Riptech is a managed security services company founded in 1998 that has received over $40 million in venture funding. It has hundreds of clients globally in industries such as banking, pharmaceuticals, and utilities. The document discusses the challenges of managing vast amounts of complex log and alert data generated by security devices, and the need for real-time security monitoring beyond basic hardware and software solutions.
This document contains a 3 page summary of a schematic document for a laptop motherboard. It includes a block diagram showing the main components and connections, an index of components and configurations, and a diagram of the power rail connections. The block diagram outlines the CPU, memory, I/O components, and peripheral connections. The index provides specifications for components and their configurations. The power rail diagram shows the power sequencing and connections between voltage regulators and components.
Event - Internet Thailand - Total Security PerimetersSomyos U.
This document summarizes Symantec's enterprise security solutions, including vulnerability management, firewalls, intrusion detection, virus protection, and managed security services. It discusses why security is important for businesses, common security threats, and how Symantec's layered approach addresses these threats through technologies like firewalls, VPNs, antivirus software, and vulnerability scanning.
This document summarizes Symantec's enterprise security strategy and roadmap. It outlines Symantec's existing strong franchises in endpoint security, email security, data protection, trust services, and managed security services. The strategy is to provide integrated threat protection across endpoints, datacenter, and gateways using a unified security analytics platform. The roadmap includes enhancing current products, launching new products, and expanding cybersecurity services over the next few years.
Christina Leigh Clouse is an art educator with over 10 years of experience teaching art to students of all ages. She holds a Bachelor of Fine Arts in Art Education from the University of Georgia and an Associate of Arts in Fine Art from Gainesville State College. Her experience includes teaching art after school, in summer camps, and in primary schools both in the US and abroad in Macedonia. She is proficient in a variety of art mediums and digital tools.
Mika Mäntylä Beyond_Grepping_out - Testing Assembly 2022.pdfFiSTB
The document discusses using artificial intelligence to identify anomaly events in stability testing logs more effectively than traditional grepping methods. It notes that failures in software controlling critical systems could have life-threatening consequences, and users do not distinguish between operations and development issues. A sample log of 65,000 lines from a single test is presented, along with the typical industry practice of using domain knowledge and grepping to find root causes. The document questions if this method is sufficient without a good initial hunch, likening it to finding a needle in a haystack. It implies artificial intelligence could help automate the identification of anomalies in large logs more thoroughly than manual searching.
Software Defined Networks
By: Thierry Couture, Consulting Systems Architect
There is currently a lot of buzz around OpenFlow and Software Defined Networks (SDN) in the industry. It would be a mistake to think that these are one and the same. The reality is that the current market conversation has loose semantics mixed in with hyperbole and hearsay that hide the simplicity of SDN behind terms like Openstack, Virtual Overlays, Network Function Virtualization, Orchestration, etc. This session will explain the origins of SDN, establish a basic terminology for SDN concepts, and offer a framework to both understand these trends and distill the applicability of SDN through a use case lens.
Cisco Networking Class Final AssignmentMorgan Tucker
The document describes a network design for a school district consisting of two elementary schools, two middle schools, a high school, and a superintendent building. The design includes:
- A partial mesh network using OSPF routing and PPP authentication for WAN links.
- Private addressing with NAT translations to public IPs through the border router.
- VLANs separating administrator, faculty, staff, and student networks at each school.
- ACLs to prevent unauthorized access between networks.
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...AlgoSec
Misconfigurations aren’t simply inconvenient mistakes but serious security threats. According to Gartner, 99% of all firewall breaches will be caused by misconfigurations by 2020 and misconfigurations made OWASP’s list of Top 10 most critical web application security risks.
A single change to a network device can have far-reaching effects on your business and create security holes for cybercriminals, impact your audits, and cause costly outages that bring your business to a standstill.
In this webinar, Avivi Siman-Tov, AlgoSec’s Director of Product, will show examples of common misconfigurations, including device changes, business application connectivity changes, and data center migrations. He will also reveal specific techniques to help you avoid them.
Watch the webinar to learn how to:
Understand and map your entire network before you make a change
Proactively assess the impact of a change to ensure it does not break connectivity, affect compliance or create a security hole and understand the impact of changes to your entire network
Maximize the capabilities of network management automation to avoid common misconfigurations
Avoid common mistakes when making changes to your network security devices
This document contains a 3 page summary of a schematic document for a laptop motherboard. It includes a block diagram showing the main components and connections, an index of components and configurations, and a diagram of the power rail connections. The block diagram outlines the CPU, memory, I/O components, and peripheral connections. The index provides specifications for components and their configurations. The power rail diagram shows the power sequencing and connections between voltage regulators and components.
Event - Internet Thailand - Total Security PerimetersSomyos U.
This document summarizes Symantec's enterprise security solutions, including vulnerability management, firewalls, intrusion detection, virus protection, and managed security services. It discusses why security is important for businesses, common security threats, and how Symantec's layered approach addresses these threats through technologies like firewalls, VPNs, antivirus software, and vulnerability scanning.
This document summarizes Symantec's enterprise security strategy and roadmap. It outlines Symantec's existing strong franchises in endpoint security, email security, data protection, trust services, and managed security services. The strategy is to provide integrated threat protection across endpoints, datacenter, and gateways using a unified security analytics platform. The roadmap includes enhancing current products, launching new products, and expanding cybersecurity services over the next few years.
Christina Leigh Clouse is an art educator with over 10 years of experience teaching art to students of all ages. She holds a Bachelor of Fine Arts in Art Education from the University of Georgia and an Associate of Arts in Fine Art from Gainesville State College. Her experience includes teaching art after school, in summer camps, and in primary schools both in the US and abroad in Macedonia. She is proficient in a variety of art mediums and digital tools.
Mika Mäntylä Beyond_Grepping_out - Testing Assembly 2022.pdfFiSTB
The document discusses using artificial intelligence to identify anomaly events in stability testing logs more effectively than traditional grepping methods. It notes that failures in software controlling critical systems could have life-threatening consequences, and users do not distinguish between operations and development issues. A sample log of 65,000 lines from a single test is presented, along with the typical industry practice of using domain knowledge and grepping to find root causes. The document questions if this method is sufficient without a good initial hunch, likening it to finding a needle in a haystack. It implies artificial intelligence could help automate the identification of anomalies in large logs more thoroughly than manual searching.
Software Defined Networks
By: Thierry Couture, Consulting Systems Architect
There is currently a lot of buzz around OpenFlow and Software Defined Networks (SDN) in the industry. It would be a mistake to think that these are one and the same. The reality is that the current market conversation has loose semantics mixed in with hyperbole and hearsay that hide the simplicity of SDN behind terms like Openstack, Virtual Overlays, Network Function Virtualization, Orchestration, etc. This session will explain the origins of SDN, establish a basic terminology for SDN concepts, and offer a framework to both understand these trends and distill the applicability of SDN through a use case lens.
Cisco Networking Class Final AssignmentMorgan Tucker
The document describes a network design for a school district consisting of two elementary schools, two middle schools, a high school, and a superintendent building. The design includes:
- A partial mesh network using OSPF routing and PPP authentication for WAN links.
- Private addressing with NAT translations to public IPs through the border router.
- VLANs separating administrator, faculty, staff, and student networks at each school.
- ACLs to prevent unauthorized access between networks.
Cessation of Misconfigurations: Common Network Misconfiguration Risks & How t...AlgoSec
Misconfigurations aren’t simply inconvenient mistakes but serious security threats. According to Gartner, 99% of all firewall breaches will be caused by misconfigurations by 2020 and misconfigurations made OWASP’s list of Top 10 most critical web application security risks.
A single change to a network device can have far-reaching effects on your business and create security holes for cybercriminals, impact your audits, and cause costly outages that bring your business to a standstill.
In this webinar, Avivi Siman-Tov, AlgoSec’s Director of Product, will show examples of common misconfigurations, including device changes, business application connectivity changes, and data center migrations. He will also reveal specific techniques to help you avoid them.
Watch the webinar to learn how to:
Understand and map your entire network before you make a change
Proactively assess the impact of a change to ensure it does not break connectivity, affect compliance or create a security hole and understand the impact of changes to your entire network
Maximize the capabilities of network management automation to avoid common misconfigurations
Avoid common mistakes when making changes to your network security devices
The document shows statistics on interrupt counts for different CPUs and network interfaces on a system. It shows counts for CPUs 0 through 15 and network interfaces eth0, eth1, eth2, and eth1-TxRx-0 through eth2-TxRx-7. Most counts are zero, but some interfaces like eth0-TxRx-0 have counts in the thousands or hundreds of thousands, indicating interrupt activity on those interfaces.
Stuxnet was a sophisticated cyber attack targeting Iran's nuclear facilities that changed perceptions of threats to critical infrastructure systems like SCADA. It exploited vulnerabilities in both Windows and Siemens control software to sabotage centrifuges without detection for nearly a year. This highlighted that SCADA/ICS are vulnerable targets due to their use of outdated protocols and legacy systems not originally designed with security in mind. Common security issues with SCADA include lack of access controls, unpatched systems, integration with corporate networks, and human/contractor oversight. Best practices like the NERC standards and updates to protocols like DNP3 can help mitigate risks if properly implemented throughout the SCADA lifecycle.
The document discusses using machine learning models to detect anomalies in DNS traffic from NetFlow data in order to identify attacks targeting DNS servers or using DNS. It provides examples of attack definitions that could be identified from NetFlow data patterns and characteristics. It also presents sample NetFlow conversation data and discusses how the data tells a story and how machine learning models can be built and trained to detect strange or anomalous DNS activities and potential attacks.
Big Data Week - L'impact du Big Data sur l'intelligence urbaine - FuturoCité ...Julie Roger
La ville intelligente: une réalité d’aujourd’hui au service des citoyens, des communautés et des autorités… grâce aux progrès technologiques Un facteur d’attractivité pour nos villes de demain ! Dans le cadre de la Big Data Week, Futurocité, et ses partenaires IBM et Mobistar ont présenté l’importance et l’utilité des données (Big data et analytics) pour offrir de nouveaux services "Smart city". Comment et pourquoi est-il important d’exploiter, de traiter et d’analyser les données afin de fournir une information cohérente et intelligente pour une gouvernance plus efficace au bénéfice du bien-être des citoyens et la prospérité de leurs communauté.
1) Russia poses a serious threat landscape, targeting governments, financial organizations, telecommunications, utilities, and transport sectors, as well as citizens.
2) An investigation of a cryptocurrency bank found 1000 workstations and 200 servers infected over 2 weeks, with backups also hacked using unique encryption keys on each device and PowerShell scripts.
3) Threat tactics seen include wipers, cryptors like Black Energy and HDDCryptor, as well as Shamoon 2 and WannaCry exploiting the EternalBlue vulnerability and using techniques like full disk encryption, malware-less attacks, and "tailored" encryption.
The document discusses how artificial intelligence and computer vision techniques can be used for health and safety applications. It provides an overview of artificial intelligence and machine learning concepts. It then describes how convolutional neural networks and the Viola-Jones algorithm can be used for computer vision tasks like face detection. Finally, it outlines the steps involved in using the Sobel edge detection operator to identify features in images.
The document shows statistics on interrupt counts for different CPUs and network interfaces on a system. It shows counts for CPUs 0 through 15 and network interfaces eth0, eth1, eth2, and eth1-TxRx-0 through eth2-TxRx-7. Most counts are zero, but some interfaces like eth0-TxRx-0 have counts in the thousands or hundreds of thousands, indicating interrupt activity on those interfaces.
Stuxnet was a sophisticated cyber attack targeting Iran's nuclear facilities that changed perceptions of threats to critical infrastructure systems like SCADA. It exploited vulnerabilities in both Windows and Siemens control software to sabotage centrifuges without detection for nearly a year. This highlighted that SCADA/ICS are vulnerable targets due to their use of outdated protocols and legacy systems not originally designed with security in mind. Common security issues with SCADA include lack of access controls, unpatched systems, integration with corporate networks, and human/contractor oversight. Best practices like the NERC standards and updates to protocols like DNP3 can help mitigate risks if properly implemented throughout the SCADA lifecycle.
The document discusses using machine learning models to detect anomalies in DNS traffic from NetFlow data in order to identify attacks targeting DNS servers or using DNS. It provides examples of attack definitions that could be identified from NetFlow data patterns and characteristics. It also presents sample NetFlow conversation data and discusses how the data tells a story and how machine learning models can be built and trained to detect strange or anomalous DNS activities and potential attacks.
Big Data Week - L'impact du Big Data sur l'intelligence urbaine - FuturoCité ...Julie Roger
La ville intelligente: une réalité d’aujourd’hui au service des citoyens, des communautés et des autorités… grâce aux progrès technologiques Un facteur d’attractivité pour nos villes de demain ! Dans le cadre de la Big Data Week, Futurocité, et ses partenaires IBM et Mobistar ont présenté l’importance et l’utilité des données (Big data et analytics) pour offrir de nouveaux services "Smart city". Comment et pourquoi est-il important d’exploiter, de traiter et d’analyser les données afin de fournir une information cohérente et intelligente pour une gouvernance plus efficace au bénéfice du bien-être des citoyens et la prospérité de leurs communauté.
1) Russia poses a serious threat landscape, targeting governments, financial organizations, telecommunications, utilities, and transport sectors, as well as citizens.
2) An investigation of a cryptocurrency bank found 1000 workstations and 200 servers infected over 2 weeks, with backups also hacked using unique encryption keys on each device and PowerShell scripts.
3) Threat tactics seen include wipers, cryptors like Black Energy and HDDCryptor, as well as Shamoon 2 and WannaCry exploiting the EternalBlue vulnerability and using techniques like full disk encryption, malware-less attacks, and "tailored" encryption.
The document discusses how artificial intelligence and computer vision techniques can be used for health and safety applications. It provides an overview of artificial intelligence and machine learning concepts. It then describes how convolutional neural networks and the Viola-Jones algorithm can be used for computer vision tasks like face detection. Finally, it outlines the steps involved in using the Sobel edge detection operator to identify features in images.
1. The Managed Security Imperative 2099 Gateway Place San Jose, CA 95110 877-INFOSEC www.riptech.com [email_address] October 16, 2001 Copyright 2001 Riptech, Inc. Real-Time Information Protection SM
2.
3.
4.
5. Hardware and Software Solutions Are Not Enough: A False Sense Of Security Of the organizations suffering security compromises in the last year – 95% had Firewalls and 61% had IDSs ! Need for Real-Time Security Monitoring! 90 92 93 Access Control 98 100 98 Anti-virus software SECURITY TECHNOLOGIES USED ( %) 64 62 61 Encrypted Files 95 78 91 Firewalls 61 50 42 Intrusion Detection Systems 2001 2000 1999
6.
7. Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 30.187.10.130 44654 dest 10.0.0.1 5631 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 93.132.178.83 25779 dest 10.0.0.1 32771 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 88.156.231.45 25645 dest 10.0.0.1 21 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 172.203.138.42 6368 dest 10.0.0.1 27665 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 112.8.46.29 38347 dest 10.0.0.1 80 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 17 Connection denied by outbound list 1 src 248.61.8.19 49358 dest 10.0.0.1 45224 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 70.139.144.19 21 dest 10.0.0.1 47681 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106018: ICMP packet type 3 denied by outbound list 1 src 0.0.0.0 dest 10.0.0.1 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 211.73.233.3 50103 dest 10.0.0.1 80 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 208.160.119.20 49038 dest 10.0.0.1 80 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 109.92.79.135 110 dest 10.0.0.1 62919 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 17 Connection denied by outbound list 1 src 95.14.76.85 2140 dest 10.0.0.1 60000 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106018: ICMP packet type 11 denied by outbound list 1 src 0.0.0.0 dest 10.0.0.1
8. Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 30.187.10.130 44654 dest 10.0.0.1 5631 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 93.132.178.83 25779 dest 10.0.0.1 32771 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 88.156.231.45 25645 dest 10.0.0.1 21 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 172.203.138.42 6368 dest 10.0.0.1 27665 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 112.8.46.29 38347 dest 10.0.0.1 80 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 17 Connection denied by outbound list 1 src 248.61.8.19 49358 dest 10.0.0.1 45224 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 70.139.144.19 21 dest 10.0.0.1 47681 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106018: ICMP packet type 3 denied by outbound list 1 src 0.0.0.0 dest 10.0.0.1 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 211.73.233.3 50103 dest 10.0.0.1 80 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 208.160.119.20 49038 dest 10.0.0.1 80 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 109.92.79.135 110 dest 10.0.0.1 62919 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 17 Connection denied by outbound list 1 src 95.14.76.85 2140 dest 10.0.0.1 60000 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106018: ICMP packet type 11 denied by outbound list 1 src 0.0.0.0 dest 10.0.0.1
15. num;date;time;orig;type;action;alert;i/f_name;i/f_dir;proto;src;dst;service;s_port;len;rule;xlatesrc;xlatedst;xlatesport;xlatedport;icmp-type;icmp-code;reason:;sys_msgs 0;26Mar2001;17:50:58;fw_dev1;control;ctl;;daemon;inbound;;;;;;;;;;;;;;;started sending log to localhost 1;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Chris1;soc1_DB1 (Valid Address);ms_sql_445;3120;48;14;D-Chris1;soc1_DB1;3120;ms_sql_445;;;; 2;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Chris1;soc1_DB1 (Valid Address);nbsession;3121;48;14;D-Chris1;soc1_DB1;3121;nbsession;;;; 3;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Daniel1;soc1_backend_DB (Valid Address);ms_sql_445;2106;48;14;D-Daniel1;soc1_backend_DB;2106;ms_sql_445;;;; 4;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Daniel1;soc1_backend_DB (Valid Address);nbsession;2108;48;14;D-Daniel1;soc1_backend_DB;2108;nbsession;;;; 5;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Chris1;soc1_AuxDB (Valid Address);ms_sql_445;3122;48;14;D-Chris1;soc1_AuxDB;3122;ms_sql_445;;;; 6;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Chris1;soc1_AuxDB (Valid Address);nbsession;3123;48;14;D-Chris1;soc1_AuxDB;3123;nbsession;;;; 7;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Daniel1;soc1_AuxDB (Valid Address);ms_sql_445;2109;48;14;D-Daniel1;soc1_AuxDB;2109;ms_sql_445;;;; 8;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Daniel1;soc1_AuxDB (Valid Address);nbsession;2110;48;14;D-Daniel1;soc1_AuxDB;2110;nbsession;;;; 9;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Daniel1;soc1_DB1 (Valid Address);ms_sql_445;2111;48;14;D-Daniel1;soc1_DB1;2111;ms_sql_445;;;; 10;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Daniel1;soc1_DB1 (Valid Address);nbsession;2112;48;14;D-Daniel1;soc1_DB1;2112;nbsession;;;; 11;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Daniel1;soc1_backend_DB (Valid Address);ms_sql_445;2113;48;14;D-Daniel1;soc1_backend_DB;2113;ms_sql_445;;;; 12;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Daniel1;soc1_backend_DB (Valid Address);nbsession;2114;48;14;D-Daniel1;soc1_backend_DB;2114;nbsession;;;; 13;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Daniel1;soc1_AuxDB (Valid Address);ms_sql_445;2115;48;14;D-Daniel1;soc1_AuxDB;2115;ms_sql_445;;;; 14;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Daniel1;soc1_AuxDB (Valid Address);nbsession;2116;48;14;D-Daniel1;soc1_AuxDB;2116;nbsession;;;; 15;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;workstation2;soc1_AuxDB (Valid Address);ms_sql_445;2582;48;14;workstation2;soc1_AuxDB;2582;ms_sql_445;;;; 16;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;workstation2;soc1_AuxDB (Valid Address);nbsession;2583;48;14;workstation2;soc1_AuxDB;2583;nbsession;;;; 17;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Daniel1;soc1_backend_DB (Valid Address);ms_sql_445;2117;48;14;D-Daniel1;soc1_backend_DB;2117;ms_sql_445;;;; 18;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;D-Daniel1;soc1_backend_DB (Valid Address);nbsession;2118;48;14;D-Daniel1;soc1_backend_DB;2118;nbsession;;;; 19;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;workstation2;soc1_backend_DB (Valid Address);ms_sql_445;2584;48;14;workstation2;soc1_backend_DB;2584;ms_sql_445;;;; 20;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;workstation2;soc1_backend_DB (Valid Address);nbsession;2585;48;14;workstation2;soc1_backend_DB;2585;nbsession;;;; 21;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;workstation2;soc1_DB2 (Valid Address);ms_sql_445;2586;48;14;workstation2;soc1_DB2;2586;ms_sql_445;;;; 22;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;workstation2;soc1_DB2 (Valid Address);nbsession;2587;48;14;workstation2;soc1_DB2;2587;nbsession;;;; 23;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;workstation2;soc1_DB1 (Valid Address);ms_sql_445;2588;48;14;workstation2;soc1_DB1;2588;ms_sql_445;;;; 24;26Mar2001;17:50:58;fw_dev1;log;accept;;DC21X41;inbound;tcp;workstation2;soc1_DB1 (Valid Address);nbsession;2589;48;14;workstation2;soc1_DB1;2589;nbsession;;;; 26 13:59:50 192.168.60.65 QA-Netscreen-10: NetScreen Traffic Log: device_id=QA-Netscreen-10 start_time="2001-3-26 13:03:31" src=192.168.60.208 dst=192.168.60.65 src_port=45529 dst_port=633 service=TCP port 633 policy_id=32767 duration=0 sent=0 rcvd=40 action=Deny Mar 26 14:01:10 192.168.60.65 QA-Netscreen-10: NetScreen Traffic Log: device_id=QA-Netscreen-10 start_time="2001-3-26 13:04:47" src=192.168.60.208 dst=192.168.60.65 src_port=45532 dst_port=964 service=TCP port 964 policy_id=32767 duration=0 sent=0 rcvd=40 action=Deny Mar 26 14:02:30 192.168.60.65 QA-Netscreen-10: netscreen: User netscreen telnet management session from (192.168.60.232:4383) timed out (2001-3-26 13:12:15) Mar 26 14:43:03 192.168.60.65 QA-Netscreen-10: NetScreen Traffic Log: device_id=QA-Netscreen-10 start_time="2001-3-26 14:41:22" src=192.168.60.208 dst=192.168.60.65 src_port=39629 dst_port=792 service=TCP port 792 policy_id=32767 duration=0 sent=0 rcvd=40 action=Deny Mar 26 14:44:23 192.168.60.65 QA-Netscreen-10: NetScreen Traffic Log: device_id=QA-Netscreen-10 start_time="2001-3-26 14:41:22" src=192.168.60.208 dst=192.168.60.65 src_port=39629 dst_port=1527 service=TCP port 1527 policy_id=32767 duration=0 sent=0 rcvd=40 action=Deny Mar 26 14:45:43 192.168.60.65 QA-Netscreen-10: NetScreen Traffic Log: device_id=QA-Netscreen-10 start_time="2001-3-26 14:41:22" src=192.168.60.208 dst=192.168.60.65 src_port=39629 dst_port=418 service=TCP port 418 policy_id=32767 duration=0 sent=0 rcvd=40 action=Deny Mar 26 14:47:03 192.168.60.65 QA-Netscreen-10: NetScreen Traffic Log: device_id=QA-Netscreen-10 start_time="2001-3-26 14:41:22" src=192.168.60.208 dst=192.168.60.65 src_port=39629 dst_port=983 service=TCP port 983 policy_id=32767 duration=0 sent=0 rcvd=40 action=Deny Mar 26 14:48:23 192.168.60.65 QA-Netscreen-10: NetScreen Traffic Log: device_id=QA-Netscreen-10 start_time="2001-3-26 14:41:22" src=192.168.60.208 dst=192.168.60.65 src_port=39629 dst_port=28 service=TCP port 28 policy_id=32767 duration=0 sent=0 rcvd=40 action=Deny Mar 26 14:49:43 192.168.60.65 QA-Netscreen-10: NetScreen Traffic Log: device_id=QA-Netscreen-10 start_time="2001-3-26 14:41:22" src=192.168.60.208 dst=192.168.60.65 src_port=39629 dst_port=761 service=TCP port 761 policy_id=32767 duration=0 sent=0 rcvd=40 action=Deny Mar 26 14:51:03 192.168.60.65 QA-Netscreen-10: NetScreen Traffic Log: device_id=QA-Netscreen-10 start_time="2001-3-26 14:41:22" src=192.168.60.208 dst=192.168.60.65 src_port=39629 dst_port=2033 service=TCP port 2033 policy_id=32767 duration=0 sent=0 rcvd=40 action=Deny Mar 26 14:52:23 192.168.60.65 QA-Netscreen-10: NetScreen Traffic Log: device_id=QA-Netscreen-10 start_time="2001-3-26 14:41:22" src=192.168.60.208 dst=192.168.60.65 src_port=39629 dst_port=1475 service=TCP port 1475 policy_id=32767 duration=0 sent=0 rcvd=40 action=Deny Mar 26 14:53:43 192.168.60.65 QA-Netscreen-10: NetScreen Traffic Log: device_id=QA-Netscreen-10 start_time="2001-3-26 14:41:22" src=192.168.60.208 dst=192.168.60.65 src_port=39629 dst_port=1530 service=TCP port 1530 policy_id=32767 duration=0 sent=0 rcvd=40 action=Deny 2001-03-13 10:29:43|drag-sensor1|DRAGONRIDER-START|0.0.0.0|0.0.0.0|0|0|?||0|dv=,tz=GMT| 2001-03-13 10:30:32|drag-sensor1|DRAGONRIDER-START|0|0|0|0|?||0|dv=,tz=GMT| 2001-03-13 11:02:05|drag-sensor1|HEARTBEAT|0|0|0|0|I||0|IP=1380,ICMP=0,TCP=1237,UDP=143,EVENTS=1,DROP=0,VER=4.2.2| 2001-03-13 12:02:44|drag-sensor1|HEARTBEAT|0|0|0|0|I||0|IP=201,ICMP=0,TCP=3,UDP=198,EVENTS=1,DROP=0,VER=4.2.2| 2001-03-13 12:23:23|drag-sensor1|TCP-SCAN|727912620|1684213932|0|0|I|------S-|0|total=490,min=2,max=1024,up=241,down=249,flags=------S-,Mar13-12:22,Mar13-12:23| 2001-03-13 12:23:23|drag-sensor1|TCP-SCAN|727912620|1684213932|55564|0|I|------S-|0|total=500,min=1,max=1022,up=242,down=258,sp=55564,flags=------S-,Mar13-12:23,Mar13-12:23| 2001-03-13 12:24:31|drag-sensor1|TCP-SCAN|727912620|1684213932|55564|0|I|------S-|0|total=34,min=42,max=942,up=16,down=18,sp=55564,flags=------S-,Mar13-12:23,Mar13-12:23| 2001-03-13 12:24:31|drag-sensor1|TCP-SCAN|727912620|23269548|0|0|I|------S-|0|total=462,min=1,max=1022,up=235,down=227,flags=------S-,Mar13-12:23,Mar13-12:24| 2001-03-13 12:25:35|drag-sensor1|TCP-SCAN|727912620|23269548|55902|0|I|------S-|0|total=497,min=1,max=1023,up=235,down=262,sp=55902,flags=------S-,Mar13-12:24,Mar13-12:25| 2001-03-13 12:28:16|drag-sensor1|TCP-SCAN|727912620|23269548|34861|0|I|------S-|0|total=235,min=12,max=1023,up=116,down=119,sp=34861,flags=------S-,Mar13-12:25,Mar13-12:26| 2001-03-13 12:28:16|drag-sensor1|TCP-SCAN|727912620|1164120236|0|0|I|------S-|0|total=255,min=8,max=1022,up=129,down=126,flags=------S-,Mar13-12:27,Mar13-12:28| 2001-03-13 12:28:17|drag-sensor1|TCP-SCAN|727912620|1164120236|49693|0|I|------S-|0|total=500,min=1,max=1023,up=241,down=259,sp=49693,flags=------S-,Mar13-12:28,Mar13-12:28| 2001-03-13 12:50:47|drag-sensor1|FTP:NOPASSWORD|23269548|1180897452|1558|21|I||6|tcp,dp=21,sp=1558| 2001-03-13 12:50:47|drag-sensor1|DYNAMIC-TCP|1180897452|23269548|21|1558|I|---A----|6|tcp,sp=21,dp=1558,flags=---A----| 2001-03-13 12:50:47|drag-sensor1|DYNAMIC-TCP|1180897452|23269548|21|1558|I|---AP---|6|tcp,sp=21,dp=1558,flags=---AP---| 2001-03-13 12:50:47|drag-sensor1|DYNAMIC-TCP|23269548|1180897452|1558|21|I|---A----|6|tcp,sp=1558,dp=21,flags=---A----| 2001-03-13 12:50:52|drag-sensor1|DYNAMIC-TCP|23269548|1180897452|1558|21|I|---AP---|6|tcp,sp=1558,dp=21,flags=---AP---| 2001-03-13 12:50:52|drag-sensor1|DYNAMIC-TCP|1180897452|23269548|21|1558|I|---AP---|6|tcp,sp=21,dp=1558,flags=---AP---| 2001-03-13 12:50:52|drag-sensor1|DYNAMIC-TCP|23269548|1180897452|1558|21|I|---A---F|6|tcp,sp=1558,dp=21,flags=---A---F| 2001-03-13 12:50:52|drag-sensor1|DYNAMIC-TCP|1180897452|23269548|21|1558|I|---A----|6|tcp,sp=21,dp=1558,flags=---A----| 2001-03-13 12:50:52|drag-sensor1|DYNAMIC-TCP|1180897452|23269548|21|1558|I|---A---F|6|tcp,sp=21,dp=1558,flags=---A---F| 2001-03-13 12:50:52|drag-sensor1|DYNAMIC-TCP|23269548|1180897452|1558|21|I|---A----|6|tcp,sp=1558,dp=21,flags=---A----| 2001-03-13 12:50:53|drag-sensor1|DYNAMIC-TCP|23269548|1180897452|1559|21|I|------S-|6|tcp,sp=1559,dp=21,flags=------S-| 2001-03-13 12:50:53|drag-sensor1|DYNAMIC-TCP|1180897452|23269548|21|1559|I|---A--S-|6|tcp,sp=21,dp=1559,flags=---A--S-| 2001-03-13 12:50:53|drag-sensor1|DYNAMIC-TCP|23269548|1180897452|1559|21|I|---A----|6|tcp,sp=1559,dp=21,flags=---A----| 2001-03-13 12:50:56|drag-sensor1|DYNAMIC-TCP|1180897452|23269548|21|1559|I|---AP---|6|tcp,sp=21,dp=1559,flags=---AP---| Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 30.187.10.130 44654 dest 10.0.0.1 5631 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 93.132.178.83 25779 dest 10.0.0.1 32771 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 88.156.231.45 25645 dest 10.0.0.1 21 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 172.203.138.42 6368 dest 10.0.0.1 27665 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 112.8.46.29 38347 dest 10.0.0.1 80 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 17 Connection denied by outbound list 1 src 248.61.8.19 49358 dest 10.0.0.1 45224 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 70.139.144.19 21 dest 10.0.0.1 47681 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106018: ICMP packet type 3 denied by outbound list 1 src 0.0.0.0 dest 10.0.0.1 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 211.73.233.3 50103 dest 10.0.0.1 80 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 208.160.119.20 49038 dest 10.0.0.1 80 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 6 Connection denied by outbound list 1 src 109.92.79.135 110 dest 10.0.0.1 62919 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106002: 17 Connection denied by outbound list 1 src 95.14.76.85 2140 dest 10.0.0.1 60000 Mar 28 19:24:50 192.168.60.62 Mar 28 2001 23:06:34: %PIX-2-106018: ICMP packet type 11 denied by outbound list 1 src 0.0.0.0 dest 10.0.0.1
16.
17.
18.
19. A Customer-Friendly Interface Enhances Client Interaction Powerful query and analysis tools Concise security event summary information Security events are prioritized according to severity
20. Detailed Information is Always Available: Empower the User Detailed analysts reports and recommendations Easy accessible log information Comprehensive event information from across the enterprise
21. Access to Log Data And Query Tools: Empower the User Searchable Log File Information Display Filters and Customizable View Options
SOC is fully redundant, Strong physical security Stress Hot backup power, UPS 3 BGP peered T1 lines with 3 separate ISPs, and a 4 th cut-over T1 masquerading as another company. ensures against DDoS New Alexandria SOC by End of December 2000 New San Jose SOC in Q1, Europe Q2 Each soc will fail-over to each other