Information security is about reducing risk. Therefore, risk management activities must be conducted to identify potential problems and prepare for them. Different security management tools exist to help us determine the risk of these systems. These tools can take data from various security tools such as Nessus and Snort, perform some form of analysis (trend analysis, risk calculations, etc) and generate reports. However, to full take advantage of these systems, they must be configured with the criticality values of the various systems.
Unfortunately, there does not seem to be any foolproof methods for calculating asset values.
My presentation provides a possible guideline to measure relative asset values. This will aid in prioritizing remediation.
Prioritizing Vulnerabilities for Remediation
More and more often we hear about botnets being responsible for a larger piece of Internet crime today. Botnets are complex systems and there are many different approaches to combating the problem. I decided to take a look at some of the more recent techniques to discover bot malware infection from network traffic. I came across two particularly interesting methods of identifying infected machines. One is to look at the most often used command and control technique - IRC channels - and try to determine ‘evil’ channels which provide commands for zombie machines. Another idea is to look for DNS Black List lookups, which may be performed by bots to test that an IP address is not listed before using it to send spam. Attached is a short presentation I gave for the ISIS computer lab.
Botnet Membership Detection within the Network
Loading ...
Recent Comments