SlideShare a Scribd company logo

infoAssurance (1).pptx

Download as PPTX, PDF
S
StevenJoeBiago

Cyber Incident response

Data & Analytics
1 of 16
CYBER INCIDENT RESPONSE Presented by: Biago, Steven Joe R. Ocado, Maria Concepcion L.
Content Discussion: 1. Incident Classification 2. Network Event monitoring 3. Network Monitoring Tools 4. Detecting Network Events
INCIDENT CLASSIFICATION Incident classification is the classification of the method(s) used by an attacker through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. An incident can cover one or more types of incident classification as described as follows. ○ Spam ○ System Compromise ○ Scan ○ Denial of Service ○ Copyright Issue ○ Phishing ○ Malware ○ XSS ○ Vulnerability ○ Fastflux ○ SQL Injection ○ Information Leak ○ Scam ○ Cryptojacking ○ Locker ○ Screenlocker ○ Wiper
All incidents that are processed by the information security response team shall be classified by the information security response team. Incident classification informs those involved of the severity and impact of the incident, and ensures that the incident receives the appropriate level of attention. Classification also ensures that the incident is reported to management in a timely manner. INCIDENT CLASSIFICATION
NETWORK EVENT MONITORING Event monitoring in networking is the process of collecting, analyzing, and signaling event occurrences to operating system processes, active database rules, and human operators. These event occurrences may stem from software or hardware like operating systems, database management systems, application software, and processors.
● The following occurrences may be designated as events for reporting purposes: ○ Changes to a system’s hardware inventory ○ Changes to a system’s software inventory ○ Application access failures ○ Failed login attempts ○ Job failures ○ Connection failures ○ No device response to polls ○ Disabled protocols
NETWORK EVENT MONITORING Common Network Devices to Monitor ● Routers: Routers help connect networks via the internet. ● Switches: Switches help connect devices such as servers, computers, printers, and more. Monitoring switches is critical to ensure network health and performance. It’s also essential to monitor traffic and hardware through the switch. ● Firewalls: The role of a firewall is to protect the network by controlling incoming and outgoing traffic. ● Servers: Server monitoring helps provide information about the network, data usage, and more.
What do network monitoring tools do? Network monitoring tools collect data in some form from active network devices, such as routers, switches, load balancers, servers, firewalls, or dedicated probes, which they analyze to understand the condition of the network. NETWORK MONITORING TOOLS What are network monitoring tools? Network monitoring tools gather and analyze network data to provide network administrators with information related to the status of network appliances, link saturation, active devices, the structure of network traffic or the sources of network problems and traffic anomalies
NETWORK MONITORING SOFTWARE TOOLS 1. Port Scanners ● Gather information across the network - No special permissions requires ● Determine up/down status - Ping or Address Resolution Protocol (ARP) ● Check for open ports - May indicate available services ● Scan Operating System - Determine without logging in ● Scan services - Version information
2. Interface Monitoring ● Up or down - The most important statistic - No special rights or permissions required - Green is good, red is bad ● Alarming and Alerting - Notification in an interface fail to report - Email, SMS ● Short-term and long-term reporting - View availability over time ● Not focused on additional details - Additional monitoring may require SNMP
3. Packet Flow Monitoring ● Gather traffic statistics - Metadata of actual traffic flows ● NetFlow (v5 and v9 are most common) - Standard collection method - Many products and options ● Probe and collector - Probe watches network communication - Summary records are sent to the collector ● Usually a separate reporting application - Closely tied to the collector
4. Simple Network Management Protocol (SNMP) - A database of data (MIB) ● SNMP versions - v1 = The original - Structured tables, in-the-clear - v2 = a good step ahead - Data type enhancement, bulk transfer, still in-the-clear - v3 = The new standard - Message integrity, authentication, encryption ● SNMP information can be very detailed - Access should be very limited
DETECTING NETWORK EVENTS A network-based intrusion detection system is designed to help organizations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic.
● NIDS and NIPS ○ Network Intrusion Detection System/ Network Intrusion Prevention System ■ Watch network traffic ● Intrusions ○ Exploits against operating systems, applications, etc. ○ Buffer overflows, cross-site scripting, other vulnerabilities ● Detection vs. Prevention ○ Detection - Alarm or alert ○ Prevention - Stop it before it gets into the network
Thank You!

Recommended

BSIT3CD_Continuation of Cyber incident response (1).pdf
BSIT3CD_Continuation of Cyber incident response (1).pdfBSIT3CD_Continuation of Cyber incident response (1).pdf
BSIT3CD_Continuation of Cyber incident response (1).pdfStevenJoeBiago
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdftalkaton
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxtalkaton
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
Network management
Network managementNetwork management
Network managementMohd Arif
 
Identify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfIdentify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfMeresa Hiluf`
 

Recommended

BSIT3CD_Continuation of Cyber incident response (1).pdf
BSIT3CD_Continuation of Cyber incident response (1).pdfBSIT3CD_Continuation of Cyber incident response (1).pdf
BSIT3CD_Continuation of Cyber incident response (1).pdfStevenJoeBiago
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdftalkaton
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxtalkaton
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
Network management
Network managementNetwork management
Network managementMohd Arif
 
Identify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfIdentify and Resolve Ntwork Problems.pdf
Identify and Resolve Ntwork Problems.pdfMeresa Hiluf`
 
Mobile fraud detection using neural networks
Mobile fraud detection using neural networksMobile fraud detection using neural networks
Mobile fraud detection using neural networksVidhya Moorthy
 
Network Forensics.pdf
Network Forensics.pdfNetwork Forensics.pdf
Network Forensics.pdfShivamSolanki53
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfAschalewAyele2
 
Network Security
Network SecurityNetwork Security
Network SecurityIlhamMohomed1
 
1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.ppt1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.pptFarid Er
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxSUBHI7
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cyclepenetration Tester
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibilityedwardstudyemai
 
Resove network problem.pptx
Resove network problem.pptxResove network problem.pptx
Resove network problem.pptxTadeseBeyene
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotServicePilot
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsTom Kopko
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning projectRishu Seth
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)Zara Nawaz
 
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSVTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSvtunotesbysree
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一ffjhghh
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceSapana Sha
 

More Related Content

Similar to infoAssurance (1).pptx

Mobile fraud detection using neural networks
Mobile fraud detection using neural networksMobile fraud detection using neural networks
Mobile fraud detection using neural networksVidhya Moorthy
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfAschalewAyele2
 
1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.ppt1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.pptFarid Er
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxSUBHI7
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
Resove network problem.pptx
Resove network problem.pptxResove network problem.pptx
Resove network problem.pptxTadeseBeyene
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotServicePilot
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsTom Kopko
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning projectRishu Seth
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)Zara Nawaz
 
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSVTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSvtunotesbysree
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 

Similar to infoAssurance (1).pptx (20)

Mobile fraud detection using neural networks
Mobile fraud detection using neural networksMobile fraud detection using neural networks
Mobile fraud detection using neural networks
 
Network Forensics.pdf
Network Forensics.pdfNetwork Forensics.pdf
Network Forensics.pdf
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdf
 
Network Security
Network SecurityNetwork Security
Network Security
 
1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.ppt1. Network monitoring and measurement-2.ppt
1. Network monitoring and measurement-2.ppt
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - III
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Resove network problem.pptx
Resove network problem.pptxResove network problem.pptx
Resove network problem.pptx
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptx
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilot
 
Gigamon - Network Visibility Solutions
Gigamon - Network Visibility SolutionsGigamon - Network Visibility Solutions
Gigamon - Network Visibility Solutions
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning project
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)
 
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSVTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERS
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 

Recently uploaded

定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一ffjhghh
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceSapana Sha
 
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad EscortsCall girls in Ahmedabad High profile
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsappssapnasaifi408
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 
VidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxVidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxolyaivanovalion
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxStephen266013
 
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Callshivangimorya083
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSAishani27
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130Suhani Kapoor
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxolyaivanovalion
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationshipsccctableauusergroup
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...Suhani Kapoor
 
Unveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystUnveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystSamantha Rae Coolbeth
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson
 

Recently uploaded (20)

定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
 
Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts Service
 
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts
(ISHITA) Call Girls Service Hyderabad Call Now 8617697112 Hyderabad Escorts
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
VidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxVidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptx
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docx
 
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICS
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
 
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptxE-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
 
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptx
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
 
Unveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystUnveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data Analyst
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 

infoAssurance (1).pptx

  • 1. CYBER INCIDENT RESPONSE Presented by: Biago, Steven Joe R. Ocado, Maria Concepcion L.
  • 2. Content Discussion: 1. Incident Classification 2. Network Event monitoring 3. Network Monitoring Tools 4. Detecting Network Events
  • 3. INCIDENT CLASSIFICATION Incident classification is the classification of the method(s) used by an attacker through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. An incident can cover one or more types of incident classification as described as follows. ○ Spam ○ System Compromise ○ Scan ○ Denial of Service ○ Copyright Issue ○ Phishing ○ Malware ○ XSS ○ Vulnerability ○ Fastflux ○ SQL Injection ○ Information Leak ○ Scam ○ Cryptojacking ○ Locker ○ Screenlocker ○ Wiper
  • 4. All incidents that are processed by the information security response team shall be classified by the information security response team. Incident classification informs those involved of the severity and impact of the incident, and ensures that the incident receives the appropriate level of attention. Classification also ensures that the incident is reported to management in a timely manner. INCIDENT CLASSIFICATION
  • 5.
  • 6. NETWORK EVENT MONITORING Event monitoring in networking is the process of collecting, analyzing, and signaling event occurrences to operating system processes, active database rules, and human operators. These event occurrences may stem from software or hardware like operating systems, database management systems, application software, and processors.
  • 7. ● The following occurrences may be designated as events for reporting purposes: ○ Changes to a system’s hardware inventory ○ Changes to a system’s software inventory ○ Application access failures ○ Failed login attempts ○ Job failures ○ Connection failures ○ No device response to polls ○ Disabled protocols
  • 8. NETWORK EVENT MONITORING Common Network Devices to Monitor ● Routers: Routers help connect networks via the internet. ● Switches: Switches help connect devices such as servers, computers, printers, and more. Monitoring switches is critical to ensure network health and performance. It’s also essential to monitor traffic and hardware through the switch. ● Firewalls: The role of a firewall is to protect the network by controlling incoming and outgoing traffic. ● Servers: Server monitoring helps provide information about the network, data usage, and more.
  • 9. What do network monitoring tools do? Network monitoring tools collect data in some form from active network devices, such as routers, switches, load balancers, servers, firewalls, or dedicated probes, which they analyze to understand the condition of the network. NETWORK MONITORING TOOLS What are network monitoring tools? Network monitoring tools gather and analyze network data to provide network administrators with information related to the status of network appliances, link saturation, active devices, the structure of network traffic or the sources of network problems and traffic anomalies
  • 10. NETWORK MONITORING SOFTWARE TOOLS 1. Port Scanners ● Gather information across the network - No special permissions requires ● Determine up/down status - Ping or Address Resolution Protocol (ARP) ● Check for open ports - May indicate available services ● Scan Operating System - Determine without logging in ● Scan services - Version information
  • 11. 2. Interface Monitoring ● Up or down - The most important statistic - No special rights or permissions required - Green is good, red is bad ● Alarming and Alerting - Notification in an interface fail to report - Email, SMS ● Short-term and long-term reporting - View availability over time ● Not focused on additional details - Additional monitoring may require SNMP
  • 12. 3. Packet Flow Monitoring ● Gather traffic statistics - Metadata of actual traffic flows ● NetFlow (v5 and v9 are most common) - Standard collection method - Many products and options ● Probe and collector - Probe watches network communication - Summary records are sent to the collector ● Usually a separate reporting application - Closely tied to the collector
  • 13. 4. Simple Network Management Protocol (SNMP) - A database of data (MIB) ● SNMP versions - v1 = The original - Structured tables, in-the-clear - v2 = a good step ahead - Data type enhancement, bulk transfer, still in-the-clear - v3 = The new standard - Message integrity, authentication, encryption ● SNMP information can be very detailed - Access should be very limited
  • 14. DETECTING NETWORK EVENTS A network-based intrusion detection system is designed to help organizations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic.
  • 15. ● NIDS and NIPS ○ Network Intrusion Detection System/ Network Intrusion Prevention System ■ Watch network traffic ● Intrusions ○ Exploits against operating systems, applications, etc. ○ Buffer overflows, cross-site scripting, other vulnerabilities ● Detection vs. Prevention ○ Detection - Alarm or alert ○ Prevention - Stop it before it gets into the network