite series, part 5

Presentation of the OECD Artificial Intelligence Review of Germany

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Large Language Model (LLM) and it’s Geospatial Applications

Mind map of terminologies used in context of Generative AI

How to use Firebase Data Connect For Flutter

Monitoring Java Application Security with JDK Tools and JFR Events

Artificial Intelligence for XMLDevelopment

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Building RAG with self-deployed Milvus vector database and Snowpark Container...

National Security Agency - NSA mobile device best practices

20240605 QFM017 Machine Intelligence Reading List May 2024

Data structures and Algorithms in Python.pdf

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

20 Comprehensive Checklist of Designing and Developing a Website

Removing Uninteresting Bytes in Software Fuzzing

20240609 QFM020 Irresponsible AI Reading List May 2024

Container intrusions Do You Even IDS

1. 1SANS Technology Institute - Candidate for Master of Science Degree 1 Container Intrusions: Do You Even IDS? Alfredo Hickman April, 2018 GIAC GCIA, GPEN, GCIH, GSEC

2. SANS Technology Institute - Candidate for Master of Science Degree 2 Objectives • After this presentation, you’ll have a foundational understanding of Linux application container benefits and history. • You’ll be empowered with a security primer on Linux application containers. • You’ll understand the paradigm shift between intrusion detection and analysis in traditional vs. container networks. • You’ll be able to tests and assess different classes of container IDSs for effectiveness.

3. SANS Technology Institute - Candidate for Master of Science Degree 3 Linux Containers: Benefits and History 1979 Unix v7 Change Root (chroot) Early 2000’s FreeBSD Jails, Linux VServer, Solaris Zones 2002 – 2007 Control Groups (cgroups), Namespaces 2008 – 2014 LXC, Docker, rkt

4. SANS Technology Institute - Candidate for Master of Science Degree 4 Linux Containers: a Security Primer • Containers security challenges: complexity and speed

5. SANS Technology Institute - Candidate for Master of Science Degree 5 Linux Containers: a Security Primer • The lack of scholarly research into container security

6. SANS Technology Institute - Candidate for Master of Science Degree 6 Linux Containers: a Security Primer • The vulnerability and threat landscape of Linux containers • Synergistic-power attack • Process isolation escape • Data leakage attacks (emanations) • Spectre/Meltdown – memory read bounds control and process isolation violation • Compounded vulnerabilities • Microservices and deployment density surface area

7. SANS Technology Institute - Candidate for Master of Science Degree 7 Linux Containers: a Security Primer • Container security platforms and CI/CD pipeline security • Code contributor identity and access controls • Code commit integrity validation • Vulnerability management (host, packages, images) • Network, host, and container runtime component hardening • Log management, security analytics, and threat hunting

8. SANS Technology Institute - Candidate for Master of Science Degree 8 • Intrusion detection and analysis in traditional networks • Static or pre-defined application network port mappings • Linux kernel audit (some kernel tapping) • Network interface tapping • Network traffic profiling and security analytics Linux Containers: a Security Primer

9. SANS Technology Institute - Candidate for Master of Science Degree 9 • Intrusion detection and analysis in container networks • Bag of System Calls (BoSC) • Kernel tapping modules (common place) • Network interface tapping (software overlay networks) • Network observability analytics • Adaptive application traffic profiling • Adaptive application network port mapping Linux Containers: a Security Primer

10. SANS Technology Institute - Candidate for Master of Science Degree 10 Lab Environment

11. SANS Technology Institute - Candidate for Master of Science Degree 11 • Detection of scanning activity • Detection of application attacks • Detection of malware deployment • Detection of malware execution • Detection of malicious command and control • Detection of malicious privilege escalation IDS Effectiveness Criteria & Test Cases

12. SANS Technology Institute - Candidate for Master of Science Degree 12 IDS Effectiveness Criteria & Test Cases • Detection of malicious data exfiltration • Detection of file integrity violations • Detection of leaked system data • Auto-detection of anomalous behavior • Auto-detection of attacker, victim, infrastructure relationship • Capability for forensic artifact retrieval (PCAP, flow, logs)

13. SANS Technology Institute - Candidate for Master of Science Degree 13 Points Criteria 1 Not effective (method did not work) 2 Moderately effective (method worked, but did not allow for complete functionality, or equivalent to a traditional network implementation) Note: potential for assessor bias 3 Effective (method worked as effectively as a traditional network implementation) Scoring System

14. SANS Technology Institute - Candidate for Master of Science Degree 14 • Scenarios and Results • Security Onion with Snort and OSSEC protecting a virtualized web server hosting DVWA = 44 • Security Onion with Snort and OSSEC protecting a Dockerized web server hosting DVWA = 40 • Wazuh with OSSEC HIDS and PCI DSS module protecting a Dockerized web server hosting DVWA = 38 • Sysdig Falco with the falco-probe kernel module protecting a Dockerized web server hosting DVWA = 43 Research Review & Results

15. SANS Technology Institute - Candidate for Master of Science Degree 15 • Intrusion detection and analysis in traditional vs. container networks • Research, testing, and results • The field is hot, the practice is young, the vulnerabilities are ongoing, and the threats are real Summary

Container intrusions Do You Even IDS

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Container intrusions Do You Even IDS

Similar to Container intrusions Do You Even IDS (20)

Recently uploaded

Recently uploaded (20)

Container intrusions Do You Even IDS