MITRE ATT&CK framework is about the framework that is followed by Threat Hunters, Threat Analysts for Threat Modelling purpose, which can be use for Adversary Emulation and Attack Defense. Cybersecurity Analyst widely use it for framing the attack through its various used Tactics and Techniques.
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Penetration Testing vs. Vulnerability ScanningSecurityMetrics
For more info on pen testing: securitymetrics.com/sm/pub/penetrationtesting
For more info on vulnerability scanning: securitymetrics.com/sm/pub/vulnerabilityscanning
Even the most experienced administrators may fail to implement the latest secure practices at your business. The easiest and most accurate ways to discover if your business is secure enough to withstand a hack is to test it through the eyes of a hacker. An ethical hacker is simply a computer bodyguard that manually examines a business environment for weaknesses via a penetration test, and determines which weaknesses he can exploit. Discover how penetration testers search for vulnerabilities by using the latest hacking techniques, and learn how to baton down your organizational hatches with penetration testing and vulnerability scanning.
MITRE ATT&CK framework is about the framework that is followed by Threat Hunters, Threat Analysts for Threat Modelling purpose, which can be use for Adversary Emulation and Attack Defense. Cybersecurity Analyst widely use it for framing the attack through its various used Tactics and Techniques.
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Penetration Testing vs. Vulnerability ScanningSecurityMetrics
For more info on pen testing: securitymetrics.com/sm/pub/penetrationtesting
For more info on vulnerability scanning: securitymetrics.com/sm/pub/vulnerabilityscanning
Even the most experienced administrators may fail to implement the latest secure practices at your business. The easiest and most accurate ways to discover if your business is secure enough to withstand a hack is to test it through the eyes of a hacker. An ethical hacker is simply a computer bodyguard that manually examines a business environment for weaknesses via a penetration test, and determines which weaknesses he can exploit. Discover how penetration testers search for vulnerabilities by using the latest hacking techniques, and learn how to baton down your organizational hatches with penetration testing and vulnerability scanning.
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for OrganizationsDigital Shadows
A recent indictment revealed how the GRU (Russia’s Military Intelligence agency) used both influence operations and network intrusions to achieve its policy aims. More precisely, the GRU weaponized the use of the network intrusions in its influence operations. We have used the MITRE ATT&CK framework as our methodology to play back the findings of the indictment. In doing so, we aim to provide key lessons organizations can take away from this indictment.
VAPT defines the security measures that are supposed to be put in place to address cyber threats. There are plenty of strategies that can be adopted in Pen Testing which include Black Box Pen Test, White Box Pen Text, Hidden Pen Test, Internal Pen Test, and Gray Box Testing. It is mandatory that VAPT is conducted in order to deter cyber-attacks that are on the upsurge daily. These VAPT ranges from Mobile, Network Penetration Testing, and Vulnerability Assessments.
There are many merits to VAPT in your business which include early error detection in program codes which will prevent cyber attacks. Most companies lose billions of dollars due to cyber-attacks. With VAPT, it guarantees that all loopholes are tightened before an intrusion transpires.
Kill Chain Model for Use Cases Assist in Incident Response
1- Situational Awareness
Outbound Protocols
Outbound protocols by size
Top destination Countries
Top destination Countries by size
2- Reconnaissance
Port scan activity
ICMP query
3- Weaponization and Delivery
Injection
Cross Site Scripting
Cross Site Request Forgery
Failure to Restrict URL
Downloaded binaries
Top email subjects
Domains mismatching
Malicious or anomalous Office/Java/Adobe files
Suspicious Web pages (iframe + [pdf|html|js])
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
NGAV is the natural (and much needed) evolution of traditional AV that protects computers from the full spectrum of modern cyber attacks, delivering the best endpoint protection with the least amount of work. NGAV speaks to a fundamentally different technical approach in the way malicious activity is detected and blocked.
The easiest and most accurate way to discover if a business is protected enough to withstand a hack is to test it through the eyes of an (ethical) hacker. Ethical hackers, or penetration testers, act as computer detectives who manually examine a business environment for exploitable weaknesses. This presentation will discuss the importance of ensuring a business network receives the security check-ups it requires to maintain a healthy security posture.
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for OrganizationsDigital Shadows
A recent indictment revealed how the GRU (Russia’s Military Intelligence agency) used both influence operations and network intrusions to achieve its policy aims. More precisely, the GRU weaponized the use of the network intrusions in its influence operations. We have used the MITRE ATT&CK framework as our methodology to play back the findings of the indictment. In doing so, we aim to provide key lessons organizations can take away from this indictment.
VAPT defines the security measures that are supposed to be put in place to address cyber threats. There are plenty of strategies that can be adopted in Pen Testing which include Black Box Pen Test, White Box Pen Text, Hidden Pen Test, Internal Pen Test, and Gray Box Testing. It is mandatory that VAPT is conducted in order to deter cyber-attacks that are on the upsurge daily. These VAPT ranges from Mobile, Network Penetration Testing, and Vulnerability Assessments.
There are many merits to VAPT in your business which include early error detection in program codes which will prevent cyber attacks. Most companies lose billions of dollars due to cyber-attacks. With VAPT, it guarantees that all loopholes are tightened before an intrusion transpires.
Kill Chain Model for Use Cases Assist in Incident Response
1- Situational Awareness
Outbound Protocols
Outbound protocols by size
Top destination Countries
Top destination Countries by size
2- Reconnaissance
Port scan activity
ICMP query
3- Weaponization and Delivery
Injection
Cross Site Scripting
Cross Site Request Forgery
Failure to Restrict URL
Downloaded binaries
Top email subjects
Domains mismatching
Malicious or anomalous Office/Java/Adobe files
Suspicious Web pages (iframe + [pdf|html|js])
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
This presentation describes penetration testing with a Who, What, Where, When, and How approach. In the presentation, you may discover the common pitfalls of a bad penetration test and you could identify a better one. You should be able to recognize and differentiate both looking at the methods (attitude) and result.
NGAV is the natural (and much needed) evolution of traditional AV that protects computers from the full spectrum of modern cyber attacks, delivering the best endpoint protection with the least amount of work. NGAV speaks to a fundamentally different technical approach in the way malicious activity is detected and blocked.
The easiest and most accurate way to discover if a business is protected enough to withstand a hack is to test it through the eyes of an (ethical) hacker. Ethical hackers, or penetration testers, act as computer detectives who manually examine a business environment for exploitable weaknesses. This presentation will discuss the importance of ensuring a business network receives the security check-ups it requires to maintain a healthy security posture.
A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. Packet filter is a hardware or software designed to block or allow transmission of packets based on criteria such as port, IP address, protocol.
what is firewall in information security?ezoicxcom
what is firewall in information security?
Data & Security
what is firewall in information security?
October 21, 2023admin
A firewall can protect your Mac from unwanted contact initiated by other computers when you’re connected to the internet or a network. However, your Mac can still allow access through the firewall for some services and apps.
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
what is firewall in information security?
A firewall is a security system designed to prevent unauthorized access into or out of a computer network. Firewalls are often used to make sure internet users without access are not able to interface with private networks, or intranets, connected to the internet.
Table of Contents
1. basic packet-filtering firewalls
2. circuit-level gateways
3. application-level gateways
4. stateful inspection firewalls
5. next-generation firewalls
1. basic packet-filtering firewalls
A packet-filtering firewall is a network security feature that controls the flow of incoming and outgoing network data. The firewall examines each packet, which comprises user data and control information, and tests them according to a set of pre-established rules
the process of passing or blocking data packets at a network interface by a firewall based on source and destination addresses, ports or protocols.
the most basic type of firewall that controls data flow to and from a network.
hardware, software, and cloud-based firewalls.
A single device can filter traffic for the entire network.
Extremely fast and efficient in scanning traffic.
Inexpensive.
Minimal effect on other resources, network performance, and end-user experience.
what is firewall in information security?
2. circuit-level gateways
A circuit-level gateway is a type of firewall that operates on layer 5 of the Open Systems Interconnection (OSI) model, which is the session layer. It’s the layer responsible for providing the mechanism of initiating, managing, and closing a communication session between end-user application processes.
SOCKS, IBM Db2, and Proxy Servers
conceal the details of the protected network from the external traffic, which is helpful for interdicting access to impostors.
A proxy server is also called a circuit-level firewall.
unidirectional gateways and bidirectional gateways.
receives the request sent by a client to establish a TCP connection.
what is firewall in information security?
3. application-level gateways
Application-level gateways (ALGs) are application-specific translation agents that allow an application (like VOIP) on a host in one address realm to connect to its counterpart running on a host in a different realm transparently.
Application gateways can be used to deny access to the resources of private networks to distrusted clients over the web
An application layer gateway—also known as an application proxy gate
Tools and Mechanisms for Network Security in an Organization.
Physical Security, Administrative Security and Technical Security measures have been described.
Security Testing Tools are Nessus, THC Hydra, Kismet, Nikto, WireShark and NMAP.
what is firewall in information security?haq107457
what is firewall in information security?
Data & Security
what is firewall in information security?
October 21, 2023admin
A firewall can protect your Mac from unwanted contact initiated by other computers when you’re connected to the internet or a network. However, your Mac can still allow access through the firewall for some services and apps.
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
what is firewall in information security?
A firewall is a security system designed to prevent unauthorized access into or out of a computer network. Firewalls are often used to make sure internet users without access are not able to interface with private networks, or intranets, connected to the internet.
Table of Contents
1. basic packet-filtering firewalls
2. circuit-level gateways
3. application-level gateways
4. stateful inspection firewalls
5. next-generation firewalls
1. basic packet-filtering firewalls
A packet-filtering firewall is a network security feature that controls the flow of incoming and outgoing network data. The firewall examines each packet, which comprises user data and control information, and tests them according to a set of pre-established rules
the process of passing or blocking data packets at a network interface by a firewall based on source and destination addresses, ports or protocols.
the most basic type of firewall that controls data flow to and from a network.
hardware, software, and cloud-based firewalls.
A single device can filter traffic for the entire network.
Extremely fast and efficient in scanning traffic.
Inexpensive.
Minimal effect on other resources, network performance, and end-user experience.
what is firewall in information security?
2. circuit-level gateways
A circuit-level gateway is a type of firewall that operates on layer 5 of the Open Systems Interconnection (OSI) model, which is the session layer. It’s the layer responsible for providing the mechanism of initiating, managing, and closing a communication session between end-user application processes.
SOCKS, IBM Db2, and Proxy Servers
conceal the details of the protected network from the external traffic, which is helpful for interdicting access to impostors.
A proxy server is also called a circuit-level firewall.
unidirectional gateways and bidirectional gateways.
receives the request sent by a client to establish a TCP connection.
what is firewall in information security?
3. application-level gateways
Application-level gateways (ALGs) are application-specific translation agents that allow an application (like VOIP) on a host in one address realm to connect to its counterpart running on a host in a different realm transparently.
Application gateways can be used to deny access to the resources of private networks to distrusted clients over the web
An application layer gateway—also known as an application proxy gat
2.
· Unshielded Twisted Pair (UTP) Cables
· Shielded Twisted Pair (STP) Cable
· Coaxial Cable
· Fiber Optic Cable
· Cable Installation Guides
· Unshielded Twisted Pair (UTP) Cable
3. In this network we will use CAT5 and CAT6 patch. These closets should be used in the server room of the location at Atlanta location and we shall also create one at the Cincinati location due to the big number of hanging wires that we shall use.
4. Wireless networks are much more susceptible to unauthorized use than cabled networks. We should encrypt the network by putting a password to keep out unauthorized access that may lead to network attacks.
I recommend that we turn off all the remote control related features because hackers at times try to breach our network wirelessly. For an intrusion to occur, it can either be from within the organization or even other breaches that come from outside the organization.
I recommend that we put in place packet sniffing measures in our network in order to detect any attacks that are targeted to our network. These may include worms, Trojan horses, botnet, malicious malware etc. The packet sniffers will help us identify when someone is trying to hack into the network.
I also recommend network segmentation where by the network is split into different classifications. This eases the placing of security levels and policies on the network.
We should also put in place physical security in order to curb problems like break-ins in to the server rooms by attackers especially those working in the organization. We should do this by putting in place some policies and levels of restriction because it can lead to data loss.
We should put in place a Virtual Private Network. A virtual private network encrypts the connection from an endpoint to a network, often over the Internet. Typically, a remote-access VPN uses SSL to authenticate the communication between the devices and network.
I also recommend the use of firewalls in the network security module. Firewalls put up a barrier between your trusted internal network and untrusted outside networks, such as the Internet. They use a set of defined rules to block or to allow traffic. A firewall can be software, hardware, or both.
I also recommend the use of access control measures for example passwords, finger print scans, iris scans etc. Not every user should have access to your network. To protect yourself from potential attacks, you need to recognize each user and each device. Then you can enforce your security policies. You can also block out the noncompliant end-point devices or provide them with limited access. This process is referred to as network access control (NAC).
6. I recommend the use of an access server. An access server acts as a concentration point for dial-in and dial-out connections which is perfect for our network model.
I recommend the used of WAN Switch. A WAN switch is a multiport internetworking device used in carrier networks. These can be used to connect de.
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
An Intrusion Detection System (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system.
Running Head Security Assessment Repot (SAR) .docxSUBHI7
Running Head: Security Assessment Repot (SAR) 1
Security Assessment Report (SAR) 27
Intentionally left blank
Security Assessment Report (SAR)
CHOICE OF ORGANIZATION IS UNIVERSITY OF MARYLAND MEDICAL CENTER (UMMC) OR A FICTITIUOS ORGANIZATION (BE CREATIVE)
Introduction
· Research into OPM security breach.
· What prompts this assessment exercise in our choice of organization? “but we have a bit of an emergency. There's been a security breach at the Office of Personnel Management. need to make sure it doesn't happen again.
· What were the hackers able to do? OPM OIG report and found that the hackers were able to gain access through compromised credentials
· How could it have been averted? A) security breach could have been prevented, if the Office of Personnel Management, or OPM, had abided by previous auditing reports and security findings.b) access to the databases could have been prevented by implementing various encryption schemas and c) could have been identified after running regularly scheduled scans of the systems.
Organization
· Describe the background of your organization, including the purpose, organizational structure,
· Diagram of the network system that includes LAN, WAN, and systems (use the OPM systems model of LAN side networks), the intra-network, and WAN side networks, the inter-net.
· Identify the boundaries that separate the inner networks from the outside networks.
· include a description of how these platforms are implemented in your organization: common computing platforms, cloud computing, distributed computing, centralized computing, secure programming fundamentals (cite references)
Threats Identification
Start Reading: Impact of Threats
The main threats to information system (IS) security are physical events such as natural disasters, employees and consultants, suppliers and vendors, e-mail attachments and viruses, and intruders.
Physical events such as fires, earthquakes, and hurricanes can cause damage to IT systems. The cost of this damage is not restricted to the costs of repairs or new hardware and software. Even a seemingly simple incident such as a short circuit can have a ripple effect and cost thousands of dollars in lost earnings.
Employees and consultants; In terms of severity of impact, employees and consultants working within the organization can cause the worst damage. Insiders have the most detailed knowledge of how the information systems are being used. They know what data is valuable and how to get it without creating tracks.
Suppliers and vendors; Organizations cannot avoid exchanging information with vendors, suppliers, business partners, and customers. However, the granting of access rights to any IS or network, if not done at the proper level—that is, at the least level of privilege—can leave the IS or ne ...
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
2. INTRODUCTION
• Infosec is practice of protecting information from unauthorized access, misuse,
exposure, destruction, modification.
• Confidentiality, integrity and availability, also known as the CIA triad, is a
model designed to guide policies for information security within an
organization.
° Confidentiality: Only authorized user should access the data
° Integrity: Data should not be altered/modified
° Availability: Data should be available all the time, backup is essential.
2BHUSHAN GURAV
3. TYPES OF HACKER
• Black Hat: breaks into computer system for illegal purposes & personal gain
• White Hat: ethical hacker who has permission to hack system
• Gray Hat: Illegally hack into a system but not for personal gains. Can hack to
show his hacking skills or to prove system vulnerabilities.
• Script Kiddies: Unskilled hacker who breaks into system by using script
or tools written by others
• Hacktivists: Hacks system or network for political cause or political message
3BHUSHAN GURAV
4. TYPES OF TESTING
Black Box Gray Box White Box
Testing done without any
knowledge about the internals of
the system
Testing done with partial
knowledge about the internals of
the system
Testing done with proper
knowledge about inetrnals of the
system
Based on external specifications Based on knowledge of algorithm,
interal states, architecture
Based on detailed design and
knowledge of the internal logic of
an application code
Process is least exhastive, time
cosuming
Process is partly exhaustive and
time consuming
Process is most exhaustive and
time consuming
4BHUSHAN GURAV
5. NETWORK SECURITY
Switches:
Port Security: It can be achived by MAC binding. MAC
binding is process of mapping each physical address with
its logical address. Such measure is taken in order to keep
ports secured, if invalid mac address detected on switch
port, then it can be blocked.
Routers:
Access Control List (ACL): In order to allow trusted traffic to
and from network, ACL rules are implemented. ACLs are of
two types:
Standard ACL: Filtering traffic based on source address.
ACL numbers 1-99 and 1300-1999
Extended ACL: Filtering traffic based on source, destination
address, port numbers, protocols, etc
ACL numbers 101-199 and 2000-2699 5BHUSHAN GURAV
6. FIREWALL
Hardware Firewall Software Firewall
Expensive Comaparatively cheaper
Complex Simple
Difficult to upgrade Easy to upgrade
Difficult to configure Easy to install
Suitable for larger organiztions Ideal for individual users or small
businesses
6BHUSHAN GURAV
7. TYPES OF FIREWALL
• Packet filter firewalls: Filters data packets by checking packet headers
(metadata) and depending on set rules, accepts and discards the packets.
They are also known as network layer firewall as they work on network layer
only. It is also known as stateless firewall.
• Stateful multilayer inspection firewall: It keeps information about packet state
in a table called state table. This firewalls filter packets at the network layer,
determines if a packet is from a legitimate source or not and then evaluates
packet contents at the application layer. The state of packet is determined by
checking if packet is start of a new connection or part of existing one. If it is
neither of two, it is discarded.
7BHUSHAN GURAV
8. • Circuit level gateway firewall: It works at the network as well as transport
layer of the OSI model. It maintains a table of established connections ,
allowing data to pas when session information matches an entry in the table.
It's a stateful firewall as it maintains connection information. After completion
of a session, firewall removes its entry and all the associated entry in table
and closed the circuit this session used. They determine if session is legitimate
or not by the TCP handshake between data packets.
8BHUSHAN GURAV
9. • Application level gateway firewall: This type of firewall not only checks the
metadata of packet but also the actual data. These firewalls understand the
working of application layer protocols like HTTP, FTP, etc and hence
determines if the packet is valid or not. It performs additional access control
checking and logging. It operates at the application layer. It would work only
for protocols for which it is configured.
9BHUSHAN GURAV
10. IDS/IPS
A firewall filters traffic based on access rules that are configured on a firewall.
IDS/IPS analyzes traffic in more detail and are intelligent as compared to a firewall.
• Intrusion Detection System (IDS): IDS monitors network traffic for malicious activity
and detects an intrusion, logs information about the activity and reports the activity.
IDS uses two types of techniques Signature based IDS & Anomaly based IDS.
• Intusion Prevention System (IPS): IPS identifies malicious activity, logs information
about this activity, tries to prevent it (dropping the mailicious packets/blocking traffic
from particular IP) and reports this activity to administrator.
10BHUSHAN GURAV
11. • Signature based IDS: This will monitor traffic on the network and compare
them against a database of signatures. But, if there is new type of attack on
the network for which there is no signature in the signature database, the
attack attack can not be detected.
• Anomaly based IDS: This will monitor traffic on the network based on its
behavior. The behavior is defined by many factors such as bandwidth,
protocols, ports and devices used. Here, the system detects any type of
activity that falls out of normal system operation. The chances of false
positives are more as the system can log a normal activity as an attack, if it
matches defined attack behavior.
11BHUSHAN GURAV