ist africa talk slides
play

IST-Africa Talk Slides Conference Paper May 2016 CITATIONS READS - PDF document

Nov 19, 2022 •145 likes •389 views

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/303210806 IST-Africa Talk Slides Conference Paper May 2016 CITATIONS READS 0 122 3 authors , including: Victor R Kebande Nickson

  1. See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/303210806 IST-Africa Talk Slides Conference Paper · May 2016 CITATIONS READS 0 122 3 authors , including: Victor R Kebande Nickson M Karie Malmö University Edith Cowan University 74 PUBLICATIONS 458 CITATIONS 40 PUBLICATIONS 176 CITATIONS SEE PROFILE SEE PROFILE Some of the authors of this publication are also working on these related projects: Social Engineering: Defining the field from Both an Attack and Defence Perspective View project Proactive and Reactive Digital Forensic Technologies View project All content following this page was uploaded by Victor R Kebande on 15 May 2016. The user has requested enhancement of the downloaded file.

  2. Generic Digital Forensic Readiness Model for BYOD using Honeypot Technology Victor R. Kebande Nickson M. Karie, H.S. Venter Information & Computer Security Architecture Research(ICSA) Lab 1 vickkebande@gmail.com , 2 menza06@hotmail.com 2016, Durban, South Africa 11th-13 th May

  3. Introduction The proliferation and mobility trends of digital devices has seen a significant realization of Bring Your Own Device (BYOD) which is a phenomenon that allows employees in an organizational enterprise network to access computing resources through their personal mobile devices irrespective of the location.

  4. Cost-Effectiveness of BYOD • Increased accessibility of personal digital devices in daily business activities. • Reduced hardware maintenance and spending • Reduced software licensing device maintenance ***IT self-sufficiency and comfortability among employees. ***

  5. BYOD Projections & Predictions • International Data Corporation (IDC) -- of the 480 million devices that will be shipped in 2016, 65 per cent will be used by BYOD for enterprise mobility . • Gartner- half of the world’s companies will enforce BYOD by 2017 and companies will no longer provide computing devices to employees. • Juniper Research -employee-owned devices as part of BYOD will increase to a scale of one billion globally by 2018, although same research shows that 80% of the consumer and these devices will remain unprotected

  6. Shortcomings • The development of this technology faces security challenges due to lack of a proactive security model with Digital Forensic capability that is able to plan and prepare before Potential Security Incidents occur in an organization that has enforced BYOD

  7. DF & DFR • DF-science of Investigation (Reactive) • scientifically proven methods to acquire, examine, identify, analyse and present digital evidence from digital sources that may have reliable information to prove or disprove a hypothesis about a security incident. • Forensics has a legal connotation • DFR-Incident Preparedness(Proactive) • capability of achieving preparedness by a way of maximizing an environment’s ability to collect digital evidence while minimizing the cost of conducting a Digital Forensic Investigation (DFI) during post-event response

  8. So How can we achieve DFR ?

  9. • Define the business scenarios • Determine the Evidence Collection Requirement • Collecting and retaining credible information • Planning the Response; • Protecting the Evidence • Accelerate Investigation

  10. ISO/IEC 27043: 2015 • Standard covers information technology, security techniques, incident investigation principles and processes.(Proposed in ICSA Lab) • is an umbrella standard for high-level concepts of DF investigation.

  11. Classes of Digital investigations Readiness process class Initialization process class Concurrent process class Acquisitive process class Investigative process class

  12. Honeypot • Decoy that is put on a network to lure attackers. • Delude attackers who are trying to intrude a network into having to trust it is a legitimate system running full services. • Communicating network of honeypot builds a Honeynet. • information that is related to the attack is collected as an activity which may be used to reconstruct the events if there is need for an investigation.

  13. Proposed DFRM-4-BYOD Model The model is meant to harvest, digitally preserve potential digital evidence based on the digital forensic readiness processes and guidelines that have been highlighted in the ISO/IEC 27043: 2015 standard.

  14. Proposed DFRM-4-BYOD Model • Uses Honeypot as a Forensic Agent that can collect PDE that can be used as admissible evidence in creating a hypothesis that can be used to prove or disprove an incident in a court of law.

  15. High-level View

  16. BYOD Management • BYOD Management-Lay what an organization aims to protect and how control of applications will be done. • BYOD Technology - Represents different techniques on how the BYOD devices are registered, configured, controlled and managed . • Honeyd Agent - Honeyed agent is the honeypot technology that is used to (Delude) & capture the PDE from potential attackers . • People - Users of BYOD devices • Forensic Readiness - Proactive • Digital Forensic Readiness - Reactive

  17. Detailed DFRM-4-BYOD • Detailed DFRM- 4 -BYOD

  18. BYOD Management • Provisioning control services • control, configure and provide services within an organization • authorized to run a service using a specific device that is connected to BYOD network • administrators are able to exercise rights over all aspects of BYOD devices • trusted platform is set for user’s activity to be monitored based on legal considerations

  19. BYOD Technology • Fine grained BYOD policies • pre-incident planning • Honeyed Agent and • DFR process

  20. Forensic Readiness • Monitoring, • Honeyed logging, • Digital preservation • Forensic database. (The general information collected through these logs include: Packet destination, IP address, source, arrival time, protocol used, OS and biometrics used in case.)

  21. Digital Forensic Investigation • Initialization • acquisitive • investigative processes

  22. Sequences of Execution in BYOD Environment

  23. Conclusion • lack of a proactive security model with DF capability that is able to plan and prepare before potential security incidents occurs in BYOD environment. • Authors proposed a generic model with a DFR capability in a BYOD environment that contributes to the body of knowledge . View publication stats View publication stats

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ndwakhulu Mukhufhi CEO Outline of Talk Africa Continent of Wonders (+ve & ve)

Ndwakhulu Mukhufhi CEO Outline of Talk Africa Continent of Wonders (+ve & ve)

Ndwakhulu Mukhufhi CEO Outline of Talk Africa Continent of Wonders (+ve & ve) Challenges in Emerging Economies The Intra African System of Metrology The CIPM MRA in Africa What is Needed to grow Metrology? Africa,

513 views • 34 slides
Unified memory Talk outline [28 slides] GPGPU 2015: High Performance Computing with CUDA

Unified memory Talk outline [28 slides] GPGPU 2015: High Performance Computing with CUDA

Unified memory Talk outline [28 slides] GPGPU 2015: High Performance Computing with CUDA University of Cape Town (South Africa), April, 20 th -24 th , 2015 1. State of art of technology [12] 2. Programming with unified memory [4] 3. Examples

544 views • 9 slides
The Greatest Challenge Joachim Parrow Bertinoro 2014 The slides for this talk is a subset of the

The Greatest Challenge Joachim Parrow Bertinoro 2014 The slides for this talk is a subset of the

The Greatest Challenge Joachim Parrow Bertinoro 2014 The slides for this talk is a subset of the slides for my invited talk at Discotec 2014. I here include all of them. onsdag 18 juni 14 The Right Stuff - failure is not an option This is a

1.36k views • 73 slides
Welcome! Thanks for coming to my poster talk! You can either go through the slides like

Welcome! Thanks for coming to my poster talk! You can either go through the slides like

The facial weak order in hyperplane arrangements Aram Dermenjian (York Uni) , Christophe Hohlweg (LaCIM), Thomas McConville (UNC), Vincent Pilaud (LIX) Welcome! Thanks for coming to my poster talk! You can either go through the slides like

239 views • 11 slides
Q: How does the internet work? by @cba (slides for a talk given to hackbright on 3/16/16) Bare

Q: How does the internet work? by @cba (slides for a talk given to hackbright on 3/16/16) Bare

Q: How does the internet work? by @cba (slides for a talk given to hackbright on 3/16/16) Bare bones: how can we send a message between two computers connected by a metal wire? digital signals 0 11 0 11 0 frame =datagram = packet

805 views • 48 slides
REGIONAL SPOTLIGHT: AFRICA 13th November 2017 Introduction to Africa 3 Introduction Africa:

REGIONAL SPOTLIGHT: AFRICA 13th November 2017 Introduction to Africa 3 Introduction Africa:

REGIONAL SPOTLIGHT: AFRICA 13th November 2017 Introduction to Africa 3 Introduction Africa: Key Facts 54 Countries Key Regions North Africa West Africa South Africa East Africa The East African Community (EAC) is

302 views • 15 slides
Official Sensitive Contents 1. Energy Africa: What? 2. Energy Africa: Why? 3. Energy Africa:

Official Sensitive Contents 1. Energy Africa: What? 2. Energy Africa: Why? 3. Energy Africa:

1 Official Sensitive Contents 1. Energy Africa: What? 2. Energy Africa: Why? 3. Energy Africa: How? 4. Energy Africa: Compact Case Study 5. Energy Africa: Next Steps 2 3 Eergy Afria is A strategic DFID initiative to accelerate the

140 views • 12 slides
My presentation AB123C Outline Talk about giving a talk A tool to plan and hold

My presentation AB123C Outline Talk about giving a talk A tool to plan and hold

My presentation AB123C Outline Talk about giving a talk A tool to plan and hold presentations: AB123C The blackboard vs. slides The talk A mathematical talk is a presentation of your results in oral form Very different from

320 views • 21 slides
This talk These slides are a compendium of individual topics relevant for input to further

This talk These slides are a compendium of individual topics relevant for input to further

Rucio Concepts and principles Rob Gardner, Benedikt Riedel Mario Lassnig University of Chicago CERN Open Science Grid Blueprint December 8, 2017 This talk These slides are a compendium of individual topics relevant for input to further

575 views • 22 slides
Slides for Talk D:\Sync WritingEcon Trips Humor\Multi Person Adjustment Theory With

Slides for Talk D:\Sync WritingEcon Trips Humor\Multi Person Adjustment Theory With

Slides for Talk D:\Sync WritingEcon Trips Humor\Multi Person Adjustment Theory With Externatilities 12x09\Materials for Talk started 3x11x10\ 03/11/10 08:04 AM 1 Slides for Talk D:\Sync WritingEcon Trips Humor\Multi Person Adjustment Theory

279 views • 8 slides
I. Introduction Highly parallel Graphics computing GPU (Parallel computing) 4 cores 512

I. Introduction Highly parallel Graphics computing GPU (Parallel computing) 4 cores 512

Talk outline [25 slides ] Medical Image Analysis on GPUs: 1. Introduction [2 slides] Challenges and Future Trends 2. Programming GPUs: OpenACC/CUDA [8 slides] 3. Hardware designs: Kepler/Echelon [14 slides] 4. Conclusions [1 slide] Manuel

241 views • 8 slides
LESSONS FROM AFRICA Annette N. Brown www.3ieimpact.org Outline of talk What is impact

LESSONS FROM AFRICA Annette N. Brown www.3ieimpact.org Outline of talk What is impact

2012 AFDB Evaluation Week: Evaluation for Development IMPACT EVALUATION: LESSONS FROM AFRICA Annette N. Brown www.3ieimpact.org Outline of talk What is impact evaluation Colin Powells rules redux: rules for good impact evaluation

641 views • 28 slides
Todays Plan Professional Communication in Computer Science Motivation. Giving a scientific

Todays Plan Professional Communication in Computer Science Motivation. Giving a scientific

Scientific talk Scientific talk Using slides Using slides The show The show Todays Plan Professional Communication in Computer Science Motivation. Giving a scientific talk Organizing your ideas, structure of a talk. Preparation and

339 views • 7 slides
Africa Chapte Chapters 21, 22, 23, rs 21, 22, 23, & 24 & 24 Africa (Chp 21, 22, 23,

Africa Chapte Chapters 21, 22, 23, rs 21, 22, 23, & 24 & 24 Africa (Chp 21, 22, 23,

Africa Chapte Chapters 21, 22, 23, rs 21, 22, 23, & 24 & 24 Africa (Chp 21, 22, 23, and 24) 2 Africa (Chp 21, 22, 23, and 24) 3 Modern Language Families Of Africa Africa (Chp 21, 22, 23, and 24) 4 North Africa North

1.99k views • 100 slides
2019 GKHA regional slides presentations AFRICA Slide 1: <opening slide> Slide 2:

2019 GKHA regional slides presentations AFRICA Slide 1: <opening slide> Slide 2:

2019 GKHA regional slides presentations AFRICA Slide 1: <opening slide> Slide 2: Overview of presentation o Aim of GKHA o Methods (desk research and survey) o Key Results o Summary and implications Slide 3: The impetus for the

350 views • 11 slides
2019 GKHA REGIONAL SLIDES PRESENTATIONS AFRICA SLIDE 1: <opening slide> SLIDE 2:

2019 GKHA REGIONAL SLIDES PRESENTATIONS AFRICA SLIDE 1: <opening slide> SLIDE 2:

2019 GKHA REGIONAL SLIDES PRESENTATIONS AFRICA SLIDE 1: <opening slide> SLIDE 2: Overview of presentation o Aim of GKHA o Methods (desk research and survey) o Key Results o Summary and implications SLIDE 3: The impetus for the

409 views • 14 slides
HoneydV6 A low-interaction IPv6 honeypot Sven Schindler Potsdam University Institute for

HoneydV6 A low-interaction IPv6 honeypot Sven Schindler Potsdam University Institute for

HoneydV6 A low-interaction IPv6 honeypot Sven Schindler Potsdam University Institute for Computer Science Operating Systems and Distributed Systems Reykjavk, July 29, 2013 Outline 1 Introduction 2 An IPv6 darknet experiment HoneydV6 -

890 views • 31 slides
A Proposal for Securing a Large-Scale High-Interaction Honeypot J. Briffaut J.-F. Lalande

A Proposal for Securing a Large-Scale High-Interaction Honeypot J. Briffaut J.-F. Lalande

Honeypots architecture Security Properties Statistical results Conclusion A Proposal for Securing a Large-Scale High-Interaction Honeypot J. Briffaut J.-F. Lalande C. Toinard LIFO Universit dOrlans ENSI de Bourges SHPCS08,

401 views • 19 slides
INTELLIGENT HONEYNET ACTIONABLE INFORMATION FROM HONEYPOTS INTELLIGENT HONEYNET ACTIONABLE

INTELLIGENT HONEYNET ACTIONABLE INFORMATION FROM HONEYPOTS INTELLIGENT HONEYNET ACTIONABLE

INTELLIGENT HONEYNET ACTIONABLE INFORMATION FROM HONEYPOTS INTELLIGENT HONEYNET ACTIONABLE INFORMATION FROM HONEYPOTS JOSH PYORRE Security Researcher Threat Analyst at NASA Threat Analyst at Mandiant @joshpyorre HONEYPOTS CURRENTLY IN USE

1.25k views • 96 slides
Anti-Honeypot Technology Thorsten Holz Laboratory for Dependable Distributed Systems

Anti-Honeypot Technology Thorsten Holz Laboratory for Dependable Distributed Systems

Dependable Distributed Systems Anti-Honeypot Technology Thorsten Holz Laboratory for Dependable Distributed Systems holz@i4.informatik.rwth-aachen.de Thorsten Holz Laboratory for Dependable Distributed Systems 21st Chaos Communication

576 views • 57 slides
Network reconnaissance and IDS CS642: Computer Security

Network reconnaissance and IDS CS642: Computer Security

Network reconnaissance and IDS CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of

701 views • 44 slides
Picviz finding a needle in a haystack Sbastien Tricaud INL Usenix, San Diego 2008 Sbastien

Picviz finding a needle in a haystack Sbastien Tricaud INL Usenix, San Diego 2008 Sbastien

Picviz finding a needle in a haystack Sbastien Tricaud INL Usenix, San Diego 2008 Sbastien Tricaud (INL) Picviz finding a needle in a haystack Usenix, San Diego 2008 1 / 47 Speaker: Sebastien Tricaud I Live and work in Paris (FR)

601 views • 48 slides
Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to

Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to

Benjamin Braun, Klemens Mang Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to detect attackers accessing your service? How to analyze attack patterns? How to detect yet unknown attack

246 views • 13 slides
A Security Enforcement Kernel for OpenFlow Networks HotSDN 2012 Phillip Porras, Vinod Yegneswaran

A Security Enforcement Kernel for OpenFlow Networks HotSDN 2012 Phillip Porras, Vinod Yegneswaran

A Security Enforcement Kernel for OpenFlow Networks HotSDN 2012 Phillip Porras, Vinod Yegneswaran , Martin Fong, Mabry Tyson (SRI International) Seungwon Shin, Guofei Gu (Texas A&M University) Classic Network Perimeter Defense Security

207 views • 20 slides

More recommend