The document discusses various types of intruders including masqueraders, misfeasors, and clandestine users. It also covers intrusion techniques like password cracking, intrusion detection methods using statistical anomaly detection and rule-based approaches, and the importance of audit records and covering tracks to hide evidence of intrusion. Distributed intrusion detection systems are also mentioned as a more effective defense approach.
Intrusion detection and prevention systemNikhil Raj
Â
This presentation describes how to implement Network based Intrusion Detection System (SNORT) in the network. Detecting and analyzing alerts generated and blocking the Attacker using Access Control List.
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
Â
Intrusion detection system (IDS) is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities. Intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
Intrusion detection and prevention systemNikhil Raj
Â
This presentation describes how to implement Network based Intrusion Detection System (SNORT) in the network. Detecting and analyzing alerts generated and blocking the Attacker using Access Control List.
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
Â
Intrusion detection system (IDS) is software that automates the intrusion detection process. The primary responsibility of an IDS is to detect unwanted and malicious activities. Intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.
details of tools and methods used in cyber crime & how to protect your system from crimes...
detail study of password cracking, Denial of service, DDoS, steganography, keylogger, proxy server, phishing etc..
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
Â
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : September 2019
A Presentation On Basic Network Security And Viruses For College Level. Basics on Networking, Network Security, Virus, Spyware, Vulnerability, Hacking And Indian Laws To Prevent Hacking
details of tools and methods used in cyber crime & how to protect your system from crimes...
detail study of password cracking, Denial of service, DDoS, steganography, keylogger, proxy server, phishing etc..
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
Â
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : September 2019
A Presentation On Basic Network Security And Viruses For College Level. Basics on Networking, Network Security, Virus, Spyware, Vulnerability, Hacking And Indian Laws To Prevent Hacking
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
Â
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
Â
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
Â
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Â
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Â
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview​
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
Â
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
Â
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Â
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Â
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Â
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Â
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
3. Security Problem
• Unwanted trespass
– By user:
• Unauthorized login
• Authorized user but unauthorized actions
– By software:
• Virus
• Worms
• Trojan Horse
4. Intruders
• Masquerader (impersonation) (Outsider): An individual who
is not authorized to use the computer and who penetrates a
systems access controls to exploit legitimate user’s account.
• Misfeasor (insider): A legitimate user who accesses data,
programs, or resources for which such access is not
authorize, or who is authorized for such but misuses
previlages
• Clandestine User (Both insider and outsider): An individual
who seizes supervisory control of the system and uses this
control to evade auditing and access controls or to suppress
audit collection
5. Intruder Behaviour Patterns
• Constantly shifting
– Exploit newly discovered weaknesses
• Three broad examples
– Hackers: hack into computers for thrill or for status
• May or may not be malign (dangerous)
• Intrusion detection systems (IDS) and Intrusion prevention
systems (IPS) can counter it.
– Criminals
• Organized group of hackers (e.g. Lulz Boat)
• Loosely affiliated, met in underground forums to trade tips, data
and coordinate attacks
• Common target: Root access, credit card files at e-commerce
site
6. Intruder Behaviour Patterns
• Quick in and out in nature
• IDS and IPS: less effective
– Inside Attacks
• Most difficult to detect and prevent
• Can be motivated by revenge or feeling of entitelment
• IDS and IPS may be useful up to some extent
7. Intrusion Techniques
• Objective: Gain access or increase access previlages
• Vulnerabilities:
– System vulnerabilities
– Software vulnerabilities: allows user to executre code to
open back door
(http://www.telegraph.co.uk/technology/facebook/8938
725/Facebook-privacy-flaw-exposes-Mark-Zuckerberg-
photos.html)
• Acquire Secure Information:
– System maintain a file that associates a password with
each authorised user.
• Passwords / Passwords File
8. Intrusion Techniques:Passwords
• Password file is protected in two ways
– One-way Function:
• System stores only the value of a function based on the user’s
password
• User enters password
• System transform entered password and compare with saved
value
– Access Control:
• Access is limited to one or very few accounts.
9. Password Cracking
1. Try default passwords.
2. Try all short words, 1 to 3 characters long.
3. Try all the words in an electronic dictionary (60,000).
4. Collect information about the user’s hobbies, family
names, birthday, etc.
5. Try user’s phone number, social security number,
street address, etc.
6. Try all license plate numbers (MUP103).
7. Use a Trojan horse
8. Tap the line between a remote user and the host
system.
10. Password Cracking
• 1 – 6 : Various ways of Guessing passwords
– Feasible and highly effective
– Automatic guessing and verification
• 7: Difficult to counter
• 8: Physical Security
11. Stages of Network Intrusion
• Scan the network to:
– locate which IP addresses are in use,
– what operating system is in use,
– what TCP or UDP ports are “open” (being listened to by Servers).
• Run “Exploit” scripts against open ports
• Get access to Shell program which is “suid” (has “root” privileges).
• Download from Hacker Web site special versions of systems files that
will let Cracker have free access in the future without his cpu time or
disk storage space being noticed by auditing programs.
• Use IRC (Internet Relay Chat) to invite friends to the feast.
12. Intrusion Detection
• Detection: concerned with learning of an attack,
either before or after its success
• Prevention: security goal
• The intruder can be identified and ejected from the
system.
• An effective intrusion detection can prevent
intrusions.
• Intrusion detection enables the collection of
information about intrusion techniques that can be
used to strengthen the intrusion prevention facility.
13. Intrusion Detection
Based on assumption that behaviour differs
Profiles of Behavior of Intruders and Authorized Users
14. Intrusion Detection
• Statistical anomaly detection
– Threshold detection: define threshold, independent of
user, for the frequency of occurrence of various events.
– Profile based: A profile of activity of each user is
developed and used to detect changes in the behavior of
individual user.
• Rule based detection
– Anomaly detection: Rules are developed to detect
deviation from the previous usage patterns.
– Penetration identification: An expert system approach
that searches for suspicious behavior.
A system may have both
15. Audit Records
• Fundamental tool
• Native Audit Records:
– Accounting software that collects information on user
activity
– Advantage: No additional collection software required
– Disadvantage: May not contain needed information or
may not contain needed information in convenient
format
16. Audit Records
• Detection Specific Audit Records
– A collection facility to generate audit records containing
required information used by IDS
– Advantage: Can be made vendor independent & portable
– Disadvantage: Extra overhead
17. Audit Records : Example
• Subject: Initiators of actions
• Action: Operation Performed
• Object: Receptors of actions
• Exception-Condition: which, if any, exception
condition is raised on return
• Resource Usage: A list of quantitative elements
about usage of resource
• Time-Stamp: Unique time and date stamp
18. Statistical Anomaly Detection
• Attempt to define normal or expected behaviour
• Collect data related to behaviour over a period of
time
• Statistical tests are applied
• Two broad categories
– Threshold detection: define threshold, independent of
user, for the frequency of occurance of various events
19. Statistical Anomaly Detection
– Profile based: Profile of the activity of user or group is
developed and then used to detect changes in behaviour.
May consists of set of parameters.
• Analysis of audit records is foundation
• Effective against masqueraders
• May not deal with misfeasors
• Statistical tests
– Mean and Standard Deviation Multivariate
– Markov Process Time Series
– Operational
20. Measures Used
• Login frequency by day and time.
• Frequency of login at different locations.
• Time since last login.
• Password failures at login.
• Execution frequency.
• Execution denials.
• Read, write, create, delete frequency.
• Failure count for read, write, create and delete.
21. Rule-Based Intrusion Detection
• Define a set of rules to decide about behaviour
• Two broad categories
– Anomaly Detection: Historical audit records are analyzed
to generate rules to describe patterns.
• Rules May represent past behaviour patterns of
users, previlagese, programs, time slots, terminals
• Current behaviour is obsereved and matched with set of rules
– Penetration Identification: Set of rules for identifying
known penetrations or penetrations that would exploit
known weaknesses.
• Rules can be defined to identify suspecious behaviour
• Analyze attack tools and scripts to generate rules.
22. Distributed Intrusion Detection
• Single System stand alone IDS vs Distributed IDS
• More effective defense
– Coordination and cooperation among IDS across network
– Different audit record formats
– Different collection and analysis points
– Confidentiality and Integrity of collected data during
transmission
– Centralized architecture (one collection point) or
decentralized (more than one collection points
coordinating and exchanging information)
23. Distributed Intrusion Detection
• Host Agent Module
– Audit collection module operating at background
– Collect data on security
related event
– Transmits to the central
manager
• LAN monitor agent module
– Operates like agent
module
– Analyze LAN traffic
• Central manager module
– Recieves reports
– Processes and correlates these reports to detect intrusion
24. Distributed Intrusion Detection
• Agent Architecture
• Agent captures each record from
native audit collection system
• Filter is applied to retain only
security records
• Records are transmitted in Host
Audit Record (HAR) format
• Template driven logic module
analyze the records
• Agent protocol Machine
• Lowest level – scans for
notable events
• Highest level – look for
sequence of events (signature)
• Also look for anomalous behaviour based on profile
• If suspecious, Alert is sent to Central Manager (expert system)
• May also query agents for copies of HARS
Henric Johnson 24
25. Passwords
• Most common weaknesses in a company
– Weak passwords
– uncontrolled devices on the network
• Most systems and software have default passwords!
• Characteristics of a strong password
– Changes every 45 days
– Minimum length of 10 characters
– Contain at leas one alpha, one number and one special
character
– Cannot contain dictionary words
– Cannot reuse the previous five passwords
– Minimum password age of 10 days
– After 5 failed logon attempts, password is locked for serveral
hours
26. UNIX passwords
• Stored in a publicly readable file /etc/passwd, (any user
who was on the system had access to read the file i.e.
more /etc/passwd )
usernamen:password:UID:GID:full name:home directory:shell
sch:OZFGkH258h8yg:1013:10:Stefan Chevul:/home/sch/:/bin/csh
• Latest UNIX versions split the passwd file into 2 files.
The /etc/passwd file still exists, it contains everything
except the encrypted passwords. This is stored in the
/etc/shadow file and only visible by “root”.
usernamen:password:last:min:max:warning:expire:disable
sch:OZFGkH258h8yg:::::::
28. ypcat passwd
• Ypcat: list all the users and groups / networkwide
password map
gymsjo:PgiEmZuEHpmY2:3227:3200:STEFAN JOHANSSON:/home/
dogmatix/gym/gymsjo:/usr/local/bin/tcsh
frpe03:EoFPa/t0McqN6:470078:20031:FREDRIK PERSSON:/home/
dogmatix/students/20031/frpe03:/usr/local/bin/tcsh
etmf01:Ck34HVjHPI3gQ:740030:20011:Etienne Mfoumou:/home/
dogmatix/students/20011/etmf01:/usr/local/bin/tcsh
rope05:i/mTnW1jL7vmM:490146:20051:ROBIN PERSSON:/home/
obelix/students/20051/rope05:/usr/local/bin/tcsh
nasc04:HfcXJTuIB7Bh2:500001:20041:Nadzida Saric:/home/obelix/
students/20041/nasc04:/usr/local/bin/tcsh
29. Salt
• The salt serves three purposes:
– Prevents duplicate passwords.
– Effectively increases the length of the password.
– Prevents the use of hardware implementations of DES
Henric Johnson 29
32. Password Selection Strategies
• User education
– Unlikely to succeed
– Many users ignore guidelines
• Computer-generated passwords
– Random in nature, problem in memorizing
Henric Johnson 32
33. Password Selection Strategies
• Reactive password checking
– System periodically runs password cracker to find
guessable passwords
– Cancel guessed passwords and notify users
– Resource intensive job
• Proactive password checking
– User is allowed to choose password
– System checks , password is allowable or not
34. Password Cracking : Importance
• From a security standpoint, password cracking can
help you build and maintain a more secure system.
• Reasons why password cracking is useful
– To audit the strength of passwords
– To recover forgotten / unknown passwords
– To migrate users
– To use as a checks and balance system
• Main types of password cracking attacks:
– Dictionary attacks
– Brute force attacks
– Hybrid attacks
35. Password Cracking: Attacks
Dictionary Brute Force Hybrid attack
attack attack
Speed of the attack Fast Slow Medium
Amount of passwords Finds only Finds every Finds only
cracked words password passwords that
have a Dictionary
word as the base
37. Covering the Tracks
• After an attacker has gained access and
accomplished what he wanted to do, one of the last
steps he performs is covering his tracks, hiding
evidence that he was ever there.
• To do this there are 4 main areas an attacker is
concerned with:
1. Log files
2. File information
3. Additional files
4. Network traffic