SlideShare a Scribd company logo

Infrastructure security & Incident Management

Download as PPTX, PDF
N
nullowaspmumbai

Infrastructure security & Incident Management

Technology
1 of 30
INFRASTRUCTURE SECURITY& INCIDENT MANAGEMENT BY : MOHNISH SINGH
NETWORK SECURITY DEVICE ROLES
FIREWALL  A choke point of control and monitoring  Interconnects networks with differing trust  Imposes restrictions on network services  only authorized traffic is allowed  Auditing and controlling access  can implement alarms for abnormal behaviour  Itself immune to penetration  Provides perimeter defence
STATEFULL FILTERING
ROUTERSAND SWITCHES
802.1x
Load balancer
Load balancer  SLB  Gets user to needed resource:  Server must be available  User’s “session” must not be broken  If user must get to same resource over and over, the SLB device must ensure that happens (ie, session persistence)  In order to do work, SLB must:  Know servers – IP/port, availability  Understand details of some protocols (e.g., FTP, SIP, etc)  Network AddressTranslation, NAT:  Packets are re-written as they pass through SLB device.
Most predominant algoritms: least connections: server with fewest number of flows gets the new flow request. weighted least connections: associate a weight / strength for each server and distribute load across server farm based on the weights of all servers in the farm. round robin: round robin thru the servers in server farm. weighted round robin: give each server ‘weight’ number of flows in a row; weight is set just like it is in weighted least flows. There are other algorithms that look at or try to predict server load in determining the load of the real server. The SLB device can make its load-balancing decisions based on several factors. Some of these factors can be obtained from the packet headers (i.e., IP address, port numbers, etc.). Other factors are obtained by looking at the data beyond the network headers. Examples: HTTP Cookies HTTP URLs SSL Client certificate The decisions can be based strictly on flow counts or they can be based on knowledge of application. For some protocols, like FTP, you have to have knowledge of protocol to correctly load-balance (i.e., control and data connection must go to same physical server).
Web server gateway &WAF Web application firewalls are designed to work on the OSI layer 7 (the application layer).They are fully aware of application layer protocols such as HTTP(S) and SOAP and can analyze those requests in great detail. Compared to a layer 3/4 firewall, rules can be defined to allow/disallow certain HTTP requests like POST, PUSH, OPTIONS, etc., set limits in file transfer size or URL parameter argument length.WAF log files contain as much information as those from a web server plus the policy decisions of the filter rules (e.g. HTTP request blocked; file transfer size limit reached, etc.). AWAF provides a wealth of information for filtering and detection purposes and is thus a good place for the detection of attacks.
If the HTTP traffic is SSL encrypted (HTTPS), the NIDS might not decrypt the traffic; high traffic load can make it difficult to analyze network traffic in real time; NIDS are designed to work on theTCP/IP level (OSI layer3/4), and thus may not be as effective on the HTTP layer; Attackers might use IDS evasion techniques (HTTP,encoding, fragmenting, etc.) which the IDS is not aware of. Snort, the most powerful open source IDS, has over 800 rules for detecting malicious webtraffic (over 400 for PHP alone).With the help of preprocessorlike frag3 (IP defragmentation), stream4 (statefulinspection/stream r eassembly) and http_inspect (normalize anddetect HTTP traffic and protocol ano maly) snort tries to assemble packets and avoid IDS evasion techniques.These hurdles have to be overcome before anything can be detected.
WEB SECURITY GATEWAY sees application layer traffic http request and response Contents and tags involved inside the application cross site scripting identified and stopped by web security gate way
Proxy server According to cooperate policy internal web traffic is redirected through proxy Mode of operation  Transparent – both parties (local/remote) are unaware that the connection is being proxied  Zorp - application layer proxy is transparent  Opaque – the local party must configure client software to use the proxy  client software must be proxy-aware software  Netscape proxy server is opaque  With all of the things modern firewalls can do in the area of redirection you could configure the firewall to redirect all http requests to a proxy  no user configuration required (transparent)
Proxy server works on 4-7 Functions : Monitors at application layer url filtering Content filtering Limit access control on websites Proxy rules denying urls &web site based on categorization A reverse-proxy is a "backwards" proxy-cache server; it's a proxy server that, rather than allowing internal users to access the Internet, lets Internet users indirectly access certain internal servers. The reverse-proxy server is used as an intermediary by Internet users who want to access an internal website, by sending it requests indirectly.With a reverse-proxy, the web server is protected from direct outside attacks, which increases the internal network's strength.What's more, a reverse-proxy's cache function can lower the workload if the server it is assigned to, and for this reason is sometimes called a server accelerator. Finally, with perfected algorithms, the reverse-proxy can distribute the workload by redirecting requests to other, similar servers; this process is called load balancing.
PROXY DIAGRAM
SPAM filters UTM security appliance eg. Websense email gateway Functions:  url inspection  Content inspection  Malware inspection
NIDS & NIPS  IDS see attack paterns and set alarms act as warning system  Uses 1 connection  IPS has the ability to block & stop traffic  Uses 2 connections  NIDS & NIPS sees traffic for subnets
Types of IDS & IPS  Behavior based  Signature based  Anomaly based  Heuristic
PROTOCOLANALYZER  SNIFFERTOOL EG. WIRESHARK PCAP USEDTO DETECT:  FRAGMENTATION  FLOODING  ANALYZING & IDENTIFYING PROTOCOLS INTHE ENVIORNMENT
DLP  DATA LOSS PREVENTION  INTERNAL TRAFFIC CONTAINS CONFEDENTIAL INFORMATION WHICH SHOULD NOT BE ALLOWED TO TRANSMIT OUTSIDE OFTHE ORGANIZATION  DLP CONFIGURED ON INSTANT MESSAGING  USB PORTS DISABLED
SIEM  The process of gathering and maintaining network, system, and application log data is  commonly referred to using several different definitions. It is sometimes defined as  Security Information and Event Management (SIEM), Security Event Management  (SEM), Security Information Management (SIM), systems monitoring, and network  monitoring
Actionable Information First and foremost, for SIEM to be truly useful, only actionable data must be sent onward to system and application administrators or security staff.To make SIEM alerts actionable it must address the “Five W’s”, a basic investigative technique of determining when the event occurred, who was involved, what happened, where did it take place, and why did it happen. The “Five W’s” can be mapped directly to common variables in a security investigation. •When –Time/Date stamp of the event(s) happening •Who – Identifier of the requestor; typically an IP address and/or a username •What – Description of the event (such as a GET or POST to a web server) •Where – System or application that generated the event and where the request originated from •Why –The purpose of the action and typically is what is being investigated
DEVICE SPECIFIC LOG CAPTURE
SIEM SOLUTION RSA SA
Incident Response Life cycle
INCIDENT RESPONSE
Infrastructure security & Incident Management

Recommended

Firewall
FirewallFirewall
FirewallKenny2012
 
Firewall
FirewallFirewall
Firewalltrilokchandra prakash
 
Types of attack
Types of attackTypes of attack
Types of attackRajuPrasad33
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Servervinay arora
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overviewMostafa El Lathy
 
Proxy
ProxyProxy
ProxyTriad Square InfoSec
 
Firewall
FirewallFirewall
FirewallArchanaMani2
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 

Recommended

Firewall
FirewallFirewall
FirewallKenny2012
 
Firewall
FirewallFirewall
Firewalltrilokchandra prakash
 
Types of attack
Types of attackTypes of attack
Types of attackRajuPrasad33
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Servervinay arora
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overviewMostafa El Lathy
 
Proxy
ProxyProxy
ProxyTriad Square InfoSec
 
Firewall
FirewallFirewall
FirewallArchanaMani2
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its ServicesNavdeep Dhingra
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
Web application & proxy server
Web application & proxy serverWeb application & proxy server
Web application & proxy serverMeera Hapaliya
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10koolkampus
 
Firewall
FirewallFirewall
Firewallsyeda zoya mehdi
 
Firewall
FirewallFirewall
FirewallShivank Shah
 
Firewall & Proxy Server
Firewall & Proxy ServerFirewall & Proxy Server
Firewall & Proxy ServerLakshyaArora12
 
Firewalls
FirewallsFirewalls
Firewallsvaishnavi
 
RAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARYRAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARYRazorpoint Security
 
Ch20 book
Ch20 bookCh20 book
Ch20 bookamitnitttr
 
Firewall traversals
Firewall traversalsFirewall traversals
Firewall traversalsKirti Ahirrao
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
Cisco Stealtwatch
Cisco StealtwatchCisco Stealtwatch
Cisco StealtwatchRayudu Babu
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall BharathiKrishna6
 
Meeting 4 : proxy
Meeting 4 : proxyMeeting 4 : proxy
Meeting 4 : proxySyaiful Ahdan
 
Ch18
Ch18Ch18
Ch18Joe Christensen
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
Ch16
Ch16Ch16
Ch16Joe Christensen
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
RubiX ID - SOA Security - Ingrid Cox
RubiX ID - SOA Security - Ingrid CoxRubiX ID - SOA Security - Ingrid Cox
RubiX ID - SOA Security - Ingrid CoxRubiX BV
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
Firewall vpn proxy
Firewall vpn proxyFirewall vpn proxy
Firewall vpn proxySANKET SENAPATI
 

More Related Content

What's hot

Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
Web application & proxy server
Web application & proxy serverWeb application & proxy server
Web application & proxy serverMeera Hapaliya
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10koolkampus
 
Firewall & Proxy Server
Firewall & Proxy ServerFirewall & Proxy Server
Firewall & Proxy ServerLakshyaArora12
 
Cisco Stealtwatch
Cisco StealtwatchCisco Stealtwatch
Cisco StealtwatchRayudu Babu
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall BharathiKrishna6
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
RubiX ID - SOA Security - Ingrid Cox
RubiX ID - SOA Security - Ingrid CoxRubiX ID - SOA Security - Ingrid Cox
RubiX ID - SOA Security - Ingrid CoxRubiX BV
 

What's hot (20)

Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its Services
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
 
Web application & proxy server
Web application & proxy serverWeb application & proxy server
Web application & proxy server
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall & Proxy Server
Firewall & Proxy ServerFirewall & Proxy Server
Firewall & Proxy Server
 
Firewalls
FirewallsFirewalls
Firewalls
 
RAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARYRAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARY
 
Ch20 book
Ch20 bookCh20 book
Ch20 book
 
Firewall traversals
Firewall traversalsFirewall traversals
Firewall traversals
 
Firewall
FirewallFirewall
Firewall
 
Cisco Stealtwatch
Cisco StealtwatchCisco Stealtwatch
Cisco Stealtwatch
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
 
Meeting 4 : proxy
Meeting 4 : proxyMeeting 4 : proxy
Meeting 4 : proxy
 
Ch18
Ch18Ch18
Ch18
 
Firewalls
FirewallsFirewalls
Firewalls
 
Ch16
Ch16Ch16
Ch16
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
 
RubiX ID - SOA Security - Ingrid Cox
RubiX ID - SOA Security - Ingrid CoxRubiX ID - SOA Security - Ingrid Cox
RubiX ID - SOA Security - Ingrid Cox
 

Similar to Infrastructure security & Incident Management

Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxsaad504633
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
Firewall
FirewallFirewall
FirewallMuuluu
 
UNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesUNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesArnav Chowdhury
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptAkshitRana31
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Cloud Computing Assignment 3
Cloud Computing Assignment 3Cloud Computing Assignment 3
Cloud Computing Assignment 3Gurpreet singh
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionAustina Francis
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].pptBachaSirata
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation SecurityAman Singh
 

Similar to Infrastructure security & Incident Management (20)

Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
 
Firewall vpn proxy
Firewall vpn proxyFirewall vpn proxy
Firewall vpn proxy
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptx
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptx
 
Firewall
FirewallFirewall
Firewall
 
UNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesUNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement Strategies
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.ppt
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Cloud Computing Assignment 3
Cloud Computing Assignment 3Cloud Computing Assignment 3
Cloud Computing Assignment 3
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protection
 
Firewall
FirewallFirewall
Firewall
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].ppt
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Day4
Day4Day4
Day4
 
Advance Technology
Advance TechnologyAdvance Technology
Advance Technology
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final ppt
 
Network security
Network securityNetwork security
Network security
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation Security
 

More from nullowaspmumbai

ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics nullowaspmumbai
 
Internet censorship circumvention techniques
Internet censorship circumvention techniquesInternet censorship circumvention techniques
Internet censorship circumvention techniquesnullowaspmumbai
 
Adversarial machine learning updated
Adversarial machine learning updatedAdversarial machine learning updated
Adversarial machine learning updatednullowaspmumbai
 
Adversarial machine learning
Adversarial machine learning Adversarial machine learning
Adversarial machine learning nullowaspmumbai
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool nullowaspmumbai
 
Ganesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsGanesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsnullowaspmumbai
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 

More from nullowaspmumbai (20)

Xxe
XxeXxe
Xxe
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics
 
Switch security
Switch securitySwitch security
Switch security
 
Radio hacking - Part 1
Radio hacking - Part 1 Radio hacking - Part 1
Radio hacking - Part 1
 
How I got my First CVE
How I got my First CVE How I got my First CVE
How I got my First CVE
 
Power forensics
Power forensicsPower forensics
Power forensics
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
 
Internet censorship circumvention techniques
Internet censorship circumvention techniquesInternet censorship circumvention techniques
Internet censorship circumvention techniques
 
How i got my first cve
How i got my first cveHow i got my first cve
How i got my first cve
 
Adversarial machine learning updated
Adversarial machine learning updatedAdversarial machine learning updated
Adversarial machine learning updated
 
Commix
Commix Commix
Commix
 
Adversarial machine learning
Adversarial machine learning Adversarial machine learning
Adversarial machine learning
 
Dll Hijacking
Dll Hijacking Dll Hijacking
Dll Hijacking
 
Abusing Target
Abusing Target Abusing Target
Abusing Target
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
 
Ganesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsGanesh naik linux_kernel_internals
Ganesh naik linux_kernel_internals
 
Buffer overflow null
Buffer overflow nullBuffer overflow null
Buffer overflow null
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Infrastructure security & Incident Management

  • 3. FIREWALL  A choke point of control and monitoring  Interconnects networks with differing trust  Imposes restrictions on network services  only authorized traffic is allowed  Auditing and controlling access  can implement alarms for abnormal behaviour  Itself immune to penetration  Provides perimeter defence
  • 8. Load balancer  SLB  Gets user to needed resource:  Server must be available  User’s “session” must not be broken  If user must get to same resource over and over, the SLB device must ensure that happens (ie, session persistence)  In order to do work, SLB must:  Know servers – IP/port, availability  Understand details of some protocols (e.g., FTP, SIP, etc)  Network AddressTranslation, NAT:  Packets are re-written as they pass through SLB device.
  • 9. Most predominant algoritms: least connections: server with fewest number of flows gets the new flow request. weighted least connections: associate a weight / strength for each server and distribute load across server farm based on the weights of all servers in the farm. round robin: round robin thru the servers in server farm. weighted round robin: give each server ‘weight’ number of flows in a row; weight is set just like it is in weighted least flows. There are other algorithms that look at or try to predict server load in determining the load of the real server. The SLB device can make its load-balancing decisions based on several factors. Some of these factors can be obtained from the packet headers (i.e., IP address, port numbers, etc.). Other factors are obtained by looking at the data beyond the network headers. Examples: HTTP Cookies HTTP URLs SSL Client certificate The decisions can be based strictly on flow counts or they can be based on knowledge of application. For some protocols, like FTP, you have to have knowledge of protocol to correctly load-balance (i.e., control and data connection must go to same physical server).
  • 10. Web server gateway &WAF Web application firewalls are designed to work on the OSI layer 7 (the application layer).They are fully aware of application layer protocols such as HTTP(S) and SOAP and can analyze those requests in great detail. Compared to a layer 3/4 firewall, rules can be defined to allow/disallow certain HTTP requests like POST, PUSH, OPTIONS, etc., set limits in file transfer size or URL parameter argument length.WAF log files contain as much information as those from a web server plus the policy decisions of the filter rules (e.g. HTTP request blocked; file transfer size limit reached, etc.). AWAF provides a wealth of information for filtering and detection purposes and is thus a good place for the detection of attacks.
  • 11. If the HTTP traffic is SSL encrypted (HTTPS), the NIDS might not decrypt the traffic; high traffic load can make it difficult to analyze network traffic in real time; NIDS are designed to work on theTCP/IP level (OSI layer3/4), and thus may not be as effective on the HTTP layer; Attackers might use IDS evasion techniques (HTTP,encoding, fragmenting, etc.) which the IDS is not aware of. Snort, the most powerful open source IDS, has over 800 rules for detecting malicious webtraffic (over 400 for PHP alone).With the help of preprocessorlike frag3 (IP defragmentation), stream4 (statefulinspection/stream r eassembly) and http_inspect (normalize anddetect HTTP traffic and protocol ano maly) snort tries to assemble packets and avoid IDS evasion techniques.These hurdles have to be overcome before anything can be detected.
  • 12. WEB SECURITY GATEWAY sees application layer traffic http request and response Contents and tags involved inside the application cross site scripting identified and stopped by web security gate way
  • 13.
  • 14. Proxy server According to cooperate policy internal web traffic is redirected through proxy Mode of operation  Transparent – both parties (local/remote) are unaware that the connection is being proxied  Zorp - application layer proxy is transparent  Opaque – the local party must configure client software to use the proxy  client software must be proxy-aware software  Netscape proxy server is opaque  With all of the things modern firewalls can do in the area of redirection you could configure the firewall to redirect all http requests to a proxy  no user configuration required (transparent)
  • 15. Proxy server works on 4-7 Functions : Monitors at application layer url filtering Content filtering Limit access control on websites Proxy rules denying urls &web site based on categorization A reverse-proxy is a "backwards" proxy-cache server; it's a proxy server that, rather than allowing internal users to access the Internet, lets Internet users indirectly access certain internal servers. The reverse-proxy server is used as an intermediary by Internet users who want to access an internal website, by sending it requests indirectly.With a reverse-proxy, the web server is protected from direct outside attacks, which increases the internal network's strength.What's more, a reverse-proxy's cache function can lower the workload if the server it is assigned to, and for this reason is sometimes called a server accelerator. Finally, with perfected algorithms, the reverse-proxy can distribute the workload by redirecting requests to other, similar servers; this process is called load balancing.
  • 17. SPAM filters UTM security appliance eg. Websense email gateway Functions:  url inspection  Content inspection  Malware inspection
  • 18. NIDS & NIPS  IDS see attack paterns and set alarms act as warning system  Uses 1 connection  IPS has the ability to block & stop traffic  Uses 2 connections  NIDS & NIPS sees traffic for subnets
  • 19. Types of IDS & IPS  Behavior based  Signature based  Anomaly based  Heuristic
  • 20.
  • 21.
  • 22. PROTOCOLANALYZER  SNIFFERTOOL EG. WIRESHARK PCAP USEDTO DETECT:  FRAGMENTATION  FLOODING  ANALYZING & IDENTIFYING PROTOCOLS INTHE ENVIORNMENT
  • 23. DLP  DATA LOSS PREVENTION  INTERNAL TRAFFIC CONTAINS CONFEDENTIAL INFORMATION WHICH SHOULD NOT BE ALLOWED TO TRANSMIT OUTSIDE OFTHE ORGANIZATION  DLP CONFIGURED ON INSTANT MESSAGING  USB PORTS DISABLED
  • 24. SIEM  The process of gathering and maintaining network, system, and application log data is  commonly referred to using several different definitions. It is sometimes defined as  Security Information and Event Management (SIEM), Security Event Management  (SEM), Security Information Management (SIM), systems monitoring, and network  monitoring
  • 25. Actionable Information First and foremost, for SIEM to be truly useful, only actionable data must be sent onward to system and application administrators or security staff.To make SIEM alerts actionable it must address the “Five W’s”, a basic investigative technique of determining when the event occurred, who was involved, what happened, where did it take place, and why did it happen. The “Five W’s” can be mapped directly to common variables in a security investigation. •When –Time/Date stamp of the event(s) happening •Who – Identifier of the requestor; typically an IP address and/or a username •What – Description of the event (such as a GET or POST to a web server) •Where – System or application that generated the event and where the request originated from •Why –The purpose of the action and typically is what is being investigated

Editor's Notes

  1. Scale applications / services Ease of administration / maintenance Easily and transparently remove physical servers from rotation in order to perform any type of maintenance on that server. Resource sharing Can run multiple instances of an application / service on a server; could be running on a different port for each instance; can load-balance to different port based on data analyzed.