SlideShare a Scribd company logo

BSIT3CD_Continuation of Cyber incident response (1).pdf

S
StevenJoeBiago

This document discusses cyber incident response. It covers incident classification, network event monitoring, network monitoring tools, and detecting network events. Incident classification involves categorizing incidents by method of attack. Network event monitoring collects and analyzes data from devices to understand network conditions. Common tools to monitor include port scanners, interface monitors, packet flow monitors, and SNMP. Detecting events involves watching traffic for policy violations, exploits, and unknown traffic using NIDS and NIPS.

Business
1 of 24
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
CYBER INCIDENT RESPONSE Presented by: Biago, Steven Joe R. Ocado, Maria Concepcion L.
Content Discussion: 1. Incident Classification 2. Network Event monitoring 3. Network Monitoring Tools 4. Detecting Network Events
INCIDENT CLASSIFICATION Incident classification is the classification of the method(s) used by an attacker through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. An incident can cover one or more types of incident classification as described as follows. ○ Spam ○ System Compromise ○ Scan ○ Denial of Service ○ Copyright Issue ○ Phishing ○ Malware ○ XSS ○ Vulnerability ○ Fastflux ○ SQL Injection ○ Information Leak ○ Scam ○ Cryptojacking ○ Locker ○ Screenlocker ○ Wiper
All incidents that are processed by the information security response team shall be classified by the information security response team. Incident classification informs those involved of the severity and impact of the incident, and ensures that the incident receives the appropriate level of attention. Classification also ensures that the incident is reported to management in a timely manner. INCIDENT CLASSIFICATION
BSIT3CD_Continuation of Cyber incident response (1).pdf
NETWORK EVENT MONITORING Event monitoring in networking is the process of collecting, analyzing, and signaling event occurrences to operating system processes, active database rules, and human operators. These event occurrences may stem from software or hardware like operating systems, database management systems, application software, and processors.
● The following occurrences may be designated as events for reporting purposes: ○ Changes to a system’s hardware inventory ○ Changes to a system’s software inventory ○ Application access failures ○ Failed login attempts ○ Job failures ○ Connection failures ○ No device response to polls ○ Disabled protocols
NETWORK EVENT MONITORING Common Network Devices to Monitor ● Routers: Routers help connect networks via the internet. ● Switches: Switches help connect devices such as servers, computers, printers, and more. Monitoring switches is critical to ensure network health and performance. It’s also essential to monitor traffic and hardware through the switch. ● Firewalls: The role of a firewall is to protect the network by controlling incoming and outgoing traffic. ● Servers: Server monitoring helps provide information about the network, data usage, and more.
What do network monitoring tools do? Network monitoring tools collect data in some form from active network devices, such as routers, switches, load balancers, servers, firewalls, or dedicated probes, which they analyze to understand the condition of the network. NETWORK MONITORING TOOLS What are network monitoring tools? Network monitoring tools gather and analyze network data to provide network administrators with information related to the status of network appliances, link saturation, active devices, the structure of network traffic or the sources of network problems and traffic anomalies
// WILL INSERT SAMPLE NETWORK MONITORING SOFTWARE TOOLS 1. Port Scanners ● Gather information across the network - No special permissions requires ● Determine up/down status - Ping or Address Resolution Protocol (ARP) ● Check for open ports - May indicate available services ● Scan Operating System - Determine without logging in ● Scan services - Version information
// WILL INSERT SAMPLE 2. Interface Monitoring ● Up or down - The most important statistic - No special rights or permissions required - Green is good, red is bad ● Alarming and Alerting - Notification in an interface fail to report - Email, SMS ● Short-term and long-term reporting - View availability over time ● Not focused on additional details - Additional monitoring may require SNMP
// WILL INSERT SAMPLE 3. Packet Flow Monitoring ● Gather traffic statistics - Metadata of actual traffic flows ● NetFlow (v5 and v9 are most common) - Standard collection method - Many products and options ● Probe and collector - Probe watches network communication - Summary records are sent to the collector ● Usually a separate reporting application - Closely tied to the collector
4. Simple Network Management Protocol (SNMP) - A database of data (MIB) ● SNMP versions - v1 = The original - Structured tables, in-the-clear - v2 = a good step ahead - Data type enhancement, bulk transfer, still in-the-clear - v3 = The new standard - Message integrity, authentication, encryption ● SNMP information can be very detailed - Access should be very limited // WILL INSERT SAMPLE
DETECTING NETWORK EVENTS A network-based intrusion detection system is designed to help organizations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic.
● NIDS and NIPS ○ Intrusion Detection System/ Intrusion Prevention System ■ Watch network traffic ● Intrusions ○ Exploits against operating systems, applications, etc. ○ Buffer overflows, cross-site scripting, other vulnerabilities ● Detection vs. Prevention ○ Detection - Alarm or alert ○ Prevention - Stop it before it gets into the network
Project objective: Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do
Understanding the problem Item 1 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation Item 2 Ut enim ad minim veniam, quis nostrud exercitation ● Duis aute irure dolor in reprehenderit in voluptate velit ● Esse cillum dolore eu fugiat nulla pariatur Item 3 Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
Understanding the market
Target audience Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt The competition: ● Lorem ipsum ● Dolor sit amet
INCIDENT CLASSIFICATION Trend 1 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Client Implications: ● Incididunt ut labore et dolore ● Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore Trend 2 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Client Implications: ● Incididunt ut labore et dolore ● Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore
Trend analysis Findings Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Client Implications: ● Incididunt ut labore et dolore ● Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore Item 1 Item 2 20XX 20 5 15 20XX 29 4 25 20XX 39 4 35 20XX 27 5 22
Proposed deliverables Deliverable 1 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore Deliverable 2 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore Deliverable 3 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore Deliverable 4 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore
Jan Feb Mar Apr May Jun Jul Jul Timeline Deployment In-production services Global go-live Advanced projects ● Example 1 ● Example 2
The Team Wendy Writer, CEO Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Ronny Reader, CFO Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat Abby Author, CTO Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur Berry Books, CPO Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum

More Related Content

PPTX
infoAssurance (1).pptx
StevenJoeBiago
 
PPTX
Vapt life cycle
penetration Tester
 
PDF
M1-02-HowCriminalsPlan.pdf
Shylesh BC
 
PPTX
Network traffic analysis with cyber security
KAMALI PRIYA P
 
PPTX
Mitigating worm attacks
dkaya
 
PDF
What is Penetration & Penetration test ?
Bhavin Shah
 
PPTX
Network Analysis Mini Project 2.pptx
talkaton
 
PDF
Network Analysis Mini Project 2.pdf
talkaton
 
infoAssurance (1).pptx
StevenJoeBiago
 
Vapt life cycle
penetration Tester
 
M1-02-HowCriminalsPlan.pdf
Shylesh BC
 
Network traffic analysis with cyber security
KAMALI PRIYA P
 
Mitigating worm attacks
dkaya
 
What is Penetration & Penetration test ?
Bhavin Shah
 
Network Analysis Mini Project 2.pptx
talkaton
 
Network Analysis Mini Project 2.pdf
talkaton
 

Similar to BSIT3CD_Continuation of Cyber incident response (1).pdf (20)

PPTX
Mobile fraud detection using neural networks
Vidhya Moorthy
 
PDF
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
PacSecJP
 
PPTX
Threat_actors_and_vectors_with_whiiteandblack_boxtesting.pptx
gagandeepsinfosec
 
PPTX
Cloud security From Infrastructure to People-ware
Tzar Umang
 
PDF
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET Journal
 
PDF
Penetration testing using metasploit framework
PawanKesharwani
 
DOCX
Running Head Security Assessment Repot (SAR) .docx
SUBHI7
 
PPTX
583318main_2011_Present_NASA_IT_Summit_Grandy_Serene_Implementing_Cyber_Secur...
trinirebel1
 
PDF
Internet Security, A Solid Foundation for Sustainable Internet Development
APNIC
 
PDF
13.02 Network Security
Anjan Mahanta
 
PPTX
Cryptography and system security
Gary Mendonca
 
PPT
1 (20 files merged).ppt
seshas1
 
PPTX
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
SuhailShaik16
 
PDF
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
PDF
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET Journal
 
PPTX
The Evolution of Cybercrime
Stephen Cobb
 
PDF
GSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
David Sweigert
 
PPTX
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
SolarWinds
 
PDF
Detection of Spreading Process on many assets over the network
Security Bootcamp
 
PPTX
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
Scott Sutherland
 
Mobile fraud detection using neural networks
Vidhya Moorthy
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
PacSecJP
 
Threat_actors_and_vectors_with_whiiteandblack_boxtesting.pptx
gagandeepsinfosec
 
Cloud security From Infrastructure to People-ware
Tzar Umang
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET Journal
 
Penetration testing using metasploit framework
PawanKesharwani
 
Running Head Security Assessment Repot (SAR) .docx
SUBHI7
 
583318main_2011_Present_NASA_IT_Summit_Grandy_Serene_Implementing_Cyber_Secur...
trinirebel1
 
Internet Security, A Solid Foundation for Sustainable Internet Development
APNIC
 
13.02 Network Security
Anjan Mahanta
 
Cryptography and system security
Gary Mendonca
 
1 (20 files merged).ppt
seshas1
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
SuhailShaik16
 
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET Journal
 
The Evolution of Cybercrime
Stephen Cobb
 
GSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
David Sweigert
 
Federal Webinar: Security Compliance with SolarWinds Network Management Tools
SolarWinds
 
Detection of Spreading Process on many assets over the network
Security Bootcamp
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
Scott Sutherland
 

Recently uploaded (20)

PDF
North America’s GSE Market Share Outlook Through 2029.pdf
Amrut47
 
PDF
Bihar Idea festival - Pitch deck-your story.pdf
roharamuk
 
PPTX
Appreciations - July 25.pptxdddddddddddss
anushavnayak
 
PDF
NewBase 26 July 2025 Energy News issue - 1806 by Khaled Al Awadi_compressed.pdf
Khaled Al Awadi
 
PDF
Withum Webinar - OBBBA: Tax Insights for Food and Consumer Brands
Withum
 
PDF
A Complete Guide to Data Migration Services for Modern Businesses
Aurnex
 
DOCX
unit 1 BC.docx - INTRODUCTION TO BUSINESS COMMUICATION
MANJU N
 
PPTX
Final PPT on DAJGUA, EV Charging, Meter Devoloution, CGRF, Annual Accounts & ...
directord
 
PDF
NewBase 24 July 2025 Energy News issue - 1805 by Khaled Al Awadi._compressed...
Khaled Al Awadi
 
PDF
Tariff Surcharge and Price Increase Decision
Joshua Gao
 
PDF
Alan Stalcup - Principal Of GVA Real Estate Investments
Alan Stalcup
 
PDF
William Trowell - A Construction Project Manager
William Trowell
 
PDF
What are the steps to buy GitHub accounts safely?
d14405913
 
PPTX
Memorandum and articles of association explained.pptx
Keerthana Chinnathambi
 
PPTX
The Ultimate Guide to Customer Journey Mapping
RUPAL AGARWAL
 
PPTX
E-Way Bill under GST – Transport & Logistics.pptx
Keerthana Chinnathambi
 
PPTX
PUBLIC RELATIONS N6 slides (4).pptx poin
chernae08
 
PDF
Gregory Felber - An Accomplished Underwater Marine Biologist
Gregory Felber
 
PPTX
E-commerce and its impact on business.
pandeyranjan5483
 
PPTX
Integrative Negotiation: Expanding the Pie
badranomar1990
 
North America’s GSE Market Share Outlook Through 2029.pdf
Amrut47
 
Bihar Idea festival - Pitch deck-your story.pdf
roharamuk
 
Appreciations - July 25.pptxdddddddddddss
anushavnayak
 
NewBase 26 July 2025 Energy News issue - 1806 by Khaled Al Awadi_compressed.pdf
Khaled Al Awadi
 
Withum Webinar - OBBBA: Tax Insights for Food and Consumer Brands
Withum
 
A Complete Guide to Data Migration Services for Modern Businesses
Aurnex
 
unit 1 BC.docx - INTRODUCTION TO BUSINESS COMMUICATION
MANJU N
 
Final PPT on DAJGUA, EV Charging, Meter Devoloution, CGRF, Annual Accounts & ...
directord
 
NewBase 24 July 2025 Energy News issue - 1805 by Khaled Al Awadi._compressed...
Khaled Al Awadi
 
Tariff Surcharge and Price Increase Decision
Joshua Gao
 
Alan Stalcup - Principal Of GVA Real Estate Investments
Alan Stalcup
 
William Trowell - A Construction Project Manager
William Trowell
 
What are the steps to buy GitHub accounts safely?
d14405913
 
Memorandum and articles of association explained.pptx
Keerthana Chinnathambi
 
The Ultimate Guide to Customer Journey Mapping
RUPAL AGARWAL
 
E-Way Bill under GST – Transport & Logistics.pptx
Keerthana Chinnathambi
 
PUBLIC RELATIONS N6 slides (4).pptx poin
chernae08
 
Gregory Felber - An Accomplished Underwater Marine Biologist
Gregory Felber
 
E-commerce and its impact on business.
pandeyranjan5483
 
Integrative Negotiation: Expanding the Pie
badranomar1990
 

BSIT3CD_Continuation of Cyber incident response (1).pdf

  • 1. CYBER INCIDENT RESPONSE Presented by: Biago, Steven Joe R. Ocado, Maria Concepcion L.
  • 2. Content Discussion: 1. Incident Classification 2. Network Event monitoring 3. Network Monitoring Tools 4. Detecting Network Events
  • 3. INCIDENT CLASSIFICATION Incident classification is the classification of the method(s) used by an attacker through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. An incident can cover one or more types of incident classification as described as follows. ○ Spam ○ System Compromise ○ Scan ○ Denial of Service ○ Copyright Issue ○ Phishing ○ Malware ○ XSS ○ Vulnerability ○ Fastflux ○ SQL Injection ○ Information Leak ○ Scam ○ Cryptojacking ○ Locker ○ Screenlocker ○ Wiper
  • 4. All incidents that are processed by the information security response team shall be classified by the information security response team. Incident classification informs those involved of the severity and impact of the incident, and ensures that the incident receives the appropriate level of attention. Classification also ensures that the incident is reported to management in a timely manner. INCIDENT CLASSIFICATION
  • 6. NETWORK EVENT MONITORING Event monitoring in networking is the process of collecting, analyzing, and signaling event occurrences to operating system processes, active database rules, and human operators. These event occurrences may stem from software or hardware like operating systems, database management systems, application software, and processors.
  • 7. ● The following occurrences may be designated as events for reporting purposes: ○ Changes to a system’s hardware inventory ○ Changes to a system’s software inventory ○ Application access failures ○ Failed login attempts ○ Job failures ○ Connection failures ○ No device response to polls ○ Disabled protocols
  • 8. NETWORK EVENT MONITORING Common Network Devices to Monitor ● Routers: Routers help connect networks via the internet. ● Switches: Switches help connect devices such as servers, computers, printers, and more. Monitoring switches is critical to ensure network health and performance. It’s also essential to monitor traffic and hardware through the switch. ● Firewalls: The role of a firewall is to protect the network by controlling incoming and outgoing traffic. ● Servers: Server monitoring helps provide information about the network, data usage, and more.
  • 9. What do network monitoring tools do? Network monitoring tools collect data in some form from active network devices, such as routers, switches, load balancers, servers, firewalls, or dedicated probes, which they analyze to understand the condition of the network. NETWORK MONITORING TOOLS What are network monitoring tools? Network monitoring tools gather and analyze network data to provide network administrators with information related to the status of network appliances, link saturation, active devices, the structure of network traffic or the sources of network problems and traffic anomalies
  • 10. // WILL INSERT SAMPLE NETWORK MONITORING SOFTWARE TOOLS 1. Port Scanners ● Gather information across the network - No special permissions requires ● Determine up/down status - Ping or Address Resolution Protocol (ARP) ● Check for open ports - May indicate available services ● Scan Operating System - Determine without logging in ● Scan services - Version information
  • 11. // WILL INSERT SAMPLE 2. Interface Monitoring ● Up or down - The most important statistic - No special rights or permissions required - Green is good, red is bad ● Alarming and Alerting - Notification in an interface fail to report - Email, SMS ● Short-term and long-term reporting - View availability over time ● Not focused on additional details - Additional monitoring may require SNMP
  • 12. // WILL INSERT SAMPLE 3. Packet Flow Monitoring ● Gather traffic statistics - Metadata of actual traffic flows ● NetFlow (v5 and v9 are most common) - Standard collection method - Many products and options ● Probe and collector - Probe watches network communication - Summary records are sent to the collector ● Usually a separate reporting application - Closely tied to the collector
  • 13. 4. Simple Network Management Protocol (SNMP) - A database of data (MIB) ● SNMP versions - v1 = The original - Structured tables, in-the-clear - v2 = a good step ahead - Data type enhancement, bulk transfer, still in-the-clear - v3 = The new standard - Message integrity, authentication, encryption ● SNMP information can be very detailed - Access should be very limited // WILL INSERT SAMPLE
  • 14. DETECTING NETWORK EVENTS A network-based intrusion detection system is designed to help organizations monitor their cloud, on-premise and hybrid environments for suspicious events that could indicate a compromise. This includes policy violations and port scanning, plus unknown source and destination traffic.
  • 15. ● NIDS and NIPS ○ Intrusion Detection System/ Intrusion Prevention System ■ Watch network traffic ● Intrusions ○ Exploits against operating systems, applications, etc. ○ Buffer overflows, cross-site scripting, other vulnerabilities ● Detection vs. Prevention ○ Detection - Alarm or alert ○ Prevention - Stop it before it gets into the network
  • 16. Project objective: Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do
  • 17. Understanding the problem Item 1 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation Item 2 Ut enim ad minim veniam, quis nostrud exercitation ● Duis aute irure dolor in reprehenderit in voluptate velit ● Esse cillum dolore eu fugiat nulla pariatur Item 3 Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
  • 19. Target audience Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt The competition: ● Lorem ipsum ● Dolor sit amet
  • 20. INCIDENT CLASSIFICATION Trend 1 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Client Implications: ● Incididunt ut labore et dolore ● Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore Trend 2 Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Client Implications: ● Incididunt ut labore et dolore ● Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore
  • 21. Trend analysis Findings Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Client Implications: ● Incididunt ut labore et dolore ● Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore Item 1 Item 2 20XX 20 5 15 20XX 29 4 25 20XX 39 4 35 20XX 27 5 22
  • 22. Proposed deliverables Deliverable 1 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore Deliverable 2 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore Deliverable 3 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore Deliverable 4 ● Lorem ipsum dolor sit amet ● Sed do eiusmod tempor incididunt ut labore
  • 23. Jan Feb Mar Apr May Jun Jul Jul Timeline Deployment In-production services Global go-live Advanced projects ● Example 1 ● Example 2
  • 24. The Team Wendy Writer, CEO Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor Ronny Reader, CFO Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat Abby Author, CTO Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur Berry Books, CPO Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum