hacking appliances
TRANSCRIPT
![Page 1: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/1.jpg)
Tools and Methods for Auditing Enterprise Grade Security
Appliances
Jonathan SuldoInformation Security Analyst @ Arma-Net
[email protected] Length:45 Min.
Topic
Penetration Testing methods/ toolsets utilized to audit Enterprise grade UTM, NGFW, SIEM, and
ASA.
![Page 2: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/2.jpg)
Biography
![Page 3: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/3.jpg)
BriefingPoint 1 I will provide concise utility explanations, “Key Feature Differentiators”, Deciding factors between UTM, NGFW, SIEM, and ASA. Research Examples will be reserved for market leaders and comparing offerings associated with each. The above utilizes are discussed first because they normally control many features. Point 2Popular Detection IDS & FW utilities and their usage in typical network topographies.
Point 3 Methods and Tool-sets for Evading Firewalls and IPS
Point 4 Tools and Report Format utilized to translate and present metrics from auditing data.
Point 5The remainder of the talk will be for creating a specialized auditing methodology and lost cost testing lab creation.
![Page 4: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/4.jpg)
What’s the point?
![Page 5: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/5.jpg)
Point 1
Definition, Features(“Key Differentiators” ), Disadvantages/advantages, between UTM, NGFW, SIEM, and ASA. Research Examples
will be reserved for market leaders and comparing offerings associated with each.
![Page 6: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/6.jpg)
Unified Threat Management
![Page 7: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/7.jpg)
UTM VS. THE HACKER MINDSET
![Page 8: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/8.jpg)
Next Generation FireWall(NGFW)
**Put pictures brands for industry leading NGFW
![Page 9: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/9.jpg)
UTM VS. NGFW
![Page 10: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/10.jpg)
Cisco ASA Adaptive Security Appliances
Cisco ASA 5500-X Series Next-Generation Firewalls help you to balance security effectiveness with productivity. This solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services, including:
Granular visibility and control Robust web security onsite or in the cloud Industry-leading intrusion prevention system (IPS) to
protect against known threats Comprehensive protection from threats and advanced
malware World's most widely deployed ASA firewall with highly
secure Cisco AnyConnect remote access
![Page 11: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/11.jpg)
SIEM: Security Information and Event Management
Security information and event management (SIEM) tools are used to collect, aggregate and correlate log data for unified analysis and reporting. Typically, these tools can take logs from a large number of sources, normalize them and build a database that allows detailed reporting and analysis. While forensic analysis of network events may be a feature of a SIEM, it is not the only feature, nor is it the primary focus of the tool.
![Page 12: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/12.jpg)
SIEM-Continued AlienVault for AlienVault Unified Security
Management Platform Hewlett-Packard for HP ArcSight ESM LogRhythm for LogRhythm's SIEM and
Security Analytics Platform McAfee for McAfee Enterprise Security
Manager SolarWinds for SolarWinds Log & Event
Manager Splunk for Splunk Enterprise
![Page 13: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/13.jpg)
SIEM-Continued What is the goal of a SIEM? That depends on
the organization, but the common use cases are to detect, validate and adequately respond to system compromises, data leakage events, malware outbreaks, investigations into a particular user and service outages. At least that's what it is for my
organization. Simplistic as it may sound, I expect that this would be theanswer from most other organizations, too.
![Page 14: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/14.jpg)
Development Life Cycle One view of assessing the maturity of an organization in terms of the
deployment of log-management tools might use successive categories such as:
Level 1: in the initial stages, organizations use different log-analyzers for
analyzing the logs in the devices on the security-perimeter. They aim to identify the patterns of attack on the perimeter infrastructure of the organization.
Level 2: with increased use of integrated computing, organizations mandate logs to identify the access and usage of confidential data within the security-perimeter.
Level 3: at the next level of maturity, the log analyzer can track and monitor the performance and availability of systems at the level of the enterprise — especially of those information-assets whose availability organizations regard as vital.
Level 4: organizations integrate the logs of various business-applications into an enterprise log manager for better value proposition.
Level 5: organizations merge the physical-access monitoring and the logical-access monitoring into a single view.
![Page 15: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/15.jpg)
Logging Management Resources
http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf http://www.prismmicrosys.com/newsletters_august2007.php
http://www.docstoc.com/docs/19680768/Top-5-Log-Mistakes---Second-Edition
Chris MacKinnon: "LMI In The Enterprise". Processor November 18, 2005, Vol.27 Issue 46, page 33. Online at http://www.processor.com/editorial/article.asp?article=articles%2Fp2746%2F09p46%2F09p46.asp, retrieved 2007-09-10
MITRE: Common Event Expression (CEE) Proposed Log Standard. Online at http://cee.mitre.org, retrieved 2010-03-03
NIST 800-92: Guide to Security Log Management. Online at http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf, retrieved 2010-03-0
![Page 16: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/16.jpg)
IDS & FW Utilities Function and Placement
![Page 17: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/17.jpg)
Types of Intrusion Detection Systems
Network-Based
Intrusion Detection
-These mechanisms are placed
inline on an network, set
to promiscuous
mode in order to monitor
traffic for signs of
intrusion.
Host-Based Intrusion Detection
-These mechanisms
monitor events on a
specific host.-Are
uncommon due to require
continuous monitoring.
Log File Monitoring
-These mechanisms
log/parse files “post-event”
File Integrity Checking
-This mechanism will monitor
file structure modification in an attempt to recognize unauthorized
system access.
![Page 18: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/18.jpg)
Intrusion Detection Systems & Network Implementation
![Page 19: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/19.jpg)
IDS Intrusions Detection Methods
![Page 20: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/20.jpg)
The Purpose of IDS Implementation
![Page 21: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/21.jpg)
IDS Utilities Snort
![Page 22: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/22.jpg)
Snort Log Sample
![Page 23: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/23.jpg)
IDS System: Tipping Point
![Page 24: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/24.jpg)
Intrusion Detection Tools
![Page 25: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/25.jpg)
Intrusion Detection Tools (cont’d)
![Page 26: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/26.jpg)
Intrusion Detection Tools
![Page 27: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/27.jpg)
Firewalls
![Page 28: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/28.jpg)
What they can’t do!
![Page 29: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/29.jpg)
Types of Firewalls
![Page 30: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/30.jpg)
Firewall Architecture
![Page 31: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/31.jpg)
Fire Wall- Utilities
![Page 32: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/32.jpg)
Firewall-Utilities
![Page 33: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/33.jpg)
Firewall and IDS Evasion Tools and Techniques
Graphic s of malware and APT evading something
![Page 34: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/34.jpg)
Firewall Evasion Techniques
![Page 35: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/35.jpg)
![Page 36: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/36.jpg)
![Page 37: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/37.jpg)
![Page 38: Hacking appliances](https://reader036.vdocument.in/reader036/viewer/2022062417/5889fad31a28ab0f388b5657/html5/thumbnails/38.jpg)