itet2 its counter recon
TRANSCRIPT
- 1. Counter reconnaissance
2. Basic profile
- Reconnaissance
- Open sources
3. Internal and other privileged sources Attack
- DoS
4. Intrusion 5. Counter reconnaissance
- Purpose
- Know that they are looking, before they break in.
Result of good counter reconnaissance
- Determine methodology
6. Gather evidence 7. Prevention 8. Supply false information 9. Log, logs, logs, logs
- Huge amounts of information. Use it! (Daily?)
10. Use log analysers to data mine 11. Decentralized log are difficult, centralized are easier to analyse. 12. Log example
- Linux examples: see /var/log
- Ex. on the ipcop firewall
13. Log software
- Cloud based logs
- Loggly
Log-based intrusion detection
- OSSSEC
Web log analysis
- Analog example
14. AWstats example 15. Intrusion detection
- Sectools top 5
Bonus question:
- What happens when an IDS detects an intrusion?
16. SIEM
- Security information and event management
17. What is that?
- Light reading on the topic may be foundhere .
18. Exercise
- What is found in the logs?
- As an alternative: your windows or linux machine
19. Any interesting events? Try the different nmap detection schemes 20. Are they detected?
- Install snort and try again.