Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
4Activity

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
BRKSEC-2004

BRKSEC-2004

Ratings: (0)|Views: 542 |Likes:
Published by jeffgrantinct

More info:

Published by: jeffgrantinct on Mar 10, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/14/2013

pdf

text

original

 
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKSEC-200414344_04_2008_c2
2
Monitoring andMitigating Threats
BRKSEC-2004
 
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
3
BRKSEC-200414344_04_2008_c2
Overview
Mitigation and Prevention
Monitoring and Identification
IPS Capabilities
Case Studies
Advanced Topics
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
4
BRKSEC-200414344_04_2008_c2
How Computers and Networks Are Owned
Service vulnerabilities (IIS, Apache, SMB)
Application vulnerabilities (XSS)
Denial of Service
FloodingSpoofed (smurf, syn-flood)Non-spoofed ratePacket conformance vulnerabilities
Client side application vulnerabilities
Configuration vulnerabilities (weak passwords,lack of encryption, etc.)
Spoofing PreventionPacket ConformanceUser EducationApplication InspectionIPS Capabilities
 
Access Control
 
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr3
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
5
BRKSEC-200414344_04_2008_c2
There Is No Silver Bullet
ACLs are most effective when the service is notrequired and are only effective between boundarieswhere they are deployed which is usually a Layer3 interface
IPS only mitigates when it is configured to (whichis seldom)
AV detection is not 100% (~85% with samples takenfrom honeypots)
All new technologies introduce potential vulnerabilitiesin themselves
Complexity introduces errors
Source: Virtual Honeypots
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
6
BRKSEC-200414344_04_2008_c2
Know Your Enemy: Anatomy of an Attack
Target12345
ProbePenetratePersistPropagateParalyze
Ping addresses
Scan ports
Passive probing
Guess user accounts
Phishing andSocial Engineering
Mail attachments
Buffer overflows
ActiveX controls
Network installs
Compressed messages
Guess Backdoors
Create new files
Modify existing files
Weaken registry security settings
Install new services
Register trap doors
Mail copy of attack
Web connection
IRC
FTP
Infect file shares
Delete files
Modify files
Drill security hole
Crash computer
Denial of service
Steal secrets

Activity (4)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Harikumar Menon liked this
Harikumar Menon liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->