1 / 17

Advanced Attack Detection and Infrastructure Protection

Advanced Attack Detection and Infrastructure Protection. Sean Ensz OU IT Security Analyst Sallie Wright OSU IT Security Officer Dr. Mark Weiser OSU Director of CTANS. Agenda. Technical Overview – Sean Ensz Production Benefits – Sallie Wright Research Benefits – Dr. Mark Weiser.

trula
Download Presentation

Advanced Attack Detection and Infrastructure Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Attack Detection andInfrastructure Protection Sean Ensz OU IT Security Analyst Sallie Wright OSU IT Security Officer Dr. Mark Weiser OSU Director of CTANS

  2. Agenda • Technical Overview – Sean Ensz • Production Benefits – Sallie Wright • Research Benefits – Dr. Mark Weiser

  3. Technical Overview • Core system based on a Honeynet design • A Honeynet is a network of honeypots • A honeypot is an information system resource whose value lies in illicit use of that resource • A honeypot has no legitimate users • Any traffic going to and from the system in inherently suspicious *Source: www.honeynet.org

  4. Future Improvements • Honeywall • Needs better hardware & network driver support • Beta version to be released today • Host based logging • Currently relies on Sebek • Lacks host log and process tree support • Working with Third Brigade to develop a honeypot version of their product

  5. Production Benefits

  6. 2005 2003-2004 2001-2002 2000 OSU IT Systems Security Evolution Anti-Spam Intrusion Prevention System AIPS Border Firewall IT Security Plan LaBrea Tarpit IT Security Office Policy Focus Central Anti-virus IDS No real security Program WIDE OPEN

  7. AIPS Production Benefits Identification of malicious hosts Ability to block at the border of Oklahoma’s OneNet state-wide network

  8. Collaboration A key benefit is the ability to provide academic programs with tools to research Develop new ways to strengthen overall IT security.

  9. Production Goal To contain and prevent intrusions while providing the data Flow analysis to tune the IT security process.

  10. Research Benefits

  11. How This May Be Extended • Future Research • Related Endeavors

  12. Day Zero Signature Existing Signatures Candidate Detects Day Zero Signature Validation AI/Neural Nets Other Methods HN Design Attacks HN Wild Attacks

  13. MiddleWare Router/ Firewall Honeynet “Solution” Middleware Platform-neutral Solution (file) Router Description / Access Information

  14. Basic Near-Real-Time Activity Detector • Low-cost log gathering w/ local analysis • Central Cumulative Analysis • Trigger points distribute alerts to subscribers

  15. Sean Ensz ensz@ou.edu Sallie Wright sallie.wright@okstate.edu Dr. Mark Weiser weiser@okstate.edu

More Related