There is no doubt that Intrusion Detection Systems should be incorporated into any security infrastructure, however today’s IDS implementations are far from perfect. Security Managers should continue to add layers to their defense strategy and not place too much reliance on this technology, as it’s not easy to create a system that can effectively flag an attack without crashing under the weight of its own logs, operate relatively maintenance free and respond appropriately to benign anomalous events without raising too many false alarms.
This session discusses some of the most common techniques aimed at evading IDS detection order to easily attack the infrastructure sitting behind those systems.
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Web application attacks can take many forms, including cross-site scripting (XSS), SQL injection, parameter tampering, command injection, session management issues, cookie poisoning, directory traversal, cross-site request forgery, and buffer overflows. XSS is a vulnerability that allows malicious JavaScript code to be injected and run in a user's browser, potentially accessing data. SQL injection involves inserting SQL commands into a database query to gain unauthorized access. Parameter tampering modifies URL parameters to change expected behavior.
An intrusion detection system (IDS) monitors network traffic and system activities for suspicious activity that could indicate a security threat or attack. An IDS analyzes patterns in traffic to identify potential threats. There are network IDS that monitor entire network traffic and host IDS that monitor individual systems. An IDS detects threats but does not prevent them. An intrusion prevention system (IPS) can detect and prevent threats by blocking malicious traffic in real-time. An IPS combines IDS detection capabilities with preventative blocking functions. Common types of IPS include inline network IPS, layer 7 switches, application firewalls, and hybrid switches.
Basic Network Attacks
The active and passive attacks can be differentiated on the basis of what are they, how they are performed and how much extent of damage they cause to the system resources. But, majorly the active attack modifies the information and causes a lot of damage to the system resources and can affect its operation. Conversely, the passive attack does not make any changes to the system resources and therefore doesn’t causes any damage.
The document discusses intrusion prevention systems (IPS), which monitor network and system activity to identify and block malicious activity. It describes how IPS uses signature-based or anomaly-based detection methods to identify intrusions. IPS can be network-based, host-based, wireless, or focus on network behavior analysis. The document contrasts IPS with intrusion detection systems (IDS), which can only detect and report intrusions, while IPS can actively prevent them. It also compares IPS to firewalls, noting that IPS monitors for unwanted entries while firewalls regulate activity based on set rules.
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
Network security involves protecting network usability and integrity through hardware and software technologies. It addresses vulnerabilities that threats may exploit to launch attacks. Common vulnerabilities include issues with technologies, configurations, and security policies. Threats aim to take advantage of vulnerabilities and can be structured, unstructured, internal, or external. Common attacks include reconnaissance to gather information, unauthorized access attempts, denial-of-service to disrupt availability, and use of malicious code like worms, viruses, and Trojan horses.
IPS (Intrusion Prevention System) is definitely the next level of security technology with its capability to
provide security at all system levels from the operating system kernel to network data packets. It
provides policies and rules for network traffic along with an IDS for alerting system or network
administrators to suspicious traffic, but allows the administrator to provide the action upon being
alerted. Where IDS informs of a potential attack, an IPS makes attempts to stop it. Another huge leap
over IDS, is that IPS has the capability of being able to prevent known intrusion signatures, but also
some unknown attacks due to its database of generic attack behaviours. Thought of as a combination of
IDS and an application layer firewall for protection, IPS is generally considered to be the "next
generation" of IDS.
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Web application attacks can take many forms, including cross-site scripting (XSS), SQL injection, parameter tampering, command injection, session management issues, cookie poisoning, directory traversal, cross-site request forgery, and buffer overflows. XSS is a vulnerability that allows malicious JavaScript code to be injected and run in a user's browser, potentially accessing data. SQL injection involves inserting SQL commands into a database query to gain unauthorized access. Parameter tampering modifies URL parameters to change expected behavior.
An intrusion detection system (IDS) monitors network traffic and system activities for suspicious activity that could indicate a security threat or attack. An IDS analyzes patterns in traffic to identify potential threats. There are network IDS that monitor entire network traffic and host IDS that monitor individual systems. An IDS detects threats but does not prevent them. An intrusion prevention system (IPS) can detect and prevent threats by blocking malicious traffic in real-time. An IPS combines IDS detection capabilities with preventative blocking functions. Common types of IPS include inline network IPS, layer 7 switches, application firewalls, and hybrid switches.
Basic Network Attacks
The active and passive attacks can be differentiated on the basis of what are they, how they are performed and how much extent of damage they cause to the system resources. But, majorly the active attack modifies the information and causes a lot of damage to the system resources and can affect its operation. Conversely, the passive attack does not make any changes to the system resources and therefore doesn’t causes any damage.
The document discusses intrusion prevention systems (IPS), which monitor network and system activity to identify and block malicious activity. It describes how IPS uses signature-based or anomaly-based detection methods to identify intrusions. IPS can be network-based, host-based, wireless, or focus on network behavior analysis. The document contrasts IPS with intrusion detection systems (IDS), which can only detect and report intrusions, while IPS can actively prevent them. It also compares IPS to firewalls, noting that IPS monitors for unwanted entries while firewalls regulate activity based on set rules.
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
Network security involves protecting network usability and integrity through hardware and software technologies. It addresses vulnerabilities that threats may exploit to launch attacks. Common vulnerabilities include issues with technologies, configurations, and security policies. Threats aim to take advantage of vulnerabilities and can be structured, unstructured, internal, or external. Common attacks include reconnaissance to gather information, unauthorized access attempts, denial-of-service to disrupt availability, and use of malicious code like worms, viruses, and Trojan horses.
IPS (Intrusion Prevention System) is definitely the next level of security technology with its capability to
provide security at all system levels from the operating system kernel to network data packets. It
provides policies and rules for network traffic along with an IDS for alerting system or network
administrators to suspicious traffic, but allows the administrator to provide the action upon being
alerted. Where IDS informs of a potential attack, an IPS makes attempts to stop it. Another huge leap
over IDS, is that IPS has the capability of being able to prevent known intrusion signatures, but also
some unknown attacks due to its database of generic attack behaviours. Thought of as a combination of
IDS and an application layer firewall for protection, IPS is generally considered to be the "next
generation" of IDS.
This document provides an overview of remote access service (RAS) including its types, components, supported clients, connection types, protocols, and how it works. RAS allows remote users to securely access a corporate network through a remote access server. It describes two main types of RAS - dial-up, which uses analog phone lines, and VPN access, which creates a secure connection over the internet. The document also outlines the various protocols and components involved in establishing and maintaining remote connections.
This document discusses various topics related to network security including Secure Socket Layer/Transport Layer Security (SSL/TLS), Virtual Private Network (VPN), firewall, malware analysis, penetration testing, and digital forensics. SSL/TLS provides security at the transport and session layers. A VPN extends private networks across public networks like the internet. Firewalls control incoming and outgoing network traffic based on rules. Malware analysis involves reverse engineering malware to understand its capabilities and behavior. Penetration testing involves authorized hacking to test security. Digital forensics applies scientific principles to the collection, examination, and analysis of digital evidence.
The document discusses the TCP/IP protocol stack and the headers used at each layer.
It describes that TCP works to divide files into packets and send them to workstations, while IP handles routing packets through networks. The TCP header includes fields like source/destination port numbers, sequence numbers, flags, and checksums. The IP header treats the TCP header+data as a datagram and adds its own header fields like version, length, identification, flags, time to live, and source/destination addresses.
An Authentication Header can also be added for security purposes to authenticate senders and protect against modification of packets.
This document provides an overview of intrusion prevention systems (IPS). It defines IPS and their main functions, which include identifying intrusions, logging information, attempting to block intrusions, and reporting them. It also discusses terminology related to IPS like false positives and negatives. The document outlines different detection methods used by IPS like signature-based, anomaly-based, and stateful protocol analysis. It categorizes IPS based on deployment like network-based, host-based, and wireless. It provides Snort, an open-source IPS, as a case study and discusses its components, rules structure, and challenges.
These slides guides you through the tools and techniques one can use for footprinting websites or people.You will find amazing tools and techniques have a look
The application layer allows users to interface with networks through application layer protocols like HTTP, SMTP, POP3, FTP, Telnet, and DHCP. It provides the interface between applications on different ends of a network. Common application layer protocols include DNS for mapping domain names to IP addresses, HTTP for transferring web page data, and SMTP/POP3 for sending and receiving email messages. The client/server and peer-to-peer models describe how requests are made and fulfilled over the application layer.
SMTP is the standard protocol for sending emails between servers. Under SMTP, a client SMTP process opens a TCP connection to a remote server SMTP process and sends mail across the connection. The server listens on port 25 for connections. When a connection is made, the two processes execute a simple request-response dialogue defined by SMTP to transmit sender and recipient addresses and the email message itself. Mail is then forwarded to remote servers or delivered locally. POP3 and IMAP allow users to download stored mail from the local server.
Snort is an open-source network intrusion detection and prevention system that performs real-time traffic analysis and packet logging on IP networks. It can detect a variety of attacks through protocol analysis, content searching, and matching. Snort functions in sniffer, packet logger, and intrusion detection modes. As a network intrusion detection system, it monitors network traffic and compares it to a database of attack signatures. Snort rules are used to detect suspicious activity and are organized into categories covering web, SQL, shellcode attacks and more.
The document discusses the World Wide Web (WWW) and Hypertext Transfer Protocol (HTTP). It describes the basic architecture of the WWW including clients, servers, web pages, and URLs. It explains that web pages can be static, dynamic, or active. The document then discusses HTTP in more detail, including how HTTP requests and responses are structured, how persistent connections work in HTTP 1.1, and how caching can improve performance.
This document provides an overview of IPSec, including:
- IPSec aims to secure IP communications by providing authentication, integrity, and confidentiality. It operates in transport and tunnel modes.
- The Internet Key Exchange (IKE) negotiates and establishes security associations to secure communications between two endpoints.
- IPSec policy defines which encryption, hashing, and authentication methods apply to different network traffic using protection suites and proposals.
This document summarizes a student's class presentation on the network intrusion prevention and detection system called Snort. It describes what Snort is, its architecture and components, how its detection engine uses rules to detect intrusions, and possible research areas to improve Snort such as developing more efficient detection algorithms or organizing rules into better data structures.
Packet sniffing involves monitoring network traffic by capturing and analyzing data packets as they flow through a network interface. It can be performed using packet sniffers, which are programs that can intercept and read all network traffic passing through a device's network interface card or wireless adapter. While packet sniffers can be used for troubleshooting network issues, they can also be used maliciously by hackers to intercept sensitive information like usernames and passwords by using techniques like ARP spoofing to fool devices into thinking the hacker's machine has the IP address of another machine on the network. Network administrators can use tools to detect the presence of packet sniffers operating in promiscuous mode and monitor ARP caches for signs of spoofing.
This document discusses email security and ways to secure emails. It covers confidentiality, integrity and availability as important aspects of email security. Some key points:
- Email security deals with unauthorized access and inspection of emails during transmission and storage. Emails pass through untrusted servers making them vulnerable.
- Methods to secure emails include using encryption tools like PGP and S/MIME at the sender and receiver sides, and during transmission.
- PGP provides encryption, authentication, compression and ensures email compatibility. It is free, worldwide and based on secure algorithms. S/MIME allows secure exchange of emails with attachments and is supported by major email clients.
This document discusses packet sniffing and methods for detecting packet sniffers. It defines packet sniffing as monitoring all network packets and describes common packet sniffer tools like tcpdump. It explains that packet sniffers can be used for both legitimate and malicious purposes, such as password theft or network mapping. The document outlines two key methods for detecting packet sniffers - MAC detection and DNS detection. MAC detection works by sending packets with invalid MAC addresses and checking if any hosts respond in promiscuous mode. DNS detection exploits the behavior of sniffers performing DNS lookups on spoofed source IP addresses. Both methods were found to accurately detect the presence of packet sniffers on a network.
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
Hacking
History Of Hacking
Types of Hacking
The Most World’s famous Hackers
Types Of Hackers
Scope Of Ethical Hackers
Cyber Laws for Hacking and their Punishments in Pakistan
How to Prevent Hacking
Port scanning involves sending packets to ports on a target system to discover which ports are open and may be exploited. There are several common port scanning techniques like TCP connect scanning, SYN scanning, FIN scanning, and UDP scanning. Port scanners try to avoid detection by scanning slowly, spoofing packets, or fragmenting packets. Systems can detect port scans through signatures like many connections to different ports from the same source in a short time.
This document discusses types of attacks on computer and network security. It defines passive and active attacks. Passive attacks monitor systems without interaction and include interception and traffic analysis attacks. Interception involves unauthorized access to messages. Traffic analysis examines communication patterns. Active attacks make unauthorized changes and include masquerade, interruption, fabrication, session replay, modification, and denial of service attacks. Masquerade involves assuming another user's identity. Interruption obstructs communication. Fabrication inserts fake messages. Session replay steals login information. Modification alters packet addresses or data. Denial of service deprives access by overwhelming the target.
delighted to welcome her to the team. Clare brings a
wealth of experience from her previous roles and I am
The document summarizes the first few weeks of Richard sure she will be a great asset to the Club. She will be
Holliday taking on the role of Honorary Secretary of The focusing initially on reviewing our operations and
Wimbledon Club. He expresses surprise at being selected identifying areas for improvement and growth. I am
for the role given his long involvement with the club as a looking forward to working closely with Clare and the
member and player. In his initial weeks he has found the rest of the management team to take the Club from
role requires more time than expected to
Este documento resume un taller sobre la inteligencia competitiva y su impacto en las pequeñas y medianas empresas. El taller cubre temas como la definición de inteligencia competitiva, la vigilancia e innovación, el paso de ser meros vigilantes a ser inteligentes, la importancia de la semántica, la web visible y profunda, la inteligencia competitiva 2.0, casos reales de impacto de la inteligencia competitiva en empresas, cómo las herramientas pueden enseñarnos a vigilar, la identificación de oportunidades y amenazas, el enlace
This document provides an overview of remote access service (RAS) including its types, components, supported clients, connection types, protocols, and how it works. RAS allows remote users to securely access a corporate network through a remote access server. It describes two main types of RAS - dial-up, which uses analog phone lines, and VPN access, which creates a secure connection over the internet. The document also outlines the various protocols and components involved in establishing and maintaining remote connections.
This document discusses various topics related to network security including Secure Socket Layer/Transport Layer Security (SSL/TLS), Virtual Private Network (VPN), firewall, malware analysis, penetration testing, and digital forensics. SSL/TLS provides security at the transport and session layers. A VPN extends private networks across public networks like the internet. Firewalls control incoming and outgoing network traffic based on rules. Malware analysis involves reverse engineering malware to understand its capabilities and behavior. Penetration testing involves authorized hacking to test security. Digital forensics applies scientific principles to the collection, examination, and analysis of digital evidence.
The document discusses the TCP/IP protocol stack and the headers used at each layer.
It describes that TCP works to divide files into packets and send them to workstations, while IP handles routing packets through networks. The TCP header includes fields like source/destination port numbers, sequence numbers, flags, and checksums. The IP header treats the TCP header+data as a datagram and adds its own header fields like version, length, identification, flags, time to live, and source/destination addresses.
An Authentication Header can also be added for security purposes to authenticate senders and protect against modification of packets.
This document provides an overview of intrusion prevention systems (IPS). It defines IPS and their main functions, which include identifying intrusions, logging information, attempting to block intrusions, and reporting them. It also discusses terminology related to IPS like false positives and negatives. The document outlines different detection methods used by IPS like signature-based, anomaly-based, and stateful protocol analysis. It categorizes IPS based on deployment like network-based, host-based, and wireless. It provides Snort, an open-source IPS, as a case study and discusses its components, rules structure, and challenges.
These slides guides you through the tools and techniques one can use for footprinting websites or people.You will find amazing tools and techniques have a look
The application layer allows users to interface with networks through application layer protocols like HTTP, SMTP, POP3, FTP, Telnet, and DHCP. It provides the interface between applications on different ends of a network. Common application layer protocols include DNS for mapping domain names to IP addresses, HTTP for transferring web page data, and SMTP/POP3 for sending and receiving email messages. The client/server and peer-to-peer models describe how requests are made and fulfilled over the application layer.
SMTP is the standard protocol for sending emails between servers. Under SMTP, a client SMTP process opens a TCP connection to a remote server SMTP process and sends mail across the connection. The server listens on port 25 for connections. When a connection is made, the two processes execute a simple request-response dialogue defined by SMTP to transmit sender and recipient addresses and the email message itself. Mail is then forwarded to remote servers or delivered locally. POP3 and IMAP allow users to download stored mail from the local server.
Snort is an open-source network intrusion detection and prevention system that performs real-time traffic analysis and packet logging on IP networks. It can detect a variety of attacks through protocol analysis, content searching, and matching. Snort functions in sniffer, packet logger, and intrusion detection modes. As a network intrusion detection system, it monitors network traffic and compares it to a database of attack signatures. Snort rules are used to detect suspicious activity and are organized into categories covering web, SQL, shellcode attacks and more.
The document discusses the World Wide Web (WWW) and Hypertext Transfer Protocol (HTTP). It describes the basic architecture of the WWW including clients, servers, web pages, and URLs. It explains that web pages can be static, dynamic, or active. The document then discusses HTTP in more detail, including how HTTP requests and responses are structured, how persistent connections work in HTTP 1.1, and how caching can improve performance.
This document provides an overview of IPSec, including:
- IPSec aims to secure IP communications by providing authentication, integrity, and confidentiality. It operates in transport and tunnel modes.
- The Internet Key Exchange (IKE) negotiates and establishes security associations to secure communications between two endpoints.
- IPSec policy defines which encryption, hashing, and authentication methods apply to different network traffic using protection suites and proposals.
This document summarizes a student's class presentation on the network intrusion prevention and detection system called Snort. It describes what Snort is, its architecture and components, how its detection engine uses rules to detect intrusions, and possible research areas to improve Snort such as developing more efficient detection algorithms or organizing rules into better data structures.
Packet sniffing involves monitoring network traffic by capturing and analyzing data packets as they flow through a network interface. It can be performed using packet sniffers, which are programs that can intercept and read all network traffic passing through a device's network interface card or wireless adapter. While packet sniffers can be used for troubleshooting network issues, they can also be used maliciously by hackers to intercept sensitive information like usernames and passwords by using techniques like ARP spoofing to fool devices into thinking the hacker's machine has the IP address of another machine on the network. Network administrators can use tools to detect the presence of packet sniffers operating in promiscuous mode and monitor ARP caches for signs of spoofing.
This document discusses email security and ways to secure emails. It covers confidentiality, integrity and availability as important aspects of email security. Some key points:
- Email security deals with unauthorized access and inspection of emails during transmission and storage. Emails pass through untrusted servers making them vulnerable.
- Methods to secure emails include using encryption tools like PGP and S/MIME at the sender and receiver sides, and during transmission.
- PGP provides encryption, authentication, compression and ensures email compatibility. It is free, worldwide and based on secure algorithms. S/MIME allows secure exchange of emails with attachments and is supported by major email clients.
This document discusses packet sniffing and methods for detecting packet sniffers. It defines packet sniffing as monitoring all network packets and describes common packet sniffer tools like tcpdump. It explains that packet sniffers can be used for both legitimate and malicious purposes, such as password theft or network mapping. The document outlines two key methods for detecting packet sniffers - MAC detection and DNS detection. MAC detection works by sending packets with invalid MAC addresses and checking if any hosts respond in promiscuous mode. DNS detection exploits the behavior of sniffers performing DNS lookups on spoofed source IP addresses. Both methods were found to accurately detect the presence of packet sniffers on a network.
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
Hacking
History Of Hacking
Types of Hacking
The Most World’s famous Hackers
Types Of Hackers
Scope Of Ethical Hackers
Cyber Laws for Hacking and their Punishments in Pakistan
How to Prevent Hacking
Port scanning involves sending packets to ports on a target system to discover which ports are open and may be exploited. There are several common port scanning techniques like TCP connect scanning, SYN scanning, FIN scanning, and UDP scanning. Port scanners try to avoid detection by scanning slowly, spoofing packets, or fragmenting packets. Systems can detect port scans through signatures like many connections to different ports from the same source in a short time.
This document discusses types of attacks on computer and network security. It defines passive and active attacks. Passive attacks monitor systems without interaction and include interception and traffic analysis attacks. Interception involves unauthorized access to messages. Traffic analysis examines communication patterns. Active attacks make unauthorized changes and include masquerade, interruption, fabrication, session replay, modification, and denial of service attacks. Masquerade involves assuming another user's identity. Interruption obstructs communication. Fabrication inserts fake messages. Session replay steals login information. Modification alters packet addresses or data. Denial of service deprives access by overwhelming the target.
delighted to welcome her to the team. Clare brings a
wealth of experience from her previous roles and I am
The document summarizes the first few weeks of Richard sure she will be a great asset to the Club. She will be
Holliday taking on the role of Honorary Secretary of The focusing initially on reviewing our operations and
Wimbledon Club. He expresses surprise at being selected identifying areas for improvement and growth. I am
for the role given his long involvement with the club as a looking forward to working closely with Clare and the
member and player. In his initial weeks he has found the rest of the management team to take the Club from
role requires more time than expected to
Este documento resume un taller sobre la inteligencia competitiva y su impacto en las pequeñas y medianas empresas. El taller cubre temas como la definición de inteligencia competitiva, la vigilancia e innovación, el paso de ser meros vigilantes a ser inteligentes, la importancia de la semántica, la web visible y profunda, la inteligencia competitiva 2.0, casos reales de impacto de la inteligencia competitiva en empresas, cómo las herramientas pueden enseñarnos a vigilar, la identificación de oportunidades y amenazas, el enlace
1. The document describes steps to create agro-climatic zones of Tanzania using GIS by analyzing temperature, rainfall, and evapotranspiration data.
2. Key steps include converting vector data to raster, calculating moisture availability, classifying temperature and moisture zones, and combining the zones to produce the final agro-climatic map.
3. Models are created in GIS software to automate the process and allow easy reproduction of the analysis.
El documento describe los servicios de correo electrónico en la nube ofrecidos por Web Comunicaciones. Incluye las ventajas como 1GB de almacenamiento, 99.9% de disponibilidad, seguridad SSL y anti-spam efectivo. Explica los diferentes planes de correo con sus configuraciones y características. También detalla el panel de administración, protocolos soportados como POP, IMAP y webmail, así como las funciones del sistema webmail.
El documento define la informática como la ciencia que estudia los métodos para almacenar, procesar y transmitir información digital. Explica que la informática y la tecnología se han desarrollado rápidamente en la segunda mitad del siglo XX y ahora son esenciales en la sociedad moderna. También describe brevemente los componentes hardware y software de una computadora y algunos usos y consecuencias del uso de la tecnología.
Normetal es un líder en la construcción modular prefabricada en la Península Ibérica desde 1973. Cuenta con fábricas en Portugal y talleres en Angola y Mozambique, y ha ejecutado proyectos educativos, culturales y de turismo en 14 países africanos. Ofrece módulos prefabricados, campamentos y viviendas llave en mano de manera personalizada.
This document is a script for a 30-second public service announcement about leukemia and lymphoma. It features three people - Rachel, Cheryl, and Michael - with Rachel and Cheryl as survivors and Michael sharing his hope that one day there will be cures and people can "remember when there was no cure." The PSA aims to raise awareness about the continued need for support as every 5 minutes someone is diagnosed with these cancers.
BPI Media Group is a full-service graphics communications provider founded in 1979 that has expanded beyond traditional printing to offer additional services including design, digital and commercial printing, fulfillment, mailing, and more. They provide solutions for concept design, data management, integrated marketing, storefronts, digital and commercial printing, fulfillment, mailing, digital publishing, and QR codes. Their goal is to help clients effectively bring products and services to market in today's changing business environment.
Este documento ofrece servicios de cobertura fotográfica para eventos como bodas y quince años. Incluye 8 horas de cobertura, fotografías en alta y baja resolución en DVD, una galería en línea con 100 imágenes y ampliaciones. El paquete básico cuesta $3,000 más IVA. Se ofrecen adicionales como ampliaciones mayores, álbumes fotográficos digitales e impresiones.
Novagob 2015 ConRed Nuevos Marcos Para la Participacion CiudadanaConred Santa Cruz
La Red para la Convivencia Ciudadana de Santa Cruz de Tenerife es una red de entidades ciudadanas creada en 2008 para promover la participación ciudadana. La red busca fomentar la colaboración entre asociaciones, mejorar la comunicación, e impulsar proyectos comunitarios para hacer de la ciudad un lugar más humano y solidario. Actualmente cuenta con 240 colectivos registrados y trabaja para fortalecer la participación ciudadana a través de mesas de trabajo, talleres, intercambios de recursos y otras actividades.
Open Cloud Storage @ OpenStack Summit Parisit-novum
This slides are the original slides from Michael Kienle @ OpenStack Summit in Paris November 2014 focusing on Open Cloud Storage - Building a flexible and large - scale software-defined storage platform for OpenStack
Este documento describe los elementos clave del proceso educativo, incluyendo la concepción educativa, la tecnología educativa, los sujetos involucrados y los componentes del currículo. Explica que la concepción educativa refleja los valores e ideales de una sociedad, mientras que la tecnología educativa busca implementar esa concepción de manera efectiva. También destaca que el proceso educativo implica fines, contenidos, métodos y evaluaciones coherentes, así como la participación del educando y el educador.
1era. jornada de mercado de capitales jujuy .- Dr. Juan Otero CNVInvierta Jujuy
Este documento resume el marco legal actual de prevención de lavado de dinero y financiamiento del terrorismo en la Comisión Nacional de Valores de Argentina. Detalla las leyes, decretos y resoluciones que rigen a los sujetos obligados a reportar operaciones sospechosas e implementar sistemas de prevención. También describe los procedimientos de supervisión de la Unidad de Información Financiera, las medidas correctivas y sanciones aplicables. Finalmente, resume los avances realizados por Argentina para cumplir con los estándares del GAFI.
Metodo de consultoria en spingen para sfa oqlINNOVO USACH
PLAN DE ACCIÓN PARA CONSTRUIR UN ÁREA DE VENTAS DE ALTO DESEMPEÑO. Procesos de Aprendizajes en equipos comerciales y Ventas. Camino hacia la Mejora COntinua en funcion Comercial y Ventas. Critical Steps toward SFA.
Herkömmliche Wikis haben aus Sicht des Wissensmanagements Schwächen. Semantic MediaWiki eignet sich als Wissensmanagement-System, soferne es nicht in erster Linie um die Verwaltung von Doikumenten, sondern den Inhalten geht.
Este documento presenta la descripción de un curso de Matemática II dictado en la Pontificia Universidad Católica del Ecuador. El curso se enfoca en aplicar conceptos algebraicos y de cálculo a problemas y casos de estudio en administración y economía. El curso consta de 6 unidades temáticas y será evaluado a través de dos parciales y un examen final.
The document outlines a pitch deck for Simpligrab, an e-commerce one-stop-shop platform offering a variety of products and services. The platform includes e-shops, a virtual grand mall, and services for interior/exterior design, event planning, and health/nutrition. It aims to provide customers a revolutionary shopping experience through virtual themes, 3D/4D views, and personalized home visits. Key features include being a one-stop shop, virtual grand mall experience, customizable online themes, and subject matter expertise across verticals.
1. atr42 uso de hoja de carga mecanizadaSwiftAir S.A.
The document provides instructions for completing a load sheet for an ATR42 aircraft with the following flight details:
- Flight number: SWT7025
- Origin: VLC
- Destination: MAD
- Aircraft registration: EC-JBX
- Ramp fuel: 1700 kg
- Taxi fuel: 50 kg
- Trip fuel: 650 kg
It includes sections to input payload weight distribution across holds and signatures for the loader, load planner, and accepting captain.
Presentacion corporativa de Co(m)versa. Aplicacion de las tecnologias moviles desde un punto de vista de emprendedores + "hazañas" de nuestros 6 años.
This document discusses techniques used to evade detection from enterprise security systems. It covers common security technologies like firewalls, IDS, IPS and how attackers can bypass them. Specific evasion techniques discussed include modifying packet headers, fragmentation, source routing and using tunnels through other compromised systems. The goal is to introduce common concepts but the document is not intended to be comprehensive.
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPROIDEA
This document provides a summary of techniques to secure network infrastructure. It discusses protecting devices through secure access controls, filtering infrastructure to permit only required protocols, securing routing protocols through authentication and prefix filtering, securing MPLS through design rules and ACLs, and securing DNS through techniques like DNSSEC to prevent cache poisoning and unauthorized updates. The document outlines common attacks like spoofing, hijacking, and denial of service and recommends mitigation strategies across the network, routing, and application layers.
THREATS are possible attacks.
It includes
The spread of computer viruses
Infiltration and theft of data from external hackers
Engineered network overloads triggered by malicious mass e-mailing
Misuse of computer resources and confidential information by employees
Unauthorized financial transactions and other kinds of computer fraud conducted in the company's name
Electronic inspection of corporate computer data by outside parties
Damage from failure, fire, or natural disasters
Where firewalls fit in the corporate landscape discusses various firewall topics such as why firewalls are needed, the risks without firewalls, what needs to be secured, firewall components, types of firewalls including packet filters, proxy firewalls, and network address translation. It also covers deploying and configuring firewalls properly, auditing firewalls, and trends in firewall technologies. The document provides an overview of firewall concepts and best practices for implementation in a corporate environment.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
This document discusses firewalls and network security. It begins by outlining common firewall topics and risks to networks like data theft and denial of service attacks. It then examines why firewalls are needed to secure networks and assets. The document outlines different types of firewalls like packet filters, proxy firewalls, and network address translation. It discusses strengths and weaknesses of each approach. Finally, it covers best practices for firewall deployment, configuration, auditing and trends in firewall technologies.
This document discusses network security and protocols. It covers internal and external threats to networks like unauthorized access, data destruction, and hacking. It also discusses ways to protect networks from these threats, including passwords, firewalls, encryption, authentication protocols, and virtual local area networks (VLANs). The document outlines concepts like cryptography, digital signatures, and authentication protocols. It also discusses firewalls, storage technologies like RAID, NAS, and SAN for fault tolerance, and tape backups.
The document discusses the basics of IT security including the CIA triad of confidentiality, integrity and availability. It also covers common security concepts such as assets, vulnerabilities, threats, countermeasures and risks. Additionally, it summarizes authentication, authorization and accounting (AAA) protocols, common attacks and how to implement secure network architecture.
Network security is important to protect systems from attacks. Firewalls act as the first line of defense, blocking unauthorized incoming and outgoing network traffic based on security rules. Different types of firewalls operate at different layers of the OSI model and provide varying levels of security. No single security measure can guarantee protection, so a defense-in-depth approach using firewalls along with other tools like intrusion detection systems is recommended.
The document provides an overview of existing IP traceback mechanisms, including controlled flooding, input debugging, overlay networks, probabilistic packet marking, deterministic packet marking, packet messaging, packet logging, and hybrid approaches. It discusses taxonomy, capabilities, evaluation criteria, comparisons of mechanisms, and applications of traceback. The conclusion questions whether traceback is truly needed given current intrusion detection and prevention capabilities.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The conclusion is that firewalls must be part of a comprehensive security program, as they cannot prevent, detect, or respond to attacks alone.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Module 7 Firewalls Part - 2 Presentation9921103075
The document discusses various topics related to firewalls including:
- Types of firewalls such as packet filtering gateways, stateful inspection firewalls, application proxies, guards, and personal firewalls.
- Network Address Translation (NAT) which allows private networks to use public IP addresses, thereby supporting features like address pooling and migration between service providers.
- Concerns with NAT including impacts to performance, fragmentation, and end-to-end connectivity.
- File Transfer Protocol (FTP) which uses separate channels for commands and data transfer between clients and servers.
In this PPT you can learn a firewall and types which help you a lot and you can able to understand. So, that you must read at once I sure that you are understand
Thank you!!!
I
Cryptography Project by Aelsayed & Kyasser.pdfahmeddeath6
The document discusses firewall technologies and architectures. It begins by explaining the need for firewalls to protect internal networks from external threats. It then describes various firewall types including filtering routers, which inspect IP and TCP/UDP headers; stateful inspection, which tracks connection states; circuit gateways, which operate at the transport layer; and proxy servers, which break direct connections and mediate traffic. It provides examples of how each type of firewall works and their advantages and limitations. It also covers firewall configurations like the single-homed bastion system.
This document discusses various types of network security attacks and methods to prevent them. It covers physical access attacks, social engineering attacks, penetration attacks like scanning and malware. It also discusses attacks on the OSI and TCP/IP models like at the session, transport and network layers. Prevention methods covered include firewalls, proxies, IPSec, security policies and hardening hosts. Specific switch and router vulnerabilities are examined like ARP poisoning, SNMP, spanning tree attacks. Countermeasures for switches include BPDU guard, root guard.
This document discusses types of network monitoring including event-based alerts, packet captures, session information, and high-level statistics. It provides details on each type, such as common tools used and the information that can be obtained. It also covers topics like deploying a network monitoring system, analyzing network data, and collecting logs generated from network events.
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Tudor Damian
The payoff of successful Digital Transformation can be essential for companies engaged in highly-competitive markets. Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success.
With the emergence of the Cloud, IT risk has suffered yet another radical transformation. The past couple of years have also brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness, especially when moving to the Cloud.
Based on real-life projects and experience from recent years, this session provides a quick insight into the role that the Cloud plays within Digital Transformation initiatives, touching on challenges companies usually face when dealing with governance, security, change management & cost-control. Examples and case studies included.
Security & Compliance in the Cloud [2019]Tudor Damian
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked. While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
With the emergence of the Cloud, IT risk has suffered yet another radical transformation. The past couple of years have also brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness, especially when moving to the Cloud.
Modern cybersecurity threats, and shiny new tools to help deal with themTudor Damian
With cybersecurity threats changing rapidly, we definitely need a new set of tools to be able to prevent and address them more efficiently: malware is becoming more complex and harder to detect, malicious insider attacks are on the rise and zero-day exploits make their way to the public much quicker than before. Join this session to see how Windows Server 2016 and Windows 10 can help organizations deal with this ever-changing security ecosystem by providing them with ways to better secure their environment and data. We’ll touch on topics such as malware & threat resistance, identity & access control, virtualization-based security, configurable code integrity, remote attestation and a few others.
The state of web applications (in)security @ ITDays 2016Tudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach, especially after some of last years' heavily publicized cyber breaches. Join this session for a high-level overview on the industry trends in the area of web application security, and find out why security is bound to become a hot topic in any organization developing or using web applications.
The document provides an overview of Microsoft Azure Stack, which allows organizations to run applications and services built on Azure in their own datacenters. It discusses how Azure Stack provides a hybrid cloud that combines public Azure services with private, on-premises infrastructure. It also covers key aspects of Azure Stack including Azure Resource Manager, supported services, cloud-inspired architecture, and next steps for learning more.
2016, A new era of OS and Cloud SecurityTudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach when it comes to security, especially after some of last years’ heavily publicized incidents. Join this session for a discussion on what Microsoft is doing to protect against these new security threats with fresh approaches taken both at the server & client OS level, as well as in Azure.
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
DefCamp #5, Bucharest, November 29th
Just as a chain is as weak as its weakest link, computer systems are as vulnerable as their weakest component – and that’s rarely the technology itself, it’s more often the people using it. This is precisely why it’s usually easier to exploit people’s natural inclination to trust than it is to discover ways to hack into computer systems. As the art of manipulating people into them giving up confidential information, Social Engineering has been a hot topic for many years. This session will discuss some of the most common Social Engineering techniques and countermeasures.
Azure Site Recovery and System Center Tudor Damian
Azure Site Recovery is a cloud-based service that automates virtual machine fail-over across sites. The service integrates with Virtual Machine Manager which manages on-premises Hyper-V servers. Hyper-V Replica technology replicates virtual machine configuration and data across sites. Based on customer feedback, support for SAN replication is important. This session covers the scenarios in scope, solution architecture, and SAN integration using SMI-S.
Upgrading your Private Cloud to Windows Server 2012 R2Tudor Damian
Learn about the functionality and processes that are available to enable you to move your private cloud deployments to Windows Server 2012 R2 with zero downtime. Understand the options that are available to you and the considerations that need to be made as you determine the best path for continuing to keep your environment on the best technology available for private clouds today. This session covers the end to end approach including Hyper-V, Clustering, Storage and SCVMM.
This document summarizes new features in Microsoft's Hyper-V virtualization platform presented at the Microsoft Summit 2013. Key enhancements include support for Generation 2 virtual machines, faster live migration, online VHDX resizing, improved Linux guest support, and new capabilities for guest clustering and shared storage. Legacy devices have been removed and replaced with more efficient emulations and synthetic alternatives to reduce resource usage.
This document summarizes key capabilities and features of Hyper-V in Windows Server 2012 R2 compared to the vSphere Hypervisor and vSphere 5.5 Enterprise Plus editions. It covers areas such as scalability, security, networking, storage and infrastructure flexibility. The document provides comparisons of specific features and limitations for areas like live migration, network isolation, SR-IOV support and storage encryption.
This document discusses new features and improvements in Windows 8 including better video performance, a new Start Menu, login screen, integration with Microsoft accounts, updates to the Windows Store, Windows Explorer, support for VHD and ISO files, a new Task Manager, File History backup functionality, repair and reset options, Windows Defender antivirus software, and enhancements to the Hyper-V virtualization platform. Links are provided to Microsoft TechNet, the main Windows 8 page on Microsoft.com, and the Wikipedia page about new Windows 8 features for further information.
Linux can run on Hyper-V either through emulated or enlightened ("synthetic") drivers. The Linux Integration Services provide enlightened drivers that improve performance. Linux IS has added many features over time, such as support for additional distributions like Ubuntu, mouse integration, and PowerShell support. Converting physical Linux machines to Hyper-V virtual machines can help optimize resources.
Private cloud, the Good, the Bad and the UglyTudor Damian
The document discusses private clouds, highlighting both benefits ("the good") and challenges ("the bad" and "the ugly"). Among the benefits are improved efficiency and flexibility compared to traditional IT via capabilities like elasticity, scalability, and continuous availability. Challenges include the real costs of building and maintaining a private cloud; security concerns; and complex vendor evaluations. The document also provides an overview of private cloud components and considerations for building a successful private cloud, such as budget, architecture, hardware, and staffing needs.
Hyper-V 3.0 provides several performance, scalability, and disaster recovery improvements over previous versions. New features include Hyper-V Replica for replication between sites, VHDX and data deduplication for improved storage, and live storage migration for non-disruptive workload mobility. Networking is enhanced with extensible virtual switching, QoS, and multi-tenant isolation using technologies like GRE encapsulation and address rewrite. Management is improved through integration with System Center and PowerShell automation.
The document provides an overview of cloud computing and Microsoft's cloud offerings. It introduces the benefits of cloud computing such as efficiency and flexibility compared to traditional IT infrastructure models. It then discusses the Microsoft Web Platform including the Web Platform Installer, WebMatrix, and Razor for building web applications. Finally, it outlines several student opportunities through programs like DreamSpark, Imagine Cup, and Microsoft Student Partners for gaining access to technology and experience.
O scurta introducere in arhitectura Hyper-V R2 si Linux Integration Services v2.1, precum si o detaliere a unor solutii de management si instrumente utile in gazduirea sistemelor Linux sub Hyper-V - video screencast pe Vimeo: http://www.vimeo.com/15466169
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
4. Fair Warning
• There’s more content that we can realistically cover before lunch
• We’re only aiming for a high-level overview here, not an in-depth dive
• No need to take notes, you’ll get the slides anyway
5. IDS Evasion Techniques
Brief Overview
• From CIDF to RFC 4765
• Physical, Network and Host IDS/IPS
• NIDS design considerations & problems
Some Advanced Evasion Techniques (AETs)
• Obfuscation (Insertion, Evasion, Session Splicing, Fragmentation)
• Denial of Service (DoS) & False Positive Generation
• Pattern-Matching Weaknesses
• Protocol Violation, TTL Attacks, Urgency Flag
• Polymorphic & ASCII Shellcode
• Encryption and Tunneling
• Application Hijacking
Potential Solutions
• Normalization
• Packet Interpretation Based on Target Host
Tools & Resources
7. From CIDF to RFC 4765
• Common Intrusion Detection Framework (CIDF)
• An old (late 90s) attempt by DARPA (US govt's Defense Advanced Research
Projects Agency) to develop an IDS interchange format
• Started as a research project, currently dormant
• CIDF components that together define an Intrusion Detection System:
• E-boxes - event generators (sniffers, monitors)
• A-boxes - analysis engines (signature matchers)
• D-boxes - storage mechanisms (loggers)
• C-boxes - countermeasures (alarms, firewalls)
• The IETF (Internet Engineering Task Force)
more recently (2007) started work on a
common format (RFC 4765):
• http://www.ietf.org/rfc/rfc4765.txt
8. Physical IDS
• Security Guards
• Security Cameras
• Access Control Systems (Card, Biometric)
• Firewalls
• Man Traps
• Motion Sensors
Not talking about these today
9. Network & Host IDS/IPS
• NIDS – Network Intrusion Detection System
• Using a network tap, span port, or hub collects packets on the network
• Attempts to identify unauthorized, illicit, and anomalous behavior based on network traffic
• Methods: signature file comparisons, anomaly detection, stateful protocol analysis
• Using the captured data, the IDS system processes and flags any suspicious traffic
• HIDS – Host Intrusion Detection System
• Generally involves an agent installed on each system, monitoring and alerting on local OS and
application activity
• Attempts to identify unauthorized, illicit, and anomalous behavior on a specific device/OS
• The installed agent uses a combination of signatures, rules, and heuristics to identify
unauthorized activity
• IDS vs IPS?
• An IDS only has passive role (identify, log and alert)
• An IPS also blocks network traffic
10. NIDS Design Considerations
• Logical Target of Attacks
• Each component a potential point of vulnerability and hence attacks
• Possible Attacks on their
• “Availability” (total shutdown)
• “Accuracy” (false positives)
• “Completeness” (false negatives)
• Need to be Reliable, Robust
• Avoid false sense of security
• There’s no IDS out there with 100% accuracy
• They all generate both false positives and false negatives
11. Problems with NIDS
• Passive Network Monitors
• Inherently “fail-open”
• Cease to provide protection when subverted
• Vulnerability to Denial of Service
• Process all flows to all protected end-systems
• Being complex systems require lots of resources
• Resource starvation problem is not easily solvable
• Insufficient Information on the Wire
• Not enough to correctly reconstruct the state of complex protocol transactions like it
is done at the end-systems
• Diversity in Protocol Implementations
• Packet processing differs across end-systems
• Leads to ambiguous interpretations
• Unknown Internal Network Conditions
• Topology, router configs, traffic congestion, etc.
13. Advanced Evasion Techniques (AETs)
• Delivered in a highly liberal way
• Security devices are designed in a conservative way
• Employ rarely used protocol properties
• Use unusual combinations
• Create network traffic that disregards strict protocol specifications
• Exploit the technical and inspection limitations of security devices:
memory capacity, performance optimization, design flaws
14. Some of the most common attacks against NIDS
• Insertion
• Stuffing the analyzer with “invalid” packets
• Evasion
• Slipping “valid” packets past the analyzer
• Denial of Service (DoS)
• Causing resource starvation and overloading the IDS
• Pattern-matching weaknesses
• Exploiting pattern-based detection approach employed by most IDS
• Pattern-matching weaknesses
• Encryption and tunneling
• SSL, SSH, IPSec, etc.
• Fragmentation
• Breaking the attack into multiple packets
• Protocol violation
• Attacks targeted at complex protocol (e.g. SMB)
• File Locations and Integrity
• Circumventing triggers in HIDS
• Application Hijacking
• If done correctly few HIDS will detect it, while NIDS usually skip the application layer completely
15. Insertion
Occurs when the NIDS is less strict in processing packets than the internal network
NIDS accepts packets that the end system rejects or doesn’t even receive
Attacker’s data stream
NIDS data stream
Accepts 3rd packet which
overwrites 2nd packet data
Interprets ATXACK
End system data stream
Rejects 3rd packet for some
reason (or doesn’t even
receive it, i.e. TTL)
Interprets ATTACK
2 3 3 5 4 1 6
T T X C A A K
1 2 3 3 4 5 6
A T T X A C K
1 2 3 3 4 5 6
A T T X A C K
16. Evasion
Occurs when the NIDS is more strict in processing packets than the internal network
An end-system can accept packets that the NIDS rejects
Attacker’s data stream
NIDS data stream
Rejects 3rd packet for some
reason and sees ATXACK
End system data stream
Accepts 3rd packet which
overwrites 2nd packet
Interprets ATTACK
2 3 3 5 4 1 6
T X T C A A K
1 2 3 3 4 5 6
A T X T A C K
1 2 3 3 4 5 6
A T X T A C K
17. Real insertion / evasion attacks
• Mostly exploit basic network and protocol ambiguities at the NIDS
• Ambiguous interpretation of header fields
• Ambiguous handling of header options
• Ambiguous fragment/segment reassembly
• NIDS and the end-system get different views of the same data stream
• Ambiguities cause NIDS to accept/reject packets differently than the end-systems
• Differences in protocol implementations
• Non-conformance to Protocol Standards
• Every OS has a different protocol stack
• End-system and router configurations
• Application/Socket level options
18. NIDS ambiguities - examples
Related field Ambiguity (problem) for the NIDS
TTL Will the packet reach the end-system before TTL becomes 0?
Length, DF
Will all downstream links be able to transmit this big packet
without fragmenting it (Don’t Fragment -DF- bit set)?
IP Option(s)
Will the end-system/routers accept packet with specific IP option(s)?
E.g. (Strict) Source Route option
TCP Option(s) Will the end-system accept packets with specific TCP option(s)?
Data Will the end-system accept data in a SYN packet?
ToS Does the packet conform to all internal routers (DiffServ)?
IP Frag Offset How will the end-system reassemble overlapping fragments?
TCP Seq No How will the end-system reassemble overlapping segments?
19. Session Splicing
• Technique used to bypass IDS where an attacker splits the attack traffic
into many packets such that no single packet triggers the IDS
• It is effective against IDS-es that do not reconstruct packets before checking them
again through intrusion signatures
• If attackers are aware of delays in packet reassembly at the IDS, they can
add delays between packet transmissions to bypass the reassembly
• Many IDS-es stop reassembly if they do not receive packets within a certain time
• IDS-es become useless if the target host keeps sessions active for a longer time
than the IDS reassembly time
• Any attack attempt after a successful splicing attack will not be logged by
the IDS
20. Fragmentation
• Similar to Session Splicing
• Attackers send packets in blocks that do not trigger IDS signatures or cause alerts
• Generally more powerful than Session Splicing
• Two common fragmentation methods
• One method overwrites a section of a previous fragment
• The second method overwrites a complete fragment
• Enables attackers to write an entire packet of garbage information and
craft their attack to blend in with standard protocols
• Some IDSs do have ways to handle these attacks through reassembly
21. Fragmentation - examples
Attack 1: Overlap Method
• Packet 1: GET /cgi-bin/
• Packet 2: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../phxx
• Packet 3: f?
• This example of fragmentation can overwrite the 'xx' portion of Packet 2 with the data in
Packet 3, making the information resemble the following:
• GET /cgi-bin/ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../phf?
Attack 2: Overwrite Method
• Packet 1: GET /cgi-bin/
• Packet 2: some_normal_filename.cgi
• Packet 3: /aaa/../aaa/../aaa/../phxx
• Packet 4: f?
• This example is similar to the first, but in this example, the 'xx' portion is overwritten and
the some_normal_filename.cgi packet is completely overwritten with the last two packets
• This leaves GET /cgi-bin/phf? as the end result.
22. Denial of Service (DoS) & False Positive Generation
• Basic problem
• NIDS needs to simulate the operation of all protected end-systems and internal
network
• Scarce Resources (CPU cycles, memory, disk space, bandwidth)
• Usually working in a “fail-open” state
• CPU DoS (target computationally expensive operations)
• Fragment/Segment reassembly
• Encryption/Decryption
• Memory DoS (target state management operations)
• TCP 3-way Handshake (TCP Control Block - TCB)
• Fragment/Segment reassembly
• Network Bandwidth DoS (target NIDS’s inability to process packets at line speed)
• Reactive Systems DoS
• Trigger lots of alarms (false positives)
• Prevent valid access by spoofed addresses
• Hide real attacks
23. Pattern-Matching Weaknesses
• Most IDS solutions employ a pattern-based detection component
• This approach is problematic, because not all input needs to be the same to
trigger vulnerabilities
• Example pattern:
• GET /cgi-bin/phf?
• Obfuscation:
• GET /cgi-bin/aaaaaaaaaaaaaaaaaaaaaaaaaa/..%25%2fp%68f?
• Both versions result in the same output, yet look very different
• Unicode evasion can also be used here
• e.g. can be represented as 5C, C19C and E0819C
24. Protocol Violation
• Attacks can be targeted at complex protocols
• e.g. SMB (Server Message Block), MSRPC, SunRPC
• In order to provide protection to a complex protocol, the IDS has to have
a deep understanding of it
• The IDS implementation also needs to be
• Fault-tolerant
• Resilient
• Able to cope with excessive and unexpected connections and requests
25. TTL Attacks
• For TTL attacks, attackers must have some knowledge of the internal network topology
• Attackers must know the distance to the end host and whether an IDS is placed in front of the
end host
• By using a small TTL flag in a TCP packet, attackers can send packets that will only reach
the IDS and not the end host
• The IDS, in turn, will think the packet addressed to the end host will make it there
• This allows attackers to inject garbage packets into the IDS stream processing
• Example:
• Packet 1: GET /cgi-bin/p TTL 15
• Packet 2: some_file.cgi?= TTL 10
• Packet 3: hf? TTL 15
• This assumes that the end host is beyond the 15 TTL limit and will receive the data
• It also assumes that the IDS is within the 10-14 TTL limit, and any data lower than that
will not reach the destination host
• The IDS receives "GET /cgi-bin/psome_file.cgi?=hf?"
• The end host will receive "GET /cgi-bin/phf?"
26. Urgency Flag
• The urgency flag is used within the TCP protocol to mark data as urgent
• When the urgency flag is set, all data before the urgency pointer is ignored, and the data to
which the urgency pointer points is processed
• Some IDSs do not take into account the TCP protocol's urgency feature
• Attackers can place garbage data before the urgency pointer
• The IDS reads that data without consideration for the end host's urgency flag handling
• This means the IDS has more data than the end host actually processed
• Example of an urgency flag attack:
• "1 Byte data, next to Urgent data, will be lost, when Urgent data and normal data are
combined."
• Packet 1: ABC
• Packet 2: DEF Urgency Pointer: 3
• Packet 3: GHI
• End result: ABCDEFHI
• According to the 1122 RFC, the urgency pointer causes one byte of data next to the
urgent data to be lost when urgent data is combined with normal data
27. Polymorphic Shellcode
• Most IDSs contain signatures for commonly used strings within shellcode
• This is easily bypassed by using encoded shellcode containing a stub that
decodes the shellcode that follows
• This means that shellcode can be completely different each time it is sent
• Polymorphic shellcode allows attackers to hide their shellcode by
encrypting it in a simplistic form
• It is difficult for IDSs to identify this data as shellcode
• This method also hides the commonly used strings within shellcode,
making shellcode signatures useless
28. ASCII Shellcode
• Similar to polymorphic shellcode
• ASCII shellcode contains only characters contained within the ASCII standard
• This helps attackers bypass IDS pattern matching signatures as strings are
hidden within the shellcode in a similar fashion to polymorphic shellcode
• The following is an ASCII shellcode example:
char shellcode[] =
"LLLLYhb0pLX5b0pLHSSPPWQPPaPWSUTBRDJfh5tDS"
"RajYX0Dka0TkafhN9fYf1Lkb0TkdjfY0Lkf0Tkgfh"
"6rfYf1Lki0tkkh95h8Y1LkmjpY0Lkq0tkrh2wnuX1"
"Dks0tkwjfX0Dkx0tkx0tkyCjnY0LkzC0TkzCCjtX0"
"DkzC0tkzCj3X0Dkz0TkzC0tkzChjG3IY1LkzCCCC0"
"tkzChpfcMX1DkzCCCC0tkzCh4pCnY1Lkz1TkzCCCC"
"fhJGfXf1Dkzf1tkzCCjHX0DkzCCCCjvY0LkzCCCjd"
"X0DkzC0TkzCjWX0Dkz0TkzCjdX0DkzCjXY0Lkz0tk"
"zMdgvvn9F1r8F55h8pG9wnuvjrNfrVx2LGkG3IDpf"
"cM2KgmnJGgbinYshdvD9d";
• When executed, the shellcode above executes a "/bin/sh" shell
29. Encryption and Tunneling
• When the attacker manages to establish an encrypted tunnel to the
target, IDS-es are evaded completely
• Any sort of encrypted connection/tunneling works
• SSH
• SSL
• IPSec
• RDP
• etc.
30. Application Hijacking
• Application layer attacks enable many different forms of evasion
• Many applications that deal with media such as images, video and audio
employ some form of compression
• When a flaw is found in these applications, the entire attack can occur
within compressed data, and the IDS will have no way to check the
compressed file format for signatures
32. Normalization
• Normalization takes obfuscated input and attempts to translate it into what the
end host will eventually see
• This usually entails encoding in formats such as Unicode and UTF8
• The normalization process allows for encoding, translation and the application of
pattern matching to the normalized data
• Prevents attackers from obfuscating the attack strings using Unicode or UTF8 strings
• Polymorphic shellcode & ASCII shellcode could circumvent this
• Some IDSs are attempting to apply normalization to polymorphic shellcode
• CPU intensive, which affects monitoring for the remaining network traffic
• Normalization also applies to network data
• Some IDSs normalize fragmented packets and reassemble them in the proper order
• This enables the IDS to look at the information just as the end host will see it
• In addition, some IDSs change the TTL field to a large number
• This ensures that packets reach the end host
33. Packet Interpretation Based on Target Host
• IDS-es are at a disadvantage
• These systems attempt to recreate what the end host will see and handle
• There are a lot of disparate methods of communicating data over a network
• The end host's TCP/IP stack should be used (host-based IDS)
• Better than trying to recreate the stream in a way that the stream may be handled
• In using the host to do the work, the guessing portion of the task is eliminated
• Another option: using modular TCP/IP stacks within an IDS
• Using the stacks based on the targeted host's operating system.
• Specific OS handling of anomalous traffic must be thoroughly reviewed
• Effective in mitigating fragmentation, RST packet handling and Urgency Flags
38. Upcoming Public Courses
IT Security Awareness Seminar & Web Application Security Seminar
Bucharest, 10-11 December 2015
Troubleshooting Windows Infrastructure - From Zero to Hero Masterclass
Bucharest, 11-15 January 2016
Paula Januszkiewicz is an IT Security Auditor and Penetration Tester, Enterprise Security
MVP and trainer (MCT) and Microsoft Security Trusted Advisor. She is also a top-speaker
on many well-known conferences (for example: TechEd North America, TechEd Europe,
TechEd Middle East, RSA, TechDays, CyberCrime etc.) and writes articles on Windows
Security. She proudly holds the role of the Security Architect at IDesign and she drives
her own company CQURE. She conducted hundreds of IT security audits and penetration
tests, including governmental organizations. Her distinct specialization is definitely on
Microsoft security solutions in which she holds multiple Microsoft certifications (MCITP,
MCTS, MCSE, MCDBA etc.) besides being familiar and possessing certifications with
other related technologies. Paula is passionate about sharing her knowledge with others.
In private, she enjoys researching new technologies, which she converts to authored
trainings. She has access to a source code of Windows.