The presentation introduces the group's network and firewall architecture, including a public DMZ, private DMZ, and internal network. It discusses packet filtering and configuring iptables rules to allow certain traffic to the public DMZ servers while blocking other traffic. It also covers tweaks to prevent common attacks like IP spoofing, IP smurfing, SYN flooding and ping flooding through techniques like disabling IP spoofing and source routing, enabling SYN cookies, and rate limiting ICMP echo requests.
Praktické postupy ochrany před DDoS útoky - Přednáška se bude zabývat postupy jak se chránit před DoS/DDoS útoky a to od nejnižší po nejvyšší vrstvu, od malých webů po korporátní sítě.
www.security-session.cz
Remote-access VPNs allow secure access to corporate resources by establishing an encrypted tunnel
across the Internet. The ubiquity of the Internet, combined with today's VPN technologies, allows
organizations to cost-effectively and securely extend the reach of their networks to anyone, anyplace,
anytime.
Praktické postupy ochrany před DDoS útoky - Přednáška se bude zabývat postupy jak se chránit před DoS/DDoS útoky a to od nejnižší po nejvyšší vrstvu, od malých webů po korporátní sítě.
www.security-session.cz
Remote-access VPNs allow secure access to corporate resources by establishing an encrypted tunnel
across the Internet. The ubiquity of the Internet, combined with today's VPN technologies, allows
organizations to cost-effectively and securely extend the reach of their networks to anyone, anyplace,
anytime.
Database firewall is a useful tool that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. However the commercial database firewalls are expensive and needs specific product knowledge, while the opensource database firewalls are designed for specific opensource database servers.
In order to fulfill the need of inexpensive database firewall, Snort - an opensource IDS/IPS - is possible to achieve the goal in some scenarios with familiar rule writing. The paper will explain the limitation of Snort as a database firewall, constraints in commercial database statement and some example implementation.
Presentation I gave at DC207's regular meeting hosted at BlueTarp Financial (https://www.bluetarp.com).
The presentation is a quick overview to a group of industry professionals and university students (many of who have never done anything like this) of using the aircrack-ng suite of tools to crack WEP and WPA passwords. A sandboxed wireless network was setup and live demonstrations were done.
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
Aircrack- ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
A participant will acquire basic skills of searching for vulnerabilities on switches and routers from various vendors. The masterclass will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.
Presentation given at the Brucon security conference in Ghent, Belgium. Two new attacks are described. The first is a Denial of Service attack capable of halting all traffic for one minute by injecting only two frames. The second attack allows the injection of arbitrary many packets towards a client. It is shown that this can be used to perform a portscan on any TKIP-secured client.
Database firewall is a useful tool that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. However the commercial database firewalls are expensive and needs specific product knowledge, while the opensource database firewalls are designed for specific opensource database servers.
In order to fulfill the need of inexpensive database firewall, Snort - an opensource IDS/IPS - is possible to achieve the goal in some scenarios with familiar rule writing. The paper will explain the limitation of Snort as a database firewall, constraints in commercial database statement and some example implementation.
Presentation I gave at DC207's regular meeting hosted at BlueTarp Financial (https://www.bluetarp.com).
The presentation is a quick overview to a group of industry professionals and university students (many of who have never done anything like this) of using the aircrack-ng suite of tools to crack WEP and WPA passwords. A sandboxed wireless network was setup and live demonstrations were done.
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
Aircrack- ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
A participant will acquire basic skills of searching for vulnerabilities on switches and routers from various vendors. The masterclass will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.
Presentation given at the Brucon security conference in Ghent, Belgium. Two new attacks are described. The first is a Denial of Service attack capable of halting all traffic for one minute by injecting only two frames. The second attack allows the injection of arbitrary many packets towards a client. It is shown that this can be used to perform a portscan on any TKIP-secured client.
Facilitated Risk Analysis Process - Tareq HanayshaHanaysha
One of the most popular methods to perform a risk analysis is called Facilitated Risk Analysis Process (FRAP),FRAP will allow any organization to implement risk management techniques in a highly cost-effective way,develop an efficient and disciplined process to ensure that information-related risks to business operations are considered and documented.
Vulnerability scanning report by Tareq HanayshaHanaysha
In this executive summary, we will go visually through the vulnerability scan we`ve done using Nessus and Nsauditor by providing the reader with screen shoots to clarify our scan and to make it easier for the readers to understand our vulnerability scan procedures, then we will introduce our work and give a summary of our findings, vulnerabilities, risks and threats, and try to find solutions or recommendations for these security problems in our conclusion.
In this report, the author will take you through detailed steps of on-site backup using Acronis
true image server edition on MS windows vista and Ms windows 03 server, this lab experiment
takes us through three different backup procedures, and then the restoration of these backed up
data using the same software.
This software is considered as layer 7 in the classification of disaster recover /business
continuity planning layers, but it is still provide us with all the on-site backup procedures ,security
options for our archives ,and a bootable zone in case of operating systems failure .
Going through this lab will help the reader to better understand or give a general image of how
the backup /recovery process take place using one of the available software for backup & recovery.
Detailed information of all the steps taken to accomplish the Lab is explained in this report with the
screen shots
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
2. In our presentation we will introduce :
Our network and firewall architecture.
Then we will go over the public DMZ and the first packet
filter .
3. Last but not least we will give a brief explanations of our
private DMZ .
4. Finally we will introduce our internal network with the
possible attacks and the rules we will use in our packet
filter`s iptables to harden our network and system
against these attacks .
1.
2.
ISSM564-Firewall Fundamentals
2
4. What Is packet filter?
Packet filtering is a network security mechanism that works by
controlling what data can flow to and from a network.
ISSM564-Firewall Fundamentals
4
5. Advantages of using Packet Filter
Easy to install Packet filters make use of current network
routers. Therefore implementing a packet filter security
system is typically less complicated than other network
security solutions.
Supports High Speed With simple network configurations,
packet filters can be fast. Since there is a direct connection
between internal users and external hosts, data can be
transmitted at high speeds.
Makes Security Transparent to End-Users Because packet
filters work at the level of the network router, filtering is
transparent to the end-user. That makes using client
applications much easie
ISSM564-Firewall Fundamentals
5
7. Private DMZ
Proxy server is a server which services the request of its
clients by forwarding requests to other servers. A client
connects to the proxy server requesting service such as
file, connection, web page from different servers.
Transparent proxy is a proxy that does not modify the
request or respond beyond what is required for proxy
authentication and identification.
ISSM564-Firewall Fundamentals
7
8. Packet Filter 1
In our topology no direct traffic is allowed
from global internet to the internal network:
##Traffic from the internet to the public DMZ ##
$iptables -A UNTRUSTED_NET -o $public_dmz -d $public_dmz_http_ipaddr -p
tcp --destination-port 80 -m state --state NEW -j ACCEPT
$iptables -A UNTRUSTED_NET -o $public_dmz -d $public_dmz_dns_ipaddr -p
udp --destination-port 53 -m state --state NEW -j ACCEPT
$iptables -A UNTRUSTED_NET -o $public_dmz -d $public_dmz_smtp_ipaddr -p
tcp --destination-port 25 -m state --state NEW -j ACCEPT
Traffic is go through global internet through public DMZ and internal network
to private DMZ.
ISSM564-Firewall Fundamentals
8
9. Packet Filter 1
Traffic is go through global internet through
public DMZ and internal network to private
DMZ:
####### Traffic from the internet to the private DMZ
$iptables -A UNTRUSTED_NET -o $private_dmz_pf1 -d
$private_dmz_nwaddr
-j DROP
ISSM564-Firewall Fundamentals
9
10. Tweaks we will use to prevent
possible attacks :
Disabling IP Spoofing attacks:
IP spoofing is one of the most common forms of on-line
camouflage. In IP spoofing, an attacker gains
unauthorized access to a computer or a network by
making it appear that a malicious message has come
from a trusted machine by “spoofing” the IP address of
that machine.
echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
ISSM564-Firewall Fundamentals
10
11. Tweaks we will use to prevent
possible attacks :
Disabling IP Smurfing attacks:
IP Smurfing is a form of network "attack" that can result in
such a large traffic load on your wide-area Internet connection
that you may be denied service across this link. This form of
attack is also called a Denial of Service attack (DoS Attack),
This can be limited by setting timeouts.
echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
ISSM564-Firewall Fundamentals
11
12. Tweaks we will use to prevent
possible attacks :
Block Source Routing:
Source routing allows the sender of the packet to specify
the route that a packet must take in traveling to the
destination.
So Its better to block source routing from the Gateway
itself to prevent discovering the IP addresses of routers
within our network.
echo 0 >
/proc/sys/net/ipv4/conf/all/accept_source_route
ISSM564-Firewall Fundamentals
12
13. Tweaks we will use to prevent
possible attacks :
Disable all redirection requests in Gateway machine:
echo 0 >/proc/sys/net/ipv4/conf/all/accept_redirects
The below command enables bad error message
protection
echo 1 >
/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
ISSM564-Firewall Fundamentals
13
14. Tweaks we will use to prevent
possible attacks :
Basic Rules of a typical Firewall:
Kill INVALID packets with illegal combination flags.
$IPTABLES -A INPUT -m state --state INVALID -j DROP $IPTABLES -A FORWARD -m state --state
INVALID -j DROP
No restrictions to connections from localhost
$IPTABLES -A INPUT -i lo -j ACCEPT
Reject connections from Outside world to Internal loop back device.
$IPTABLES -A INPUT -d 127.0.0.0/8 -j REJECT
No restrictions for traffic generating from legit internal addresses
$IPTABLES -A INPUT -i $INTERNALIF -s $INTERNALNET -j ACCEPT
Incase we have to use IPv6 addresses in your environment uncomment the below line:
#$IPTABLES -A INPUT -p ipv6 -j ACCEPT
Kill all packets from Outside world claiming to be packets generated from Internal network.
$IPTABLES -A INPUT -i $EXTERNALIF -s $INTERNALNET -j REJECT
Block ICMP requests.
$IPTABLES -A FORWARD -p icmp --icmp-type echo-request -o $INTERNALIF -j REJECT
ISSM564-Firewall Fundamentals
14
15. Tweaks we will use to prevent
possible attacks :
Trying to prevent SYN flood attacks:
A SYN flood is a form of denial-of-service attack in which an attacker sends
a succession of SYN requests to a target's system.
One of most important steps is to enable the operating system's built-in
protection mechanisms like SYN cookies. In Linux, we can set the SYN
Cookies in the following manner.
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Disable all redirection requests in Gateway machine:
echo 0 >/proc/sys/net/ipv4/conf/all/accept_redirects
The below command enables bad error message protection
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
ISSM564-Firewall Fundamentals
15
16. Tweaks we will use to prevent
possible attacks :
Prevent Ping flood attacks:
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -m
limit --limit 1/s -j ACCEPT $IPTABLES -A INPUT -p icmp
--icmp-type echo-request -j DROP
ISSM564-Firewall Fundamentals
16