[ad_1]

Complete Practical Connection Assignment

Week 6

Read Chapter 8 on Collection

Read Chapter 9 on Correlation

Listen to weekly lectures

Complete the following

Post to discussion week 5

Complete Practical Connection Assignment

Complete Quiz 4 based on Chapter 6 Depth and Chapter 7 Discretion

‹#›

Chapter 8

Collection

Cyber Attacks

Protecting National Infrastructure, 1st ed.

‹#›

The University of Adelaide, School of Computer Science

5 August 2019

Chapter 2 — Instructions: Language of the Computer

Diligent and ongoing observation of computing and networking behavior can highlight malicious activity

The processing and analysis required for this must be done within a program of data collection

A national collection process that combines local, regional, and aggregated data does not exist in an organized manner

Chapter 8 – Collection

Introduction

‹#›

The University of Adelaide, School of Computer Science

5 August 2019

Chapter 2 — Instructions: Language of the Computer

Fig. 8.1 – Local, regional, and national data collection with aggregation

Chapter 8 – Collection

‹#›

At local and national levels data collection decisions for national infrastructure should be based on the following security goals

Preventing an attack

Mitigating an attack

Analyzing an attack

Data collection must be justified (who is collecting and why)

The quality of data is more important than the quantity

Chapter 8 – Collection

Introduction

‹#›

The University of Adelaide, School of Computer Science

5 August 2019

Chapter 2 — Instructions: Language of the Computer

Chapter 8 – Collection

Fig. 8.2 – Justification-based decision analysis template for data collection

‹#›

Metadata is perhaps the most useful type of data for collection in national infrastructure

Metadata is information about data, not what the data is about

Data collection systems need to keep pace with growth of carrier backbones

Sampling data takes less time, but unsampled data may be reveal more

Chapter 8 – Collection

Collecting Network Data

‹#›

The University of Adelaide, School of Computer Science

5 August 2019

Chapter 2 — Instructions: Language of the Computer

Chapter 8 – Collection

Fig. 8.4 – Collection detects evidence of vulnerability in advance of notification

‹#›

National initiatives have not traditionally collected data from mainframes, servers, and PCs

The ultimate goal should be to collect data from all relevant computers, even if that goal is beyond current capacity

System monitoring may reveal troubling patterns

Two techniques useful for embedding system management data

Inventory process needed to identify critical systems

Process of instrumenting or reusing data collection facilities must be identified

Chapter 8 – Collection

Collecting System Data

‹#›

The University of Adelaide, School of Computer Science

5 August 2019

Chapter 2 — Instructions: Language of the Computer

Chapter 8 – Collection

Fig. 8.5 – Collecting data from mainframes, servers, and PCs

‹#›

Security Information and Event Management

Security information and event management (SIEM) is the process of aggregating system data from multiple sources for purpose of protection

Each SIEM system (in a national system of data collection) would collect, filter, and process data

Objections to this approach include both the cost of setting up the architecture and the fact that embedded SIEM functionality might introduce problems locally

Chapter 8 – Collection

‹#›

The University of Adelaide, School of Computer Science

5 August 2019

Chapter 2 — Instructions: Language of the Computer

Chapter 8 – Collection

Fig. 8.7 – Generic national SIEM architecture

‹#›

Identifying trends is the most fundamental processing technique for data collected across the infrastructure

Simplest terms

Some quantities go up (growth)

Some quantities go down (reduction)

Some quantities stay the same (leveling)

Some quantities doing none of the above (unpredictability)

Chapter 8 – Collection

Large-Scale Trending

‹#›

The University of Adelaide, School of Computer Science

5 August 2019

Chapter 2 — Instructions: Language of the Computer

Chapter 8 – Collection

Fig. 8.8 – Growth trend in botnet behavior over 9-month period (2006–2007)

‹#›

Some basic practical considerations that must be made by security analysts before a trend can be trusted

Underlying collection

Volunteered data

Relevant coverage

Chapter 8 – Collection

Large-Scale Trending

‹#›

The University of Adelaide, School of Computer Science

5 August 2019

Chapter 2 — Instructions: Language of the Computer

Collecting network metadata allows security analysts track a worm’s progress and predict its course

Consensus holds that worms work too fast for data collection to be an effective defense

There’s actually some evidence that a closer look at the data might provide early warning of worm threats

After collecting and analyzing, the next step is acting on the data in a timely manner

Chapter 8 – Collection

Tracking a Worm

‹#›

The University of Adelaide, School of Computer Science

5 August 2019

Chapter 2 — Instructions: Language of the Computer

Chapter 8 – Collection

Fig. 8.9 – Coarse view of UDP traffic spike from SQL/Slammer worm (Figure courtesy of Dave Gross and Brian Rexroad)

‹#›

Chapter 8 – Collection

Fig. 8.10 – Fine view of UDP traffic spike from SQL/Slammer worm (Figure courtesy of Dave Gross and Brian Rexroad)

‹#›

Once the idea for a national data collection program is accepted, the following need to be addressed

Data sources

Protected transit

Storage considerations

Data reduction emphasis

Chapter 8 – Collection

National Collection Program

‹#›

The University of Adelaide, School of Computer Science

5 August 2019

Chapter 2 — Instructions: Language of the Computer

The post Complete Practical Connection Assignment Courselink.

[ad_2]

Source link

Complete Practical Connection Assignment

"Not answered?"

WHY US

Course Link

Opening Hours