... how they can protect your information Let them know how important they are in the process, and let them know the consequences of failing to enforce your policies Give them the tools and the processes ... has high security impact For example, safe deposit boxes at a bank require two keys The manager of the bank holds one and the customer holds the other Another example is that two separate controls ... commit a new type of attack needs to be the smart one He then distributes the tools used in the attack around the Internet where it is picked up by young hacker wanna-bes The wanna-bes use the tools...
Ngày tải lên: 18/10/2013, 18:15
... of the cans, the sound can be heard through the other can The can you talk into is the transmitter, the can you listen from is the receiver, and the string is the medium How does it work? The ... they would contact the operator at the central office and tell them the name of the person they wanted to talk to The operator would then connect the caller’s plug to the plug of the person being ... a receiver The transmitter is the device that creates the communication The medium is the device that carries the communication from the source to the destination The receiver is the device that...
Ngày tải lên: 22/10/2013, 16:15
Information Security: The Big Picture – Part III
... all the ingredients are there and then hands them off to the third floor The third floor prepares the various courses by making the soup, tossing the salad, cooking the beef, and baking the pie ... to it, then sends it to the next layer down the stack Once the packet reaches the bottom of the stack, it travels along the network wire to the remote host, then travels up the stack on the remote ... gives the “Hello There” to the Application Layer of the protocol stack The Application Layer creates an empty packet and places the “Hello There” inside of it The Application Layer then sends the...
Ngày tải lên: 22/10/2013, 16:15
Write Better Essays - Revising - The Big Picture
... connects the previous example (the man who bought a stolen necklace for his girlfriend) to the next example, the writer’s own silent lie Then, the beginning of the second sentence uses the transitional ... REVISING: THE BIG PICTURE Support That’s Directly Related to the Thesis As important as the amount of support is its relevance to the thesis What good are ten supporting paragraphs if they’re ... details Expand the example until you have two complete paragraphs In Short Revision deals with the content and style of the essay and should begin by addressing the big- picture issues: thesis and...
Ngày tải lên: 25/10/2013, 17:20
Information Security: The Big Picture – Part IV
... to all the other hosts on that network, which then act as the agents for the attack Being good little agents, they want to reply to the request However the only information they have is the spoofed ... it who the real Victim is, how long the attack should last, and any other information the Agents will need The Handler then relays that information to the Agents and off they go What the Victim ... of the DMZ is a firewall that protects the DMZ from the Internet On the other side of the DMZ is a firewall that protects the internal network from the DMZ (Editor’s note: in some cases, the...
Ngày tải lên: 26/10/2013, 23:15
Information Security: The Big Picture – Part V
... ran them, they interacted with a server somewhere on the network, they did the work on the server, you got the results, and you were done Then with the advent of the web, we started seeing the ... up, they don’t know who the publisher is, and no reason to think the control has any malicious intent They just know they want to see the dancing pigs! And they want to see them so much that they ... allows the browser to send some information to the server, usually information from a form the user fills out POST transactions send the information from the browser to the server The server will then...
Ngày tải lên: 26/10/2013, 23:15
Intrusion Detection The Big Picture
... Is there a business case for intrusion detection? Intrusion Detection - The Big Picture - SANS GIAC © 2000 26 One of the threads we want to stay aware of during the course is whether or not the ... - The Big Picture - SANS GIAC © 2000 28 A threat vector is the method a threat uses to get to the target For example, mosquitoes are the vector for malaria A countermeasure against malaria (the ... • There has to be a balance between the cost of improving protection and the value of what you are defending Intrusion Detection - The Big Picture - SANS GIAC © 2000 34 The threats are real The...
Ngày tải lên: 04/11/2013, 12:15
Information Security: The Big Picture – Part VI
... implemented one of the newer authentication protocols One of the basic problems with PAP is that the password never changes and it is sent to the authentication device in the clear over the network ... challenge When the response comes back from the user, the server will compare the user’s response to the one it generated and is expecting If the two match, the user is authenticated and the processing ... prove the user belongs in the club No matter what form the authentication takes, they all serve to prove the identity of the person Once you know who someone is, and you have reasonably proven they...
Ngày tải lên: 04/11/2013, 12:15
Tài liệu Intrusion Detection The Big Picture – Part III docx
... Intrusion Detection - The Big Picture - SANS GIAC © 2000 22 22 Deception Can Drive the Picture S S CIRT Meta CIRT S S CIRT S Intrusion Detection - The Big Picture - SANS GIAC © 2000 23 The point of this ... - The Big Picture - SANS GIAC © 2000 15 You can get the full system as a time-limited evaluation version, and then simply upgrade the licence key to get the commercial version RealSecure’s biggest ... at the top Then summary information about the packet The trace begins with the content of the detect RPC attacks like this are part of the Top Ten list (www.sans.org/topten.htm) Notice all the...
Ngày tải lên: 09/12/2013, 17:15
Tài liệu Information Security: The Big Picture – Part V pdf
... ran them, they interacted with a server somewhere on the network, they did the work on the server, you got the results, and you were done Then with the advent of the web, we started seeing the ... up, they don’t know who the publisher is, and no reason to think the control has any malicious intent They just know they want to see the dancing pigs! And they want to see them so much that they ... allows the browser to send some information to the server, usually information from a form the user fills out POST transactions send the information from the browser to the server The server will then...
Ngày tải lên: 09/12/2013, 17:15
Tài liệu Information Security: The Big Picture – Part IV doc
... to all the other hosts on that network, which then act as the agents for the attack Being good little agents, they want to reply to the request However the only information they have is the spoofed ... it who the real Victim is, how long the attack should last, and any other information the Agents will need The Handler then relays that information to the Agents and off they go What the Victim ... of the DMZ is a firewall that protects the DMZ from the Internet On the other side of the DMZ is a firewall that protects the internal network from the DMZ (Editor’s note: in some cases, the...
Ngày tải lên: 10/12/2013, 14:16
Tài liệu Information Security: The Big Picture – Part V pptx
... ran them, they interacted with a server somewhere on the network, they did the work on the server, you got the results, and you were done Then with the advent of the web, we started seeing the ... up, they don’t know who the publisher is, and no reason to think the control has any malicious intent They just know they want to see the dancing pigs! And they want to see them so much that they ... allows the browser to send some information to the server, usually information from a form the user fills out POST transactions send the information from the browser to the server The server will then...
Ngày tải lên: 10/12/2013, 14:16
Tài liệu Information Security: The Big Picture – Part VI doc
... implemented one of the newer authentication protocols One of the basic problems with PAP is that the password never changes and it is sent to the authentication device in the clear over the network ... challenge When the response comes back from the user, the server will compare the user’s response to the one it generated and is expecting If the two match, the user is authenticated and the processing ... prove the user belongs in the club No matter what form the authentication takes, they all serve to prove the identity of the person Once you know who someone is, and you have reasonably proven they...
Ngày tải lên: 10/12/2013, 14:16
Tài liệu Intrusion Detection The Big Picture – Part IV pdf
... Detection - The Big Picture – SANS GIAC ©2000 11 The telnetd and the web demon are “real” They are compiled C code They simply simulate the services This could be important, since they might be ... attack other systems Of course, smap is not sendmail and just changing the banner from “smap” to “sendmail” will not fool the wise attacker The higher the fidelity of the honeypot, the greater the ... traffic In the slide above, the packet is addressed to TCP port 143, the IMAP service If the site does not allow IMAP through the firewall, then there will never be a SYN/ACK response, the TCP three...
Ngày tải lên: 10/12/2013, 14:16
Tài liệu Intrusion Detection The Big Picture – Part V docx
... when you are in the office by the phone • Fix the red “priority” problems first Intrusion Detection - The Big Picture – SANS GIAC ©2000, 2001 15 There is no point in configuring the scanner to ... know the tool very well Intrusion Detection - The Big Picture – SANS GIAC ©2000, 2001 16 In the previous example, it isn’t that you were wrong when you went to management and told them they were ... on the motherboard The idea was to speed up equipment inventory You walk down the hall transmitting a code and the PCs respond by transmitting their serial number back There was a bug in the...
Ngày tải lên: 10/12/2013, 14:16
Tài liệu Intrusion Detection The Big Picture – Part VI pdf
... on the slide How you answer? Does this mean the manager doesn’t understand? There are a couple things to consider We have been talking about the big picture Management wants to know the big picture ... There is more than just the initial outlay for the hardware and software There is maintenance, training, and the employees’ time Management knows the purchase is just the tip of the iceberg Their ... practices) The Three Risk Choices • Accept the risk as is • Mitigate or reduce the risk • Transfer the risk (insurance model) Intrusion Detection - The Big Picture – SANS GIAC ©2000, 2001 Whether or...
Ngày tải lên: 10/12/2013, 14:16
Tài liệu Risk Management The Big Picture – Part IV docx
... firewalls themselves, which are an amazingly effective perimeter, contribute to the problem The people protected by the firewall think everything is OK since the firewall stops the attacks and then they ... displayed at the top Then summary information about the packet is given The trace begins with the content of the detect RPC (Remote Procedure Call) attacks like this are part of the Top Ten list ... look at the CID information for yourself The graph you see on your screen is from a famous attack called the Lion worm As it ramped up, it was clearly different than the other traffic on the network...
Ngày tải lên: 10/12/2013, 14:16
Tài liệu Risk Management The Big Picture – Part V doc
... attack other systems Of course, smap is not sendmail and just changing the banner from “smap” to “sendmail” will not fool the wise attacker The higher the fidelity of the honeypot, the greater the ... traffic In the slide above, the packet is addressed to TCP port 143, the IMAP service If the site does not allow IMAP through the firewall, then there will never be a SYN/ACK response, the TCP three-way ... open, or the SYN flag is set The system responds with “login” If the answer is either guest or root, the system moves to State In State it offers “Password” and if the password matches the list...
Ngày tải lên: 10/12/2013, 14:16
Tài liệu Risk Management The Big Picture – Part VI ppt
... systems on the Internet is the compelling reason the box will be compromised So what? How bad can a compromise be? Well, once they compromise the box they have the ability to manipulate the addresses ... consider the cost and the benefits before embarking on this journey You have spent the day learning about the big picture The real question is, can you explain it to your management? Can you show them ... than the initial purchase cost There is the labor cost of monitoring the devices There is a life-cycle cost Benefits are the reduction in risk Keep in mind the most important benefits to the organization...
Ngày tải lên: 10/12/2013, 14:16
Tài liệu Information Security: The Big Picture – Part VI pptx
... implemented one of the newer authentication protocols One of the basic problems with PAP is that the password never changes and it is sent to the authentication device in the clear over the network ... challenge When the response comes back from the user, the server will compare the user’s response to the one it generated and is expecting If the two match, the user is authenticated and the processing ... prove the user belongs in the club No matter what form the authentication takes, they all serve to prove the identity of the person Once you know who someone is, and you have reasonably proven they...
Ngày tải lên: 10/12/2013, 15:15