Без темы
<<  Laboratory Animal Handling Technique Latency Compensating Methods in ClientServer In-game Protocol Design and Optimization  >>
Lancope, Inc
Lancope, Inc
Protection from a Network Intrusion
Protection from a Network Intrusion
Statistical Anomaly-Based Intrusion Detection
Statistical Anomaly-Based Intrusion Detection
Distributed Host-Based IDS
Distributed Host-Based IDS
Signature-Based IDS
Signature-Based IDS
Port Profiling (as in StealthWatch) Detecting “Ugly” that otherwise
Port Profiling (as in StealthWatch) Detecting “Ugly” that otherwise
Port Profiling (as in StealthWatch) Detecting “Ugly” that otherwise
Port Profiling (as in StealthWatch) Detecting “Ugly” that otherwise
Zone Profiling (as in StealthWatch) Detecting “Ugly” that otherwise
Zone Profiling (as in StealthWatch) Detecting “Ugly” that otherwise
2nd Generation, “Mac Attack” Scanning
2nd Generation, “Mac Attack” Scanning
Web - www
Web - www
Картинки из презентации «Lancope, Inc» к уроку английского языка на тему «Без темы»

Автор: John Copeland. Чтобы познакомиться с картинкой полного размера, нажмите на её эскиз. Чтобы можно было использовать все картинки для урока английского языка, скачайте бесплатно презентацию «Lancope, Inc.ppt» со всеми картинками в zip-архиве размером 552 КБ.

Lancope, Inc

содержание презентации «Lancope, Inc.ppt»
Сл Текст Сл Текст
1Lancope, Inc. 3155 Royal Drive, Bldg. 13Packet Responses to UDP Packets.
100 Alpharetta, GA 30022 Presentation to 14Port Profiling (as in StealthWatch)
the Georgia Research Alliance June 14, Detecting “Ugly” that otherwise looks
2002. Chairman - Dr. John Copeland VP Eng. “Good”. 14.
- John Jerrim VP Sales - Barry Fischel VP 15Zone Profiling (as in StealthWatch)
Op.s - John Balsam CFO - David Cocchiara Detecting “Ugly” that otherwise looks
30 employees and growing. “Good”.
2History. Dec. 1999 - Dr. John Copeland 16“Port Locking” will not alarm if the
discovers preparations for a DDOS FTP Client and Server App.s are in the
involving Mac OS-9 computers. No Hosts’ Port Profiles. Internet. FTP
signatures available. Work starts on a Server. FTP Server. FTP Client. FTP
system that will detect network mischief Client. Engineering Subnet. Finance
without prior signatures. Aug. 2000 - Subnet.
First StealthWatch system starts running 17IDS Solutions Should be Combined. Can
at a NC College. Oct. 2000 - LANcope detect misuse of OS access and file
incorporates, with $1.5M from private permissions. Host-Based. Signature-Based.
investor. Joins ATDC at Georgia Tech. Can detect attacks embedded in network
April 2001 - First commercial sales to data -if signature is known.
S-A, Neilsen TV Ratings, Bass Hotels, … Anomaly-Based. On host or network. Can
May 2001 - GigE System sees Short-Fragment detect new types, but high false alarm
Attack at Weather.com. Code Red seen rate. Flow-Based. Can detect new types of
arriving at Carnival Cruise lines. March attacks by network activity. Should be
2002 - $5.5M investment from HIG Ventures used with Host-Based and/or Signature
and GMG Partners allows build up of Sales Based.
and Marketing teams. May 2002 - 18The Stages of a Network Intrusion.
StealthWatch wins PC Magazine/eWeek Award Flow-based "CI”, ”Port-Lock”, and/or
for most innovative product in the “Zone-Lock”; signature-based? 1. Scan the
Security Area for 2002. network to: • locate which IP addresses
3Network Intruders. Masquerader: A are in use, • what operating system is in
person who is not authorized to use a use, • what TCP or UDP ports are “open”
computer, but gains access appearing to be (being listened to by Servers). 2. Run
someone with authorization (steals “Exploit” scripts against open ports 3.
services, violates the right to privacy, Get access to Shell program which is
destroys data, ...) Misfeasor: A person “suid” (has “root” privileges). 4.
who has limited authorization to use a Download from Hacker Web site special
computer, but misuses that authorization versions of systems files that will let
(steals services, violates the right to Cracker have free access in the future
privacy, destroys data, ...) Clandestine without his cpu time or disk storage space
User: A person who seizes supervisory being noticed by auditing programs. 5. Use
control of a computer and proceeds to IRC (Internet Relay Chat) to invite
evade auditing and access controls. 3. friends to the feast. Signature-based, if
4The Stages of a Network Intrusion. 1. Known exploit. Host-based. Host-based
Scan the network to: • locate which IP Flow-based "Port-Locking” &
addresses are in use, • what operating ”Zone-Locking”. Flow-based
system is in use, • what TCP or UDP ports "Port-Locking” & “Port-Locking”,
are “open” (being listened to by Servers). Host-based. 18.
2. Run “Exploit” scripts against open 19Examples of “Bad” that have been seen.
ports 3. Get access to Shell program which At 8 p.m. on a Sunday evening, a T1
is “suid” (has “root” privileges). 4. Internet is completely jamming for 45
Download from Hacker Web site special minutes because 120 hosts start
versions of systems files that will let downloading 1.2 MB files from a CAI FTP
Cracker have free access in the future server. At 11 am. on Saturday morning
without his cpu time or disk storage space external host on the same Class C subnet
being noticed by auditing programs. 5. Use start sucking down 100’s of Megabytes of
IRC (Internet Relay Chat) to invite data from every Web server on campus. One
friends to the feast. 4. week-end before Napster was reportedly
5Protection from a Network Intrusion. going out of business, two hosts jam the
1. Use a “Firewall” between the local area T1 Internet connection by downloading
network and the world-wide Internet to Gigabytes of data from peer-to-peer
limit access (Chapter 10). 2. Use an IDS servers. A host appears to be repeatedly
(Intrusion Detection System) to detect scanning the network for servers on a
Cracker during the scanning stage (lock half-dozen different port numbers. A host
out the IP address, or monitor and in Europe repeatedly scans the U.S.
prosecute). 3. Use a program like TripWire division’s network for UDP servers on
on each host to detect when systems files dozens of high-number ports. A host sends
are altered, and email an alert to Sys 25 packets per second for hours to a
Admin. 4. On Microsoft PC’s, a program NetBIOS port on another host, all of which
like Zone Alarm is easier to install than receive ICMP Port Unavailable responses. A
learning how to reset default parameters broadcast server that consumes a good
to make the system safe. 5. fraction of a network’s bandwidth operates
6Protection from a Network Intrusion. at 10% efficiency (90% of the bytes are
Network Traffic Monitoring Systems, such header bytes).
as SteathWatch (SW) can be placed at 20Examples of “Ugly” that have been
various points in a network - using taps, seen. A host at a U.S. college starts
repeating hubs, or monitoring ports on an scanning networks in the UK and France
Ethernet switch. using SYN-FIN packets, while reporting the
7Statistical Anomaly-Based Intrusion results of the scans by a Telnet
Detection. 7. Detection Threshold. High connection to a host in Slovinia. At 6
statistical variation in most measurable p.m. on a Friday before Spring Break at a
network behavior parameters results in U.S.college, a host starts scanning
high false-alarm rate. False Alarms. networks in Korea at the rate of almost
Undetected Intrusions. one million per hour. This continues for
8Distributed Host-Based IDS. 8. Highly days, causing one sniffer to fail just
recommended for critical servers. Modules because of the high rate of short packets.
must be installed and configured on hosts. An interactive Internet game server open
9Signature-Based IDS. Data Packets are for world-wide participation is discovered
compared to a growing library of known operating deep within a supposedly secure
attack signatures. These include port network. A half-dozen hosts have active
numbers or sequence numbers that are fixed SubSeven Trojans operating. A rapid rate
in the exploit application, and sequences of short fragmented packets brings down a
of characters that appear in the data top-ten Web site for half a day. Logs
stream. Packet streams must be assembled reveal the attacker was experimenting with
and searched, which reduces the maximum different types of crafted fragmented
possible data rate on the link being packets.
observed. 21Detection of the “Mac Attack” DDoS
10Six “Signatures” from the Snort Plan. 21. Type "A" Probes
Database www.snort.org. alert tcp (detected by Dr. John Copeland – Lancope
$EXTERNAL_NET any -> $HOME_NET 7070 Founder - in Dec. 1999) The first three
(msg: "IDS411 - RealAudio-DoS"; UDP probes, which started my
flags: AP; content: "|fff4 fffd investigation, had a single character in
06|";) alert udp $EXTERNAL_NET any the data field, an 'A'. The UDP port
-> $HOME_NET any (msg: "IDS362 - numbers were identical, 31790->31789.
MISC - Shellcode X86 NOPS-UDP"; They stimulate the 1500-byte ICMP
content: "|90 90 90 90 90 90 90 90 90 Echo-Request packet and the normal 58-byte
90 90 90 90 90 90 90 90 90 90 90 90 90 90 ICMP Destination_Unreachable-Port Packets.
90|";) alert tcp $EXTERNAL_NET any The Echo-Request is never answered. Date
-> $HOME_NET any (msg:"IDS359 - Time EST Source IP (Place) Destination
OVERFLOW-NOOP-HP-TCP2";flags:PA; (Place) 1999-12-28 18:40
content:"|0b39 0280 0b39 0280 0b39 (Italy) to (Atlanta, GA)
0280 0b39 0280|";) alert tcp 1999-12-10 18:28 ( AOL )
$EXTERNAL_NET any -> $HOME_NET any to (Atlanta, GA) 1999-12-16
(msg:"IDS345 - 03:34 (Saudi Arabia) to
OVERFLOW-NOOP-Sparc-TCP";flags:PA; (Atlanta, GA) UDP packets with
content:"|13c0 1ca6 13c0 1ca6 13c0 an empty data field, like those generated
1ca6 13c0 1ca6|";) alert udp by the "nmap" scan program, do
$EXTERNAL_NET any -> $HOME_NET any not stimulate the 1500-byte ICMP packets
(msg:"IDS355 - from an OS-9 Macintosh.
OVERFLOW-NOOP-Sparc-UDP2"; 222nd Generation, “Mac Attack” Scanning.
content:"|a61c c013 a61c c013 a61c "Double-zero" Probes (James
c013 a61c c013|";) alert tcp Bond, "00" -> "license
$EXTERNAL_NET any -> $HOME_NET any to kill"), detected in Dec. 1999. We
(msg: "IDS291 - MISC - Shellcode x86 have now seen 3 UDP type "00"
stealth NOP"; content: "|eb 02 probes, and had another "00"
eb 02 eb 02|";). probe reported from Kansas. These probes
11Signature-Based Intrusion Detection use a single UDP packet, two bytes of data
Systems May Not Detect New Types of (ascii zeroes) and identical UDP port
Attack. Alarm on Activities in these numbers, 60000->2140. They stimulate
areas. Back Orifice. Land Attack. Win the 1500-byte ICMP Echo-Request packet and
Nuke. IP Blob. Trino. Attacks with Names. the normal 58-byte ICMP
Attacks without Names (not analyzed yet). Destination_Unreachable-Port Packets. The
12Flow-Based Technology - An approach Echo-Request is never answered. 1999-12-20
that recognizes normal traffic can detect 07:04 (Arab Emirates*) to
new types of intrusions. Back Orifice. (Atlanta, GA) 1999-12-21 08:04
Land Attack. FTP. Web. Win Nuke. IP Blob. (Arab Emirates*) to
NetBIOS. Trino. Email. Normal Network (Atlanta, GA) *DNS name:
Activities. Attacks with Names. Attacks cwa129.emirates.net.ae 1999-12-25 09:39
without Names (not analyzed yet). Alarm on (Turkey) to 24.94.xxx.xxx
Activities in this areas. (Wichita, Kansas) *DNS: none 1999-12-31
13Flow-based Analysis. A “Flow” is the 05:35 (Manchester, UK*) to
stream of packets from one host to another 14.88.xx.xx (Atlanta, GA) *DNS name:
related to the same service (e.g., Web, manchester_nas11.ida.bt.net 2000-01-04
email, telnet, …). Data in packet headers 05:08 (Road Runner, Hawaii)
is used to build up counts (leads to high to 24.94.xxx.xxx (Wichita, Kansas) *DNS
speed). After the flow is over, counters name: a24b94n80client152.hawaii.rr.com
are analyzed and a value is derived for 2000-01-06 04:48 (cwnet, NJ)
the probability that the flow was crafted, to 24.88.xx.xxx (Atlanta, GA) *DNS name:
perhaps for probing the network for ad11-s16-201-41.cwci.net. 22.
vulnerabilities or for denial of service. 232nd Generation, “Mac Attack” Scanning.
Counters. Flow- Statistics Counters. Flow- Drawing from Atlanta Journal-Constitution
Statistics Counters. Number of Packets. article, Dec. 1999. Full details at
Number of Total Bytes. Number of Data www.csc,gatech.edu /macattack/.
Bytes. Start Time of Flow. Stop Time of 24Web - www . Lancope . com Sales - 678
Flow. Duration of Flow. Flag-Bit 566-4751.
True-False Combo. Fragmentation Bits. ICMP
Lancope, Inc.ppt
cсылка на страницу

Lancope, Inc

другие презентации на тему «Lancope, Inc»

«Видо-временные формы глагола» - Анимированный алфавит. Autumn Осень. Цифры. He was playing yesterday at 1 o’clock. Месяцы. He will play football tomorrow. Summer Лето. He has played football. He played football yesterday. He has played. They had finished the work by 2.03 p.m. Spring Весна. He had been playing for 20 minutes at 1.20 yesterday.

«Great Britain and Northern Ireland» - The United Kingdom of Great Britain and Northern Ireland. The Houses of Parliament. The Royal Banner of England. The national flower of Scotland is the thistle. The flag of England - St George’s Cross. Andrew), and Ireland (the cross of St. From here you can call your friends. Tower. It is 245 m wide here.

«Английские предлоги места» - To - в направлении кого-либо или чего-либо. At - нахождение (у чего-либо, в, при, на, за и т.п.). Under - расположенный под чем-либо или ниже чего-либо. On - на какой-либо поверхности, на чем-либо - для обозначения стороны. Английские предлоги места. Into - движение внутрь чего-либо. Below - расположенный ниже уровня чего-либо.

«Еда на английском» - Учащиеся составляют выражения помещая слова many и much в прямоугольники. Если ответ правильный по ссылке включается слайд 5. Нажав на картинку можно проверить правильность ответа.(слайд 6). Обобщающий урок по теме «Еда». Способы работы со слайдами описаны с помощью сносок. Возможность передвигать слова делает более интересным простое задание соотнести слова и картинки.

«Урок Междометия» - I cut my finger - Ау! М.: Олма-пресс, 2002). I was careful - Хм! Подведение итогов урока. Цель урока. I cannot prepare the dish - Увы! Дай мне взглянуть - Uh! I’m tired.- Ох! Ура! Алло! The interjection. Перед вами предложение на английском языке . Непроизводные: Ах! - Ouch! Сравнить междометия русского языка и английского языка.

«Учебник по английскому» - Отличительными особенностями обучения грамматической стороне речи в УМК “English 5” являются: Вывод. Предметное содержание речи в УМК “English 5” (4 год обучения) В.П. Кузовлев и др. Грамматическая явления, изучаемые в УМК “English 5” (4 год обучения) В.П. Кузовлев и др. Future meaning: present progressive, to be going to, future simple.

Без темы

661 презентация

Английский язык

29 тем