Complete Practical Connection Assignment
[ad_1]
Complete Practical Connection Assignment
Week 6
Read Chapter 8 on Collection
Read Chapter 9 on Correlation
Listen to weekly lectures
Complete the following
Post to discussion week 5
Complete Practical Connection Assignment
Complete Quiz 4 based on Chapter 6 Depth and Chapter 7 Discretion
Copyright © 2012, Elsevier Inc. All rights Reserved
‹#›
Copyright © 2012, Elsevier Inc. All Rights Reserved
Chapter 8
Collection
Cyber Attacks
Protecting National Infrastructure, 1st ed.
‹#›
‹#›
The University of Adelaide, School of Computer Science
5 August 2019
Chapter 2 — Instructions: Language of the Computer
2
Diligent and ongoing observation of computing and networking behavior can highlight malicious activity
The processing and analysis required for this must be done within a program of data collection
A national collection process that combines local, regional, and aggregated data does not exist in an organized manner
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Introduction
‹#›
The University of Adelaide, School of Computer Science
5 August 2019
Chapter 2 — Instructions: Language of the Computer
3
Fig. 8.1 – Local, regional, and national data collection with aggregation
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
‹#›
At local and national levels data collection decisions for national infrastructure should be based on the following security goals
Preventing an attack
Mitigating an attack
Analyzing an attack
Data collection must be justified (who is collecting and why)
The quality of data is more important than the quantity
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Introduction
‹#›
The University of Adelaide, School of Computer Science
5 August 2019
Chapter 2 — Instructions: Language of the Computer
5
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Fig. 8.2 – Justification-based decision analysis template for data collection
‹#›
Metadata is perhaps the most useful type of data for collection in national infrastructure
Metadata is information about data, not what the data is about
Data collection systems need to keep pace with growth of carrier backbones
Sampling data takes less time, but unsampled data may be reveal more
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Collecting Network Data
‹#›
The University of Adelaide, School of Computer Science
5 August 2019
Chapter 2 — Instructions: Language of the Computer
7
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Fig. 8.4 – Collection detects evidence of vulnerability in advance of notification
‹#›
National initiatives have not traditionally collected data from mainframes, servers, and PCs
The ultimate goal should be to collect data from all relevant computers, even if that goal is beyond current capacity
System monitoring may reveal troubling patterns
Two techniques useful for embedding system management data
Inventory process needed to identify critical systems
Process of instrumenting or reusing data collection facilities must be identified
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Collecting System Data
‹#›
The University of Adelaide, School of Computer Science
5 August 2019
Chapter 2 — Instructions: Language of the Computer
9
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Fig. 8.5 – Collecting data from mainframes, servers, and PCs
‹#›
Security Information and Event Management
Security information and event management (SIEM) is the process of aggregating system data from multiple sources for purpose of protection
Each SIEM system (in a national system of data collection) would collect, filter, and process data
Objections to this approach include both the cost of setting up the architecture and the fact that embedded SIEM functionality might introduce problems locally
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
‹#›
The University of Adelaide, School of Computer Science
5 August 2019
Chapter 2 — Instructions: Language of the Computer
11
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Fig. 8.7 – Generic national SIEM architecture
‹#›
Identifying trends is the most fundamental processing technique for data collected across the infrastructure
Simplest terms
Some quantities go up (growth)
Some quantities go down (reduction)
Some quantities stay the same (leveling)
Some quantities doing none of the above (unpredictability)
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Large-Scale Trending
‹#›
The University of Adelaide, School of Computer Science
5 August 2019
Chapter 2 — Instructions: Language of the Computer
13
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Fig. 8.8 – Growth trend in botnet behavior over 9-month period (2006–2007)
‹#›
Some basic practical considerations that must be made by security analysts before a trend can be trusted
Underlying collection
Volunteered data
Relevant coverage
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Large-Scale Trending
‹#›
The University of Adelaide, School of Computer Science
5 August 2019
Chapter 2 — Instructions: Language of the Computer
15
Collecting network metadata allows security analysts track a worm’s progress and predict its course
Consensus holds that worms work too fast for data collection to be an effective defense
There’s actually some evidence that a closer look at the data might provide early warning of worm threats
After collecting and analyzing, the next step is acting on the data in a timely manner
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Tracking a Worm
‹#›
The University of Adelaide, School of Computer Science
5 August 2019
Chapter 2 — Instructions: Language of the Computer
16
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Fig. 8.9 – Coarse view of UDP traffic spike from SQL/Slammer worm (Figure courtesy of Dave Gross and Brian Rexroad)
‹#›
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
Fig. 8.10 – Fine view of UDP traffic spike from SQL/Slammer worm (Figure courtesy of Dave Gross and Brian Rexroad)
‹#›
Once the idea for a national data collection program is accepted, the following need to be addressed
Data sources
Protected transit
Storage considerations
Data reduction emphasis
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 8 – Collection
National Collection Program
‹#›
The University of Adelaide, School of Computer Science
5 August 2019
Chapter 2 — Instructions: Language of the Computer
19
The post Complete Practical Connection Assignment Courselink.
[ad_2]
Source link