SlideShare a Scribd company logo

Infrastructure security & Incident Management

Download as PPTX, PDF
N
nullowaspmumbai

Infrastructure security & Incident Management

Technology
1 of 30
INFRASTRUCTURE SECURITY& INCIDENT MANAGEMENT BY : MOHNISH SINGH
NETWORK SECURITY DEVICE ROLES
FIREWALL  A choke point of control and monitoring  Interconnects networks with differing trust  Imposes restrictions on network services  only authorized traffic is allowed  Auditing and controlling access  can implement alarms for abnormal behaviour  Itself immune to penetration  Provides perimeter defence
STATEFULL FILTERING
ROUTERSAND SWITCHES
802.1x
Load balancer
Load balancer  SLB  Gets user to needed resource:  Server must be available  User’s “session” must not be broken  If user must get to same resource over and over, the SLB device must ensure that happens (ie, session persistence)  In order to do work, SLB must:  Know servers – IP/port, availability  Understand details of some protocols (e.g., FTP, SIP, etc)  Network AddressTranslation, NAT:  Packets are re-written as they pass through SLB device.
Most predominant algoritms: least connections: server with fewest number of flows gets the new flow request. weighted least connections: associate a weight / strength for each server and distribute load across server farm based on the weights of all servers in the farm. round robin: round robin thru the servers in server farm. weighted round robin: give each server ‘weight’ number of flows in a row; weight is set just like it is in weighted least flows. There are other algorithms that look at or try to predict server load in determining the load of the real server. The SLB device can make its load-balancing decisions based on several factors. Some of these factors can be obtained from the packet headers (i.e., IP address, port numbers, etc.). Other factors are obtained by looking at the data beyond the network headers. Examples: HTTP Cookies HTTP URLs SSL Client certificate The decisions can be based strictly on flow counts or they can be based on knowledge of application. For some protocols, like FTP, you have to have knowledge of protocol to correctly load-balance (i.e., control and data connection must go to same physical server).
Web server gateway &WAF Web application firewalls are designed to work on the OSI layer 7 (the application layer).They are fully aware of application layer protocols such as HTTP(S) and SOAP and can analyze those requests in great detail. Compared to a layer 3/4 firewall, rules can be defined to allow/disallow certain HTTP requests like POST, PUSH, OPTIONS, etc., set limits in file transfer size or URL parameter argument length.WAF log files contain as much information as those from a web server plus the policy decisions of the filter rules (e.g. HTTP request blocked; file transfer size limit reached, etc.). AWAF provides a wealth of information for filtering and detection purposes and is thus a good place for the detection of attacks.
If the HTTP traffic is SSL encrypted (HTTPS), the NIDS might not decrypt the traffic; high traffic load can make it difficult to analyze network traffic in real time; NIDS are designed to work on theTCP/IP level (OSI layer3/4), and thus may not be as effective on the HTTP layer; Attackers might use IDS evasion techniques (HTTP,encoding, fragmenting, etc.) which the IDS is not aware of. Snort, the most powerful open source IDS, has over 800 rules for detecting malicious webtraffic (over 400 for PHP alone).With the help of preprocessorlike frag3 (IP defragmentation), stream4 (statefulinspection/stream r eassembly) and http_inspect (normalize anddetect HTTP traffic and protocol ano maly) snort tries to assemble packets and avoid IDS evasion techniques.These hurdles have to be overcome before anything can be detected.
WEB SECURITY GATEWAY sees application layer traffic http request and response Contents and tags involved inside the application cross site scripting identified and stopped by web security gate way
Proxy server According to cooperate policy internal web traffic is redirected through proxy Mode of operation  Transparent – both parties (local/remote) are unaware that the connection is being proxied  Zorp - application layer proxy is transparent  Opaque – the local party must configure client software to use the proxy  client software must be proxy-aware software  Netscape proxy server is opaque  With all of the things modern firewalls can do in the area of redirection you could configure the firewall to redirect all http requests to a proxy  no user configuration required (transparent)
Proxy server works on 4-7 Functions : Monitors at application layer url filtering Content filtering Limit access control on websites Proxy rules denying urls &web site based on categorization A reverse-proxy is a "backwards" proxy-cache server; it's a proxy server that, rather than allowing internal users to access the Internet, lets Internet users indirectly access certain internal servers. The reverse-proxy server is used as an intermediary by Internet users who want to access an internal website, by sending it requests indirectly.With a reverse-proxy, the web server is protected from direct outside attacks, which increases the internal network's strength.What's more, a reverse-proxy's cache function can lower the workload if the server it is assigned to, and for this reason is sometimes called a server accelerator. Finally, with perfected algorithms, the reverse-proxy can distribute the workload by redirecting requests to other, similar servers; this process is called load balancing.
PROXY DIAGRAM
SPAM filters UTM security appliance eg. Websense email gateway Functions:  url inspection  Content inspection  Malware inspection
NIDS & NIPS  IDS see attack paterns and set alarms act as warning system  Uses 1 connection  IPS has the ability to block & stop traffic  Uses 2 connections  NIDS & NIPS sees traffic for subnets
Types of IDS & IPS  Behavior based  Signature based  Anomaly based  Heuristic
PROTOCOLANALYZER  SNIFFERTOOL EG. WIRESHARK PCAP USEDTO DETECT:  FRAGMENTATION  FLOODING  ANALYZING & IDENTIFYING PROTOCOLS INTHE ENVIORNMENT
DLP  DATA LOSS PREVENTION  INTERNAL TRAFFIC CONTAINS CONFEDENTIAL INFORMATION WHICH SHOULD NOT BE ALLOWED TO TRANSMIT OUTSIDE OFTHE ORGANIZATION  DLP CONFIGURED ON INSTANT MESSAGING  USB PORTS DISABLED
SIEM  The process of gathering and maintaining network, system, and application log data is  commonly referred to using several different definitions. It is sometimes defined as  Security Information and Event Management (SIEM), Security Event Management  (SEM), Security Information Management (SIM), systems monitoring, and network  monitoring
Actionable Information First and foremost, for SIEM to be truly useful, only actionable data must be sent onward to system and application administrators or security staff.To make SIEM alerts actionable it must address the “Five W’s”, a basic investigative technique of determining when the event occurred, who was involved, what happened, where did it take place, and why did it happen. The “Five W’s” can be mapped directly to common variables in a security investigation. •When –Time/Date stamp of the event(s) happening •Who – Identifier of the requestor; typically an IP address and/or a username •What – Description of the event (such as a GET or POST to a web server) •Where – System or application that generated the event and where the request originated from •Why –The purpose of the action and typically is what is being investigated
DEVICE SPECIFIC LOG CAPTURE
SIEM SOLUTION RSA SA
Incident Response Life cycle
INCIDENT RESPONSE
Infrastructure security & Incident Management

Recommended

Firewall
FirewallFirewall
FirewallKenny2012
 
Firewall
FirewallFirewall
Firewalltrilokchandra prakash
 
Types of attack
Types of attackTypes of attack
Types of attackRajuPrasad33
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Servervinay arora
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overviewMostafa El Lathy
 
Proxy
ProxyProxy
ProxyTriad Square InfoSec
 
Firewall
FirewallFirewall
FirewallArchanaMani2
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 

Recommended

Firewall
FirewallFirewall
FirewallKenny2012
 
Firewall
FirewallFirewall
Firewalltrilokchandra prakash
 
Types of attack
Types of attackTypes of attack
Types of attackRajuPrasad33
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Servervinay arora
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overviewMostafa El Lathy
 
Proxy
ProxyProxy
ProxyTriad Square InfoSec
 
Firewall
FirewallFirewall
FirewallArchanaMani2
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its ServicesNavdeep Dhingra
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
Web application & proxy server
Web application & proxy serverWeb application & proxy server
Web application & proxy serverMeera Hapaliya
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10koolkampus
 
Firewall
FirewallFirewall
Firewallsyeda zoya mehdi
 
Firewall
FirewallFirewall
FirewallShivank Shah
 
Firewall & Proxy Server
Firewall & Proxy ServerFirewall & Proxy Server
Firewall & Proxy ServerLakshyaArora12
 
Firewalls
FirewallsFirewalls
Firewallsvaishnavi
 
RAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARYRAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARYRazorpoint Security
 
Ch20 book
Ch20 bookCh20 book
Ch20 bookamitnitttr
 
Firewall traversals
Firewall traversalsFirewall traversals
Firewall traversalsKirti Ahirrao
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
Cisco Stealtwatch
Cisco StealtwatchCisco Stealtwatch
Cisco StealtwatchRayudu Babu
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall BharathiKrishna6
 
Meeting 4 : proxy
Meeting 4 : proxyMeeting 4 : proxy
Meeting 4 : proxySyaiful Ahdan
 
Ch18
Ch18Ch18
Ch18Joe Christensen
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
Ch16
Ch16Ch16
Ch16Joe Christensen
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
RubiX ID - SOA Security - Ingrid Cox
RubiX ID - SOA Security - Ingrid CoxRubiX ID - SOA Security - Ingrid Cox
RubiX ID - SOA Security - Ingrid CoxRubiX BV
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
Firewall vpn proxy
Firewall vpn proxyFirewall vpn proxy
Firewall vpn proxySANKET SENAPATI
 

More Related Content

What's hot

Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
Web application & proxy server
Web application & proxy serverWeb application & proxy server
Web application & proxy serverMeera Hapaliya
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10koolkampus
 
Firewall & Proxy Server
Firewall & Proxy ServerFirewall & Proxy Server
Firewall & Proxy ServerLakshyaArora12
 
Cisco Stealtwatch
Cisco StealtwatchCisco Stealtwatch
Cisco StealtwatchRayudu Babu
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall BharathiKrishna6
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
RubiX ID - SOA Security - Ingrid Cox
RubiX ID - SOA Security - Ingrid CoxRubiX ID - SOA Security - Ingrid Cox
RubiX ID - SOA Security - Ingrid CoxRubiX BV
 

What's hot (20)

Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its Services
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
 
Web application & proxy server
Web application & proxy serverWeb application & proxy server
Web application & proxy server
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall & Proxy Server
Firewall & Proxy ServerFirewall & Proxy Server
Firewall & Proxy Server
 
Firewalls
FirewallsFirewalls
Firewalls
 
RAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARYRAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARY
 
Ch20 book
Ch20 bookCh20 book
Ch20 book
 
Firewall traversals
Firewall traversalsFirewall traversals
Firewall traversals
 
Firewall
FirewallFirewall
Firewall
 
Cisco Stealtwatch
Cisco StealtwatchCisco Stealtwatch
Cisco Stealtwatch
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
 
Meeting 4 : proxy
Meeting 4 : proxyMeeting 4 : proxy
Meeting 4 : proxy
 
Ch18
Ch18Ch18
Ch18
 
Firewalls
FirewallsFirewalls
Firewalls
 
Ch16
Ch16Ch16
Ch16
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
 
RubiX ID - SOA Security - Ingrid Cox
RubiX ID - SOA Security - Ingrid CoxRubiX ID - SOA Security - Ingrid Cox
RubiX ID - SOA Security - Ingrid Cox
 

Similar to Infrastructure security & Incident Management

Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxsaad504633
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
Firewall
FirewallFirewall
FirewallMuuluu
 
UNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesUNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesArnav Chowdhury
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptAkshitRana31
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Cloud Computing Assignment 3
Cloud Computing Assignment 3Cloud Computing Assignment 3
Cloud Computing Assignment 3Gurpreet singh
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionAustina Francis
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].pptBachaSirata
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation SecurityAman Singh
 

Similar to Infrastructure security & Incident Management (20)

Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
 
Firewall vpn proxy
Firewall vpn proxyFirewall vpn proxy
Firewall vpn proxy
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptx
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptx
 
Firewall
FirewallFirewall
Firewall
 
UNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesUNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement Strategies
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.ppt
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Cloud Computing Assignment 3
Cloud Computing Assignment 3Cloud Computing Assignment 3
Cloud Computing Assignment 3
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protection
 
Firewall
FirewallFirewall
Firewall
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].ppt
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Day4
Day4Day4
Day4
 
Advance Technology
Advance TechnologyAdvance Technology
Advance Technology
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final ppt
 
Network security
Network securityNetwork security
Network security
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation Security
 

More from nullowaspmumbai

ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics nullowaspmumbai
 
Internet censorship circumvention techniques
Internet censorship circumvention techniquesInternet censorship circumvention techniques
Internet censorship circumvention techniquesnullowaspmumbai
 
Adversarial machine learning updated
Adversarial machine learning updatedAdversarial machine learning updated
Adversarial machine learning updatednullowaspmumbai
 
Adversarial machine learning
Adversarial machine learning Adversarial machine learning
Adversarial machine learning nullowaspmumbai
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool nullowaspmumbai
 
Ganesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsGanesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsnullowaspmumbai
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Dasnullowaspmumbai
 

More from nullowaspmumbai (20)

Xxe
XxeXxe
Xxe
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics
 
Switch security
Switch securitySwitch security
Switch security
 
Radio hacking - Part 1
Radio hacking - Part 1 Radio hacking - Part 1
Radio hacking - Part 1
 
How I got my First CVE
How I got my First CVE How I got my First CVE
How I got my First CVE
 
Power forensics
Power forensicsPower forensics
Power forensics
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
 
Internet censorship circumvention techniques
Internet censorship circumvention techniquesInternet censorship circumvention techniques
Internet censorship circumvention techniques
 
How i got my first cve
How i got my first cveHow i got my first cve
How i got my first cve
 
Adversarial machine learning updated
Adversarial machine learning updatedAdversarial machine learning updated
Adversarial machine learning updated
 
Commix
Commix Commix
Commix
 
Adversarial machine learning
Adversarial machine learning Adversarial machine learning
Adversarial machine learning
 
Dll Hijacking
Dll Hijacking Dll Hijacking
Dll Hijacking
 
Abusing Target
Abusing Target Abusing Target
Abusing Target
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
 
Ganesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsGanesh naik linux_kernel_internals
Ganesh naik linux_kernel_internals
 
Buffer overflow null
Buffer overflow nullBuffer overflow null
Buffer overflow null
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat DasNull Mumbai Meet_Android Reverse Engineering by Samrat Das
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
 

Recently uploaded

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 

Infrastructure security & Incident Management

  • 3. FIREWALL  A choke point of control and monitoring  Interconnects networks with differing trust  Imposes restrictions on network services  only authorized traffic is allowed  Auditing and controlling access  can implement alarms for abnormal behaviour  Itself immune to penetration  Provides perimeter defence
  • 8. Load balancer  SLB  Gets user to needed resource:  Server must be available  User’s “session” must not be broken  If user must get to same resource over and over, the SLB device must ensure that happens (ie, session persistence)  In order to do work, SLB must:  Know servers – IP/port, availability  Understand details of some protocols (e.g., FTP, SIP, etc)  Network AddressTranslation, NAT:  Packets are re-written as they pass through SLB device.
  • 9. Most predominant algoritms: least connections: server with fewest number of flows gets the new flow request. weighted least connections: associate a weight / strength for each server and distribute load across server farm based on the weights of all servers in the farm. round robin: round robin thru the servers in server farm. weighted round robin: give each server ‘weight’ number of flows in a row; weight is set just like it is in weighted least flows. There are other algorithms that look at or try to predict server load in determining the load of the real server. The SLB device can make its load-balancing decisions based on several factors. Some of these factors can be obtained from the packet headers (i.e., IP address, port numbers, etc.). Other factors are obtained by looking at the data beyond the network headers. Examples: HTTP Cookies HTTP URLs SSL Client certificate The decisions can be based strictly on flow counts or they can be based on knowledge of application. For some protocols, like FTP, you have to have knowledge of protocol to correctly load-balance (i.e., control and data connection must go to same physical server).
  • 10. Web server gateway &WAF Web application firewalls are designed to work on the OSI layer 7 (the application layer).They are fully aware of application layer protocols such as HTTP(S) and SOAP and can analyze those requests in great detail. Compared to a layer 3/4 firewall, rules can be defined to allow/disallow certain HTTP requests like POST, PUSH, OPTIONS, etc., set limits in file transfer size or URL parameter argument length.WAF log files contain as much information as those from a web server plus the policy decisions of the filter rules (e.g. HTTP request blocked; file transfer size limit reached, etc.). AWAF provides a wealth of information for filtering and detection purposes and is thus a good place for the detection of attacks.
  • 11. If the HTTP traffic is SSL encrypted (HTTPS), the NIDS might not decrypt the traffic; high traffic load can make it difficult to analyze network traffic in real time; NIDS are designed to work on theTCP/IP level (OSI layer3/4), and thus may not be as effective on the HTTP layer; Attackers might use IDS evasion techniques (HTTP,encoding, fragmenting, etc.) which the IDS is not aware of. Snort, the most powerful open source IDS, has over 800 rules for detecting malicious webtraffic (over 400 for PHP alone).With the help of preprocessorlike frag3 (IP defragmentation), stream4 (statefulinspection/stream r eassembly) and http_inspect (normalize anddetect HTTP traffic and protocol ano maly) snort tries to assemble packets and avoid IDS evasion techniques.These hurdles have to be overcome before anything can be detected.
  • 12. WEB SECURITY GATEWAY sees application layer traffic http request and response Contents and tags involved inside the application cross site scripting identified and stopped by web security gate way
  • 13.
  • 14. Proxy server According to cooperate policy internal web traffic is redirected through proxy Mode of operation  Transparent – both parties (local/remote) are unaware that the connection is being proxied  Zorp - application layer proxy is transparent  Opaque – the local party must configure client software to use the proxy  client software must be proxy-aware software  Netscape proxy server is opaque  With all of the things modern firewalls can do in the area of redirection you could configure the firewall to redirect all http requests to a proxy  no user configuration required (transparent)
  • 15. Proxy server works on 4-7 Functions : Monitors at application layer url filtering Content filtering Limit access control on websites Proxy rules denying urls &web site based on categorization A reverse-proxy is a "backwards" proxy-cache server; it's a proxy server that, rather than allowing internal users to access the Internet, lets Internet users indirectly access certain internal servers. The reverse-proxy server is used as an intermediary by Internet users who want to access an internal website, by sending it requests indirectly.With a reverse-proxy, the web server is protected from direct outside attacks, which increases the internal network's strength.What's more, a reverse-proxy's cache function can lower the workload if the server it is assigned to, and for this reason is sometimes called a server accelerator. Finally, with perfected algorithms, the reverse-proxy can distribute the workload by redirecting requests to other, similar servers; this process is called load balancing.
  • 17. SPAM filters UTM security appliance eg. Websense email gateway Functions:  url inspection  Content inspection  Malware inspection
  • 18. NIDS & NIPS  IDS see attack paterns and set alarms act as warning system  Uses 1 connection  IPS has the ability to block & stop traffic  Uses 2 connections  NIDS & NIPS sees traffic for subnets
  • 19. Types of IDS & IPS  Behavior based  Signature based  Anomaly based  Heuristic
  • 20.
  • 21.
  • 22. PROTOCOLANALYZER  SNIFFERTOOL EG. WIRESHARK PCAP USEDTO DETECT:  FRAGMENTATION  FLOODING  ANALYZING & IDENTIFYING PROTOCOLS INTHE ENVIORNMENT
  • 23. DLP  DATA LOSS PREVENTION  INTERNAL TRAFFIC CONTAINS CONFEDENTIAL INFORMATION WHICH SHOULD NOT BE ALLOWED TO TRANSMIT OUTSIDE OFTHE ORGANIZATION  DLP CONFIGURED ON INSTANT MESSAGING  USB PORTS DISABLED
  • 24. SIEM  The process of gathering and maintaining network, system, and application log data is  commonly referred to using several different definitions. It is sometimes defined as  Security Information and Event Management (SIEM), Security Event Management  (SEM), Security Information Management (SIM), systems monitoring, and network  monitoring
  • 25. Actionable Information First and foremost, for SIEM to be truly useful, only actionable data must be sent onward to system and application administrators or security staff.To make SIEM alerts actionable it must address the “Five W’s”, a basic investigative technique of determining when the event occurred, who was involved, what happened, where did it take place, and why did it happen. The “Five W’s” can be mapped directly to common variables in a security investigation. •When –Time/Date stamp of the event(s) happening •Who – Identifier of the requestor; typically an IP address and/or a username •What – Description of the event (such as a GET or POST to a web server) •Where – System or application that generated the event and where the request originated from •Why –The purpose of the action and typically is what is being investigated

Editor's Notes

  1. Scale applications / services Ease of administration / maintenance Easily and transparently remove physical servers from rotation in order to perform any type of maintenance on that server. Resource sharing Can run multiple instances of an application / service on a server; could be running on a different port for each instance; can load-balance to different port based on data analyzed.