agenda
play

Agenda Thinking about the concept Introduction Types of defensive - PowerPoint PPT Presentation

Nov 26, 2022 •558 likes •833 views

Agenda Thinking about the concept Introduction Types of defensive technology Raising the bar Typical assessment methodology Attacks Examples Conclusion Thinking about the concept Were from South Africa:

  2. Agenda –Thinking about the concept –Introduction –Types of defensive technology –Raising the bar –Typical assessment methodology –Attacks –Examples –Conclusion

  3. Thinking about the concept We’re from South Africa: –Robbery on Atterbury Road in Pretoria –Electric fencing around my house From the insect world: –Acid bugs – “I don’t taste nice” –Electric eel Spy vs. spy: –Disinformation

  4. Introduction Current trends in “assessment” space: –Technology is getting smarter –People are getting lazy –Good “hacker” used to be technically clever –Tool/scanner for every level of attack Perceptions: –Administrators are dumb, “hackers” are clever –Skill = size of your toolbox In many cases the mechanic’s car is always broken.

  5. Types of defensive technology Robbery analogy: –Firewalls: Amour plated windows –IDS: Police –IPS: Driving away –Back Hack: Carry a gun in the car Fence analogy: –Firewalls: Walls –IDS: Police –IPS: Armed response –Back Hack: Trigger happy wife…

  6. Raising the bar Raising the “cost” of an “assessment”: Attacking the technology, not the people Attacking automation; “lets move to the next target” Used to be: “Are you sure it’s not a honey pot?” Now: –Is YOUR network safe? –Are YOUR tools safe from attack? –Do YOU have all the service packs installed? –Do you measure yourself as you measure your targets?

  7. Typical assessment methodology • Foot printing • Vitality • Network level visibility • Vulnerability discovery • Vulnerability exploitation Web application assessment •

  8. Attacks Types: -Avoiding/Stopping individual attacks -Creating noise/confusion -Stopping/Killing the tool -Killing the attacker’s host/network Levels: -Network level -Network application level -Application level

  9. Attacks Attack vectors: All information coming back to the attacker is under OUR control: Packets (and all its features) – Banners – Forward & reverse DNS entries – Error codes, messages – – Web pages Used in the tool/scanner itself Used in rendering of data, databases Used in secondary scanners, reporters

  10. Examples Foot printing: Avoiding DNS obfuscation Noise: “Eat my zone!” Stopping: Endless loop of forward entries Killing: Eeeevil named…reverse entries

  11. Examples Foot printing: Tools: Very basic – host, nslookup, dig Domains: not a lot we can do there.. DNS entries: forward, reverse, axfr, ns SensePost has some interesting foot printing tools…

  12. Examples

  13. Examples Network level: Avoiding Firewall Noise: honeyd & transparent reverse proxies – Random IPs alive – Random ports open – Traceroute interception/misdirection – Fake network broadcast addresses Stopping: ? Killing: nmap with banner display??

  14. Examples Network level: Tools: Ping sweeps / vitality checkers Port scanners nmap, paketto/pulse, superscan, visualroute, some custom scripts, etc. etc.

  15. Examples Network level: Tools: Ping sweeps / vitality checkers Port scanners nmap, paketto/pulse, superscan, visualroute, some custom scripts, etc. etc.

  16. Examples

  17. Examples Network application level Avoiding Patches, patches Noise: – Fake banners – Combined banners – NASL (reverse) interpreter Stopping: Tar pits – Killing: – Buffer overflows – Rendering of data – malicious code in HTML Where data is inserted into databases – Scanners that use other scanners (e.g. using nessus,nmap) –

  18. Examples Network application level Tools: Shareware: Nessus, amap, httpprint, Sara & friends? Commercial: ISS, Retina, Typhon, Foundscan, Qualys, Cisco

  19. Examples Application level & (web server assessment) Avoiding Application level firewall Noise: – On IPs not in use: • Random 404,500,302,200 responses Not enough to latch “friendly 404”, or intercept 404 checking • – Within the application • Bogus forms, fields Pages with “ODBC ….” • Stopping: Spider traps, Flash, Human detectors Killing: “You are an idiot!” – Bait files.. Admintool.exe and friends in /files,/admin etc. –

  20. Examples Tools: Shareware: Nikto, Nessus, Whisker?, WebScarab, Exodus, Pharos, Spike, Httrack, Teleport pro Commercial: Sanctum Appscan, Cenzic Hailstorm, Kavado Scando, SPI Dynamics WebInspect, @stake webproxy

  21. Examples Incoming Armpit1 connection Back to client Back to client Valid Relay yes no cookie? connection Valid Send valid no request yes cookie and string? redirect Build and send Flash

  22. Examples

  23. Examples Armpit2 Incoming connection With IPS Bad cookie Back to client jar Valid cookie? yes Back to client no BlackList Relay Evil Cookie & no yes connection request? close connection Send valid Build and Valid request no yes cookie and send Flash string? redirect

  24. Combining with IPS

  25. Conclusion • These techniques do not make your network safer? IPS is getting smarter • The closer to the application level they go, the more – accurate they become. IPS can easily switch on “armpits” • • It’s a whole new ballgame…

  26. QUESTIONS?? COMMENTS?? FLAMES??

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

R E B I R T H R E B I R T H 1 Meeting Agenda Meeting Agenda Agenda 1

R E B I R T H R E B I R T H 1 Meeting Agenda Meeting Agenda Agenda 1

Annual General Meeting of Shareholders No. 1/2015 28 January 2015 At 1.30 P.M. at Athenee Crystal Hall, 3rd Floor, Plaza Athenee Bangkok R E B I R T H R E B I R T H 1 Meeting Agenda Meeting Agenda Agenda 1 To certify

879 views • 54 slides
Negotiating Conflicts Eff Effectively ti l Agenda Agenda Agenda Agenda Introductions

Negotiating Conflicts Eff Effectively ti l Agenda Agenda Agenda Agenda Introductions

Negotiating Conflicts Eff Effectively ti l Agenda Agenda Agenda Agenda Introductions Introductions 1) Negotiation Characteristics 2) Approaches to Conflict 2) Approaches to Conflict 3) Issues, Positions, and Interests 4)

1.06k views • 60 slides
Web E Web E ngineer ngineer ing Pr ing Pr oc ess oc ess We e k 2 Agenda (Lecture) Agenda

Web E Web E ngineer ngineer ing Pr ing Pr oc ess oc ess We e k 2 Agenda (Lecture) Agenda

Web E Web E ngineer ngineer ing Pr ing Pr oc ess oc ess We e k 2 Agenda (Lecture) Agenda (Lecture) Web Engineering Process W b E i i P Agenda (Lab) Agenda (Lab) Web 2.0 architecture patterns Project proposal P j t l

1.06k views • 19 slides
Anaheim August 27, 2008 Agenda Agenda Agenda Introduction New Rule Requirements

Anaheim August 27, 2008 Agenda Agenda Agenda Introduction New Rule Requirements

Anaheim August 27, 2008 Agenda Agenda Agenda Introduction New Rule Requirements Compliance Plan Upgrade Issues Questions Introduction Introduction Introduction Danny Luong Senior Enforcement Manager Background

989 views • 29 slides
Capital markets day 27 th September 2017 Agenda Time Agenda item Led by Time Agenda item

Capital markets day 27 th September 2017 Agenda Time Agenda item Led by Time Agenda item

Capital markets day 27 th September 2017 Agenda Time Agenda item Led by Time Agenda item Led by 14:15 TEA & COFFEE BREAK 11.00 Introduction Carolyn McCall 11.05 1. Market / Network 14.30 4. Making travel easy & affordable

1.22k views • 90 slides
Community Advisory Group Meeting June 20, 2016 Agenda 1. Welcome, Introductions and Agenda

Community Advisory Group Meeting June 20, 2016 Agenda 1. Welcome, Introductions and Agenda

Community Advisory Group Meeting June 20, 2016 Agenda 1. Welcome, Introductions and Agenda Overview 2. Public Comment (items not on the agenda) 3. CAG Questions and Concerns (items not on the agenda) 4. Labor Issue Update 5. New Generation

1.22k views • 55 slides
Agenda TOSITA Agenda July 15, 2015 9:30 - 10:00: Registration 10:00 -10:10: Welcome- PECO

Agenda TOSITA Agenda July 15, 2015 9:30 - 10:00: Registration 10:00 -10:10: Welcome- PECO

Agenda TOSITA Agenda July 15, 2015 9:30 - 10:00: Registration 10:00 -10:10: Welcome- PECO Perspective Bill Patterer -PECO 10:10- 10:20: Workshop Agenda/ EP-ACT Intro/EV overview Tony Bandiero EP-ACT 10:20- 10:35: EVSEs - What are They?

291 views • 15 slides
Agenda Agenda Linda Rammler, UConn UCEDD (copy from Agenda handout) Fr. John Gallagher,

Agenda Agenda Linda Rammler, UConn UCEDD (copy from Agenda handout) Fr. John Gallagher,

2/21/18 Agenda Agenda Linda Rammler, UConn UCEDD (copy from Agenda handout) Fr. John Gallagher, O.F.M. Cap. (St. Pius X Church) Kim Ranell Newgass (Baptist Church in New Haven) Mary Lou Freitas (Bethany Covenant) Doris

508 views • 5 slides
Mississauga Halton LHIN CSS and MH&A Sector Meeting June 11, 2010 Agenda Agenda Welcome

Mississauga Halton LHIN CSS and MH&A Sector Meeting June 11, 2010 Agenda Agenda Welcome

Mississauga Halton LHIN CSS and MH&A Sector Meeting June 11, 2010 Agenda Agenda Welcome and Agenda Community Care Information Management Program Herb Spence Stakeholder Engagement, HRIS (CCIM) Eugene Cortes - Project Lead,

2.11k views • 122 slides
Welcome June 2020 Agenda I. Welcome and Introductions II. Consent Agenda a. Approval of June

Welcome June 2020 Agenda I. Welcome and Introductions II. Consent Agenda a. Approval of June

Welcome June 2020 Agenda I. Welcome and Introductions II. Consent Agenda a. Approval of June Agenda b. Approval of February minutes c. Women in Jail Research Study III. Old Business a. JRAC Membership b. COVID-19 Strategies and Sustainability

539 views • 26 slides
Todays Agenda Todays Agenda Continued Todays Agenda Continued Save the Date August

Todays Agenda Todays Agenda Continued Todays Agenda Continued Save the Date August

Todays Agenda Todays Agenda Continued Todays Agenda Continued Save the Date August 17 & 18, 2021 10th Annual Nation to Nation Consultation Host: Chickasaw Nation USDA Leadership & Tribal Leaders Oklahoma NRCS

892 views • 65 slides
E-beam and X-ray: Why? What? How? 1 Introduction & Agenda Agenda: We are investing to

E-beam and X-ray: Why? What? How? 1 Introduction & Agenda Agenda: We are investing to

E-beam and X-ray: Why? What? How? 1 Introduction & Agenda Agenda: We are investing to supply and service a growing market E-Beam and X-ray are complementary solution that are financially viable Mevex and IBA are there to help

198 views • 15 slides
Katie Dively, Research Scientist II Agenda Agenda Agenda Agenda Welcome! 7 Step

Katie Dively, Research Scientist II Agenda Agenda Agenda Agenda Welcome! 7 Step

Katie Dively, Research Scientist II Agenda Agenda Agenda Agenda Welcome! 7 Step Communication Process Your Role Next Steps Centers Purpose Centers Purpose Centers Purpose Centers Purpose We are an

744 views • 55 slides
IDN BOF Agenda Harald Alvestrand, chair Agenda - 1 0900: Agenda bash, blue sheet, scribe ! 0910:

IDN BOF Agenda Harald Alvestrand, chair Agenda - 1 0900: Agenda bash, blue sheet, scribe ! 0910:

IDN BOF Agenda Harald Alvestrand, chair Agenda - 1 0900: Agenda bash, blue sheet, scribe ! 0910: Introduction to the IDN revision - John Klensin - An orientation on the main goals of the revision - Explanation of the division of labor between

233 views • 10 slides
#EdSummit @MorenoValleyUSD @BarrCenter 1 Agenda 10:45 Agenda 10:45 - 11:30 am 11:30 am

#EdSummit @MorenoValleyUSD @BarrCenter 1 Agenda 10:45 Agenda 10:45 - 11:30 am 11:30 am

#EdSummit @MorenoValleyUSD @BarrCenter 1 Agenda 10:45 Agenda 10:45 - 11:30 am 11:30 am 10:45 - 10:50 am: Introductions 10:50 - 10:55 am: MVUSD Board President Susan Smith 10:55 - 11:00 am: MVUSD Superintendent Dr. Martinrex Kedziora

408 views • 21 slides
Agenda Item 4: PUBLIC COMMENT Individuals may speak on any topic for up to three minutes; during

Agenda Item 4: PUBLIC COMMENT Individuals may speak on any topic for up to three minutes; during

4/25/19 SA SAN F FRANCISQ SQUITO C CREEK S F C J PA . O R G J O I N T P O W E R S A U T H O R I T Y BOARD OF DIRECTORS MEETING Menlo Park City Council Chambers April 25, 2019 at 2:30 p.m. AGENDA 1. ROLL CALL 2. APPROVAL OF AGENDA 3.

158 views • 15 slides
Toward so)ware engineering in prac0ce Claire Le Goues 15-214 April 27, 2017 1 Learning Goals

Toward so)ware engineering in prac0ce Claire Le Goues 15-214 April 27, 2017 1 Learning Goals

Toward so)ware engineering in prac0ce Claire Le Goues 15-214 April 27, 2017 1 Learning Goals Broad scope of so;ware engineering Importance of nontechnical issues IntroducCon to key challenges 2 So)ware is Everywhere So)ware is

1.01k views • 86 slides
THIS INTERNET OF OURS... Who owns it? Who runs it? Is it democratic? MacSysadmin 2013, 17

THIS INTERNET OF OURS... Who owns it? Who runs it? Is it democratic? MacSysadmin 2013, 17

www.netnod.se THIS INTERNET OF OURS... Who owns it? Who runs it? Is it democratic? MacSysadmin 2013, 17 September 2013, Nurani Nimpuno, Netnod www.netnod.se WHO AM I? Head of Outreach & Communications at Netnod Member of the ISOC-SE

622 views • 49 slides
My life with neutron stars Pawe l Haensel haensel@camk.edu.pl POLNS Conference Warsaw,

My life with neutron stars Pawe l Haensel haensel@camk.edu.pl POLNS Conference Warsaw,

My life with neutron stars Pawe l Haensel haensel@camk.edu.pl POLNS Conference Warsaw, 26-28th March, 2018 Pawe l Haensel (CAMK) My life with neutron stars March 27th, 2018 1 / 11 Introduction The idea of this talk is to briefly

275 views • 11 slides
Languages and dialects ! What's a dialect of a language? ! Dialects of English: Languages,

Languages and dialects ! What's a dialect of a language? ! Dialects of English: Languages,

Languages and dialects ! What's a dialect of a language? ! Dialects of English: Languages, dialects, and power Scots / Scottish English Linguistics 201 African American Vernacular English Guest lecturer: Andrew Weir Cockney April 19,

64 views • 5 slides
Inverse spectral results for Schr odinger operators on the unit interval with partial

Inverse spectral results for Schr odinger operators on the unit interval with partial

Inverse spectral results for Schr odinger operators on the unit interval with partial informations given on the potentials , J. Faupin and T. Raoux L. Amour Abstract We pursue the analysis of the Schr odinger operator on the

467 views • 18 slides
Inverse spectral results in Sobolev spaces for the AKNS operator with partial informations on the

Inverse spectral results in Sobolev spaces for the AKNS operator with partial informations on the

Inverse spectral results in Sobolev spaces for the AKNS operator with partial informations on the potentials L. Amour and J. Faupin , Abstract We consider the AKNS (Ablowitz-Kaup-Newell-Segur) operator on the unit interval with po-

518 views • 9 slides
Submarine cables and installation - Past, present and future technologies for interconnections

Submarine cables and installation - Past, present and future technologies for interconnections

Submarine cables and installation - Past, present and future technologies for interconnections Bjrn Sanden Workshop TGEG19, 27 th June 2019 Safety 2 I Table of content Drivers Cables in a historical perspective Answer to the drivers

645 views • 29 slides
Optim imiz izatio ion Coachin ing for Fork/Join in Applic licatio ions on the Java Vir

Optim imiz izatio ion Coachin ing for Fork/Join in Applic licatio ions on the Java Vir

Optim imiz izatio ion Coachin ing for Fork/Join in Applic licatio ions on the Java Vir irtual l Machin ine Eduardo Eduar do Ros osal ales es Advisor: Prof. Walter Binder Research area: Parallel applications, performance analysis

600 views • 31 slides

More recommend