SlideShare ist ein Scribd-Unternehmen logo

FIST Enero/Madrid 2008

Conferencias FIST
Conferencias FIST

The document summarizes a presentation on network forensics and lessons learned from the July 2007 London attacks. The presentation covered early adoption of firewalls and DMZs, intrusion prevention systems, the use of fingerprints and DNA in forensics, the 2004 Madrid train bombings and 2005 London bombings. It discussed the police investigation into the London attacks including identifying suspects from CCTV footage and a practice run captured on video. The presentation proposed the use of network monitoring tools as a forensic technique and discussed challenges of detecting slow scan attacks and those using random ports or covert channels.

Technologie
1 von 23
Downloaden Sie, um offline zu lesen
Conferencia FIST Enero/Madrid 2008 @ Sponsored by: Network Forensics and Lessons Learnt from the July 07 London Attacks Geoff Harris Alderbridge Consulting Ltd geoff.harris@alderbridge.com www.alderbridge.com 0044 1423 321900
About the Author Background in Military Communications Design CEO Alderbridge Consulting formed 1997 ISSA-UK President UK Government CLAS Consultant CISSP, ITPC, BSc, DipEE, C.Eng 2
3
4
Early Firewall Adoption 5
DMZs & De-Perimeterisation 6
An early Intrusion Prevention System – Is IDS dead? 7
Forensics – fingerprints & DNA Edward Henry appointed as Assistant Commissioner of Police at New Scotland Yard and began to introduce his fingerprint system. The first British court conviction by fingerprints in 1902 8
11 March 2004 – Madrid Train Bombings 10 explosions on 4 commuter trains (cercanías) killing 191 people and wounding 1,755 9
7 July 2005 - London 3 tube explosions and 1 bus explosion Entire London Underground system shut down 10
Post 7 July 2005 – London Investigations 12 July 2005 Idenitifed three suspects from CCTV footage, a missing person's report and documents found in the debris at each bomb site. Luton railways station is closed as police investigate a car parked there and believed to be associated with the suspects caught on CCTV cameras. 11
The Dummy Run “Police trawl through 80,000 CCTV tapes” “Ten weeks after the attacks, CCTV footage was released of three of the bombers setting out on a "practice run". Mohammad Sidique Khan, Germaine Lindsay and Shehzad Tanweer - but not Hasib Hussain - met at Luton station at around 0810 BST on June 28. 12
The Dummy Run Video cameras showed them buying tickets before they boarded a train to King's Cross, where they arrived at 0855 and made their way to the Underground network. Police said they were seen at Baker Street at midday before they returned to King's Cross at 1250, arriving back in Luton 50 minutes later. 13
Detecting The IT Network Attack • Firewall logs • System Logs • IDS – Host IDS & Network IDS • Correlation of events – SEM tools Management Overhead - MSS 14
Hiding In The Noise • The Slow Scan • Random Ports – Random Port Hopping • Trojan/Covert channels over well used ports • The outgoing IRC, http, https threat 15
“Network CCTV” as a Forensic Tool Commonly Used Existing Sniffing Products Microsoft Net Mon NAI Sniffer Ethereal Problem – the ability to capture the moment of attack at the right time and understand what lead up to the attack 16
“Network CCTV” as a Forensic Tool For the IDS & Network CCTV - NIKSUN NetDetector Other products such as NetIntercept 17
“Network CCTV” as a Forensic Tool Manchester Leeds Internet WAN London - HQ Web Mail VPN Server Server Gateway Stealth Monitoring LAN (RESTRICTE D) Server Server (RESTRICTE D) Central Security Server (UNCLASSIFIED) Security LAN Trusted LAN (UNCLASSIFIED) Trusted LAN (RESTRICTED) (RESTRICTED) Netw ork IDS Sensor Proposed Netw ork Recorder 18
Hiding In The Noise 19
Network Packet Decode 20
Summary • CCTV in UK has been highly successful • Social issues – invasion of privacy • “Network CCTV” is very powerful as a forensic tool • Employee and citizen rights here too • Threat to corporate and government networks due to terrorism and espionage continues to grow 21
Creative Commons Attribution-ShareAlike 2.0 You are free: •to copy, distribute, display, and perform this work •to make commercial use of this work Under the following conditions: Attribution. You must give the original author credit. Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-ShareAlike License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. 22
www.fistconference.org @ with the sponsorship of: Geoff Harris Alderbridge Consulting Ltd geoff.harris@alderbridge.com www.alderbridge.com 0044 1423 321900 23

Empfohlen

Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Network forensics - Follow the Bad Rabbit down the wire
Network forensics - Follow the Bad Rabbit down the wireNetwork forensics - Follow the Bad Rabbit down the wire
Network forensics - Follow the Bad Rabbit down the wirecasheeew
 
Network forensics1
Network forensics1Network forensics1
Network forensics1Santosh Khadsare
 
Matthias Vallentin - Towards Interactive Network Forensics and Incident Respo...
Matthias Vallentin - Towards Interactive Network Forensics and Incident Respo...Matthias Vallentin - Towards Interactive Network Forensics and Incident Respo...
Matthias Vallentin - Towards Interactive Network Forensics and Incident Respo...boundary_slides
 
Lec 1 apln security(4pd)
Lec 1 apln security(4pd)Lec 1 apln security(4pd)
Lec 1 apln security(4pd)Santosh Khadsare
 
Network Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques WorkshopNetwork Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques WorkshopPriyanka Aash
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network ForensicsSavvius, Inc
 
Network Forensic
Network ForensicNetwork Forensic
Network ForensicSujeet Kumar
 

Empfohlen

Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Network forensics - Follow the Bad Rabbit down the wire
Network forensics - Follow the Bad Rabbit down the wireNetwork forensics - Follow the Bad Rabbit down the wire
Network forensics - Follow the Bad Rabbit down the wirecasheeew
 
Network forensics1
Network forensics1Network forensics1
Network forensics1Santosh Khadsare
 
Matthias Vallentin - Towards Interactive Network Forensics and Incident Respo...
Matthias Vallentin - Towards Interactive Network Forensics and Incident Respo...Matthias Vallentin - Towards Interactive Network Forensics and Incident Respo...
Matthias Vallentin - Towards Interactive Network Forensics and Incident Respo...boundary_slides
 
Lec 1 apln security(4pd)
Lec 1 apln security(4pd)Lec 1 apln security(4pd)
Lec 1 apln security(4pd)Santosh Khadsare
 
Network Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques WorkshopNetwork Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques WorkshopPriyanka Aash
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network ForensicsSavvius, Inc
 
Network Forensic
Network ForensicNetwork Forensic
Network ForensicSujeet Kumar
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scopeINSIGHT FORENSIC
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Blug Talk
Blug TalkBlug Talk
Blug Talkguestb9d7f98
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisManjushree Mashal
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systemsijsrd.com
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
Defining Cyber Crime
Defining Cyber CrimeDefining Cyber Crime
Defining Cyber CrimeShenick Network Systems
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensicsSreekanth Narendran
 
Introduction of cryptography and network security
Introduction of cryptography and network securityIntroduction of cryptography and network security
Introduction of cryptography and network securityNEHA PATEL
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GSavvius, Inc
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community
 
Digital forensic
Digital forensicDigital forensic
Digital forensicChandan Sah
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
online investigation
online investigationonline investigation
online investigationfortune777
 
Multilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsMultilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsNasir Bhutta
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionJosh Sokol
 
M dgx mde0mdm=
M dgx mde0mdm=M dgx mde0mdm=
M dgx mde0mdm=International Journal of Science and Research (IJSR)
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Network Forensics
Network ForensicsNetwork Forensics
Network ForensicsAndrea Lazzarotto
 

Weitere ähnliche Inhalte

Was ist angesagt?

(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scopeINSIGHT FORENSIC
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisManjushree Mashal
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systemsijsrd.com
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
 
Introduction of cryptography and network security
Introduction of cryptography and network securityIntroduction of cryptography and network security
Introduction of cryptography and network securityNEHA PATEL
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GSavvius, Inc
 
Digital forensic
Digital forensicDigital forensic
Digital forensicChandan Sah
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
online investigation
online investigationonline investigation
online investigationfortune777
 
Multilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsMultilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsNasir Bhutta
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionJosh Sokol
 

Was ist angesagt? (20)

(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Blug Talk
Blug TalkBlug Talk
Blug Talk
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and Analysis
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systems
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
 
Defining Cyber Crime
Defining Cyber CrimeDefining Cyber Crime
Defining Cyber Crime
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensics
 
Introduction of cryptography and network security
Introduction of cryptography and network securityIntroduction of cryptography and network security
Introduction of cryptography and network security
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10G
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
 
online investigation
online investigationonline investigation
online investigation
 
Multilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsMultilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet Protocols
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
 
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in Action
 
M dgx mde0mdm=
M dgx mde0mdm=M dgx mde0mdm=
M dgx mde0mdm=
 

Andere mochten auch

Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Islam Azeddine Mennouchi
 
T2 7 Chappell Network Forensics
T2 7 Chappell Network ForensicsT2 7 Chappell Network Forensics
T2 7 Chappell Network ForensicsPramod Sana
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 
Computer And Network Forensics
Computer And Network ForensicsComputer And Network Forensics
Computer And Network ForensicsPituphong Yavirach
 
Codec Networks Providing Courses in Cyber forensic,Network Forensics.
Codec Networks Providing Courses in Cyber forensic,Network Forensics.Codec Networks Providing Courses in Cyber forensic,Network Forensics.
Codec Networks Providing Courses in Cyber forensic,Network Forensics.cnetworks
 
Network based file carving
Network based file carvingNetwork based file carving
Network based file carvingGTKlondike
 
Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security TestingConferencias FIST
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emamahmad abdelhafeez
 
Convert Wireshark PCAP Files to Sequence Diagrams
Convert Wireshark PCAP Files to Sequence DiagramsConvert Wireshark PCAP Files to Sequence Diagrams
Convert Wireshark PCAP Files to Sequence DiagramsEventHelix.com Inc.
 
Network forensics: un approccio laterale
Network forensics: un approccio lateraleNetwork forensics: un approccio laterale
Network forensics: un approccio lateraleDavide Paltrinieri
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsGovind Maheswaran
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniquesprashant3535
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisPriyanka Aash
 
Wireshark
WiresharkWireshark
Wiresharkbtohara
 

Andere mochten auch (20)

Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysis
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013
 
T2 7 Chappell Network Forensics
T2 7 Chappell Network ForensicsT2 7 Chappell Network Forensics
T2 7 Chappell Network Forensics
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocols
 
Computer And Network Forensics
Computer And Network ForensicsComputer And Network Forensics
Computer And Network Forensics
 
Codec Networks Providing Courses in Cyber forensic,Network Forensics.
Codec Networks Providing Courses in Cyber forensic,Network Forensics.Codec Networks Providing Courses in Cyber forensic,Network Forensics.
Codec Networks Providing Courses in Cyber forensic,Network Forensics.
 
Network based file carving
Network based file carvingNetwork based file carving
Network based file carving
 
Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security Testing
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emam
 
Convert Wireshark PCAP Files to Sequence Diagrams
Convert Wireshark PCAP Files to Sequence DiagramsConvert Wireshark PCAP Files to Sequence Diagrams
Convert Wireshark PCAP Files to Sequence Diagrams
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
Network forensics: un approccio laterale
Network forensics: un approccio lateraleNetwork forensics: un approccio laterale
Network forensics: un approccio laterale
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
 
Wireshark
WiresharkWireshark
Wireshark
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniques
 
Network Forensics and Practical Packet Analysis
Network Forensics and Practical Packet AnalysisNetwork Forensics and Practical Packet Analysis
Network Forensics and Practical Packet Analysis
 
Wireshark
WiresharkWireshark
Wireshark
 

Ähnlich wie FIST Enero/Madrid 2008

Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...Abhinav Biswas
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoTgr9293
 
Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...
Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...
Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...Abhinav Biswas
 
SYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introductionSYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introductionAfna Crcs
 
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defenderUsing a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defenderRemmy Nweke, mNGE, mNUJ, mGOCOP
 
Data Junk VTS Prez - 20150925-3
Data Junk VTS Prez - 20150925-3Data Junk VTS Prez - 20150925-3
Data Junk VTS Prez - 20150925-3Paul Sitowitz
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion routerAshly Liza
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark webJisc
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data DATA SECURITY SOLUTIONS
 
A survey in privacy security in IOT
A survey in privacy security in IOT A survey in privacy security in IOT
A survey in privacy security in IOT ssk
 
LookingAroundCorners-DAS Simplified-final- BICSI Sept 2015
LookingAroundCorners-DAS Simplified-final- BICSI Sept 2015LookingAroundCorners-DAS Simplified-final- BICSI Sept 2015
LookingAroundCorners-DAS Simplified-final- BICSI Sept 2015Mark Niehus, RCDD
 
Li-Fi by Narendra Patel
Li-Fi by Narendra PatelLi-Fi by Narendra Patel
Li-Fi by Narendra PatelNarendra Patel
 
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeUPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeFrancesco Faenzi
 
Why the Edge Isn't an Edge Case.pdf
Why the Edge Isn't an Edge Case.pdfWhy the Edge Isn't an Edge Case.pdf
Why the Edge Isn't an Edge Case.pdfWP Engine
 

Ähnlich wie FIST Enero/Madrid 2008 (20)

Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...
Are TOR Hidden Services really hidden? Demystifying HS Directory surveillance...
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
 
Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...
Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...
Internet of 'Hidden' Things: How to Build a Confidential IOT Network using TO...
 
VISIBLE LIGHT COMMUNICATION
VISIBLE LIGHT COMMUNICATIONVISIBLE LIGHT COMMUNICATION
VISIBLE LIGHT COMMUNICATION
 
SYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introductionSYSTEM SECURITY - Chapter 1 introduction
SYSTEM SECURITY - Chapter 1 introduction
 
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defenderUsing a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
Using a VPN or and TOR by remmy nweke, fellow, cyber security policy defender
 
File000142
File000142File000142
File000142
 
Data Junk VTS Prez - 20150925-3
Data Junk VTS Prez - 20150925-3Data Junk VTS Prez - 20150925-3
Data Junk VTS Prez - 20150925-3
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
 
Illuminating the dark web
Illuminating the dark webIlluminating the dark web
Illuminating the dark web
 
Network security
Network securityNetwork security
Network security
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
A survey in privacy security in IOT
A survey in privacy security in IOT A survey in privacy security in IOT
A survey in privacy security in IOT
 
LookingAroundCorners-DAS Simplified-final- BICSI Sept 2015
LookingAroundCorners-DAS Simplified-final- BICSI Sept 2015LookingAroundCorners-DAS Simplified-final- BICSI Sept 2015
LookingAroundCorners-DAS Simplified-final- BICSI Sept 2015
 
Li-Fi by Narendra Patel
Li-Fi by Narendra PatelLi-Fi by Narendra Patel
Li-Fi by Narendra Patel
 
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeUPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
 
Overlay networks
Overlay networksOverlay networks
Overlay networks
 
Why the Edge Isn't an Edge Case.pdf
Why the Edge Isn't an Edge Case.pdfWhy the Edge Isn't an Edge Case.pdf
Why the Edge Isn't an Edge Case.pdf
 

Mehr von Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

Mehr von Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 
Cisco Equipment Security
Cisco Equipment SecurityCisco Equipment Security
Cisco Equipment Security
 

Kürzlich hochgeladen

Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 

Kürzlich hochgeladen (20)

Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 

FIST Enero/Madrid 2008

  • 1. Conferencia FIST Enero/Madrid 2008 @ Sponsored by: Network Forensics and Lessons Learnt from the July 07 London Attacks Geoff Harris Alderbridge Consulting Ltd geoff.harris@alderbridge.com www.alderbridge.com 0044 1423 321900
  • 2. About the Author Background in Military Communications Design CEO Alderbridge Consulting formed 1997 ISSA-UK President UK Government CLAS Consultant CISSP, ITPC, BSc, DipEE, C.Eng 2
  • 3. 3
  • 4. 4
  • 7. An early Intrusion Prevention System – Is IDS dead? 7
  • 8. Forensics – fingerprints & DNA Edward Henry appointed as Assistant Commissioner of Police at New Scotland Yard and began to introduce his fingerprint system. The first British court conviction by fingerprints in 1902 8
  • 9. 11 March 2004 – Madrid Train Bombings 10 explosions on 4 commuter trains (cercanías) killing 191 people and wounding 1,755 9
  • 10. 7 July 2005 - London 3 tube explosions and 1 bus explosion Entire London Underground system shut down 10
  • 11. Post 7 July 2005 – London Investigations 12 July 2005 Idenitifed three suspects from CCTV footage, a missing person's report and documents found in the debris at each bomb site. Luton railways station is closed as police investigate a car parked there and believed to be associated with the suspects caught on CCTV cameras. 11
  • 12. The Dummy Run “Police trawl through 80,000 CCTV tapes” “Ten weeks after the attacks, CCTV footage was released of three of the bombers setting out on a "practice run". Mohammad Sidique Khan, Germaine Lindsay and Shehzad Tanweer - but not Hasib Hussain - met at Luton station at around 0810 BST on June 28. 12
  • 13. The Dummy Run Video cameras showed them buying tickets before they boarded a train to King's Cross, where they arrived at 0855 and made their way to the Underground network. Police said they were seen at Baker Street at midday before they returned to King's Cross at 1250, arriving back in Luton 50 minutes later. 13
  • 14. Detecting The IT Network Attack • Firewall logs • System Logs • IDS – Host IDS & Network IDS • Correlation of events – SEM tools Management Overhead - MSS 14
  • 15. Hiding In The Noise • The Slow Scan • Random Ports – Random Port Hopping • Trojan/Covert channels over well used ports • The outgoing IRC, http, https threat 15
  • 16. “Network CCTV” as a Forensic Tool Commonly Used Existing Sniffing Products Microsoft Net Mon NAI Sniffer Ethereal Problem – the ability to capture the moment of attack at the right time and understand what lead up to the attack 16
  • 17. “Network CCTV” as a Forensic Tool For the IDS & Network CCTV - NIKSUN NetDetector Other products such as NetIntercept 17
  • 18. “Network CCTV” as a Forensic Tool Manchester Leeds Internet WAN London - HQ Web Mail VPN Server Server Gateway Stealth Monitoring LAN (RESTRICTE D) Server Server (RESTRICTE D) Central Security Server (UNCLASSIFIED) Security LAN Trusted LAN (UNCLASSIFIED) Trusted LAN (RESTRICTED) (RESTRICTED) Netw ork IDS Sensor Proposed Netw ork Recorder 18
  • 19. Hiding In The Noise 19
  • 21. Summary • CCTV in UK has been highly successful • Social issues – invasion of privacy • “Network CCTV” is very powerful as a forensic tool • Employee and citizen rights here too • Threat to corporate and government networks due to terrorism and espionage continues to grow 21
  • 22. Creative Commons Attribution-ShareAlike 2.0 You are free: •to copy, distribute, display, and perform this work •to make commercial use of this work Under the following conditions: Attribution. You must give the original author credit. Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-ShareAlike License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. 22
  • 23. www.fistconference.org @ with the sponsorship of: Geoff Harris Alderbridge Consulting Ltd geoff.harris@alderbridge.com www.alderbridge.com 0044 1423 321900 23