This is a presentation discussed in the whitehat 'People' local meet. This presentation details the importance of IP & DNS Reputation and Product Provisioning for IP & DNS Reputation in improving an organization's network security
need help with a term paper 8 pages Write a term paper that discusse.pdf
Improving Network Security with IP &DNS Reputation Services
1. Importance of Product Provisioning in improving Network Security Sandeep Discussed at WHP Local Meet Reference: Improved network security with IP & DNS Reputation Services, A Business Whitepaper by HP Tipping Point Solutions
4. Low Risk of Being Caught & ProsecutedCurrent Network Security Threats info@whitehatpeople.com
5. Network Traffic Divided into three parts - Good Traffic: trusted traffic that should pass through the network, unimpeded and uninspected Bad Traffic: traffic that should be blocked proactively before it can attempt to compromise the network Ugly Traffic: untrusted traffic that requires deep packet inspection to determine if it is “good” (legitimate) or “bad” (malicious) Categories of Cyber Threats info@whitehatpeople.com
6.
7. Botnet CnC servers constantly moving to evade detection, block efforts from security and network personnel
8. Techniques used by Botnet Masters to avoid being discovered are as follows:
9. Use of IRC, P2P and HTTP Traffic allows to bypass traditional firewalls and some IPS Security Measures “Bad” Devices info@whitehatpeople.com
10.
11.
12.
13. Look up mechanism always DNS Address“Bad” Devices info@whitehatpeople.com
14. Malware Depot Identification Process: Monitoring for malware downloads and tracking their origin Evaluating data hosting sites worldwide. “Bad” Devices info@whitehatpeople.com
22. Conducting online-click fraud scams“Bad” Devices Compromised host can be used by botnet master to conduct variety of malicious attacks (Contd..) : info@whitehatpeople.com
23.
24. Block Access to and from Devices that have a known bad reputation
25. A need of a reputation database with significant metadata on each of these badly behaving devices—identified through IPv4 or IPv6 addresses or DNS namesDevice ReputationA Critical First Step info@whitehatpeople.com
31. Assign a reputation scoreDevice ReputationA Critical First Step info@whitehatpeople.com
32.
33. Collect real-time attack events with very detailed attack data from a large worldwide community of sensors
34. Analyze Web traffic and crawl Web sites of interest to collect data on sites hosting malicious content or scams
35. Conduct careful malware analysis to identify botnet CnC sites, and botnet and malware drop sites
36. Analyze attacks and scams to identify the devices that are participating in or conducting the attacksDevice ReputationA Critical First Step info@whitehatpeople.com
37. Note: The most important component in building a strong reputation service is the depth of the database. Database quality depends heavily on the size, scope, and distribution of the attack collection sites, and the quality and depth of the collected attack data Recommendation: HP Tipping Point IP & DNS Reputation Services by HP Reference: Improved network security with IP and DNS reputation Business white paper by HP Tipping Point Solutions Conclusion info@whitehatpeople.com
38. whitehat‘People’ Aboutwhitehat ‘People’ whitehat‘People’ is a an ‘open consortium’of national intellects delved to security being the sole intent; trained and specialized in the conception of solutions in all areas of our technical consulting services. whitehat‘People’ produces white papers for the industry, present at symposiums, technology and business conferences nationwide, and provide "thought leadership" for next generation technologies which are currently being deployed in a rapidly changing and fluid market place. The members include security researchers and consultants who are up-to-date with developments in technology from hardware and software vendors to ensure they are leading, and not following the market. Whitehat‘People’ adhere to the following ideals: 1. "Help government and industry maximize the value of Information security in information technology."2. "Deliver leading-edge information technology and services, support, training and education."3. "Function as a strategic arm for the clients by leveraging new concepts to support strategic goals and conceptual plans." info@whitehatpeople.com