0% found this document useful (0 votes)
28 views32 pages

SOM Day 1

The document contains the agenda and content for a training session on cyber threats and network security. The session will cover topics like types of cyber threats, indicators of compromise and attack, understanding corporate network architecture, and DNS fundamentals. It includes slides on network segmentation, router and switch security, VLAN usage, zero-trust principles and DNS records. The session aims to help participants understand common cyber threats, how to detect them using indicators, and basic network design concepts to improve security.

Uploaded by

sammail026
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
28 views32 pages

SOM Day 1

The document contains the agenda and content for a training session on cyber threats and network security. The session will cover topics like types of cyber threats, indicators of compromise and attack, understanding corporate network architecture, and DNS fundamentals. It includes slides on network segmentation, router and switch security, VLAN usage, zero-trust principles and DNS records. The session aims to help participants understand common cyber threats, how to detect them using indicators, and basic network design concepts to improve security.

Uploaded by

sammail026
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

MUM-CT-1056

Centre for Development of Advanced Computing (C-DAC)


Kochi & Thiruvananthapuram
Session Plan

• 50 minutes learning 10 minutes Break


• At the end of session, we have QnA but in between the
session you free to shoot questions
• We have a quick and easy assessment test at the end of the
session.
• Enjoy the learning

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
© Institute of Information Security
Cyber Threats
Session 1

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Agenda

• Types of Cyber Security Threats


• Introduction to Indicator of Compromise
• Examples of IoC
• Introduction to Indicators of Attack
• Difference between IoC & IoA
• IoC use in improving Detection and Response

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Terminologies

• Security
• To create a threat free environment
• Threats
• Agent or actor that can cause harm
• Vulnerability
• A flow someone can exploit to cause harm
• Risk
• When Threat and vulnerability overlap
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Types of Cyber Security Threats

• Malware
• Emotet
• APT
• Denial of Service
• Man in the Middle
• Phishing
• SQL Injection
• Password Attack
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Introduction to Indicator of Compromise

• Forensic evidence of potential intrusions on a host system or


network.
• Help to detect intrusion attempts or other malicious
activities.
• Provides actionable threat intelligence to improve
incident response and remediation strategies.
• Helps to mitigate breaches or attacks

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Examples of IoC

• Network Traffic
• Logs
• File ops, Process
• Irregular activities
• Spikes in request or Network Traffic
• DNS
• Registry configurations
• Link - https://otx.alienvault.com/dashboard/new
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Indicators of Attack(IoA)

• Confirmed event with a high probability of being


an actual attack
• Early-warning system that provides evidence of
attacks before they increase in severity
• Attacker’s intent, actions, and methods
• TTP
• Cyber Attack lifecycle

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Cyber Attack lifecycle

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Examples of IoA

• Public IP communicating with private IP


• Persistence communication between internal network and
blacklisted IP or unknown IP
• Connections via non-standard ports
• Renamed legitimate Process
• Excessive Network Traffic
• After-hours activity
• Malware reinfection
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Difference between IoC and IoA

• IoAs are Detected Before Data Breaches


• IoCs are Static but IoAs are Dynamic
• IoA Data is Monitored in Real-Time
• IoA are Proactive
• IoC are reactive
• IoA
• Lateral Movement, c2, Data exfiltration
• IoC
• IP Address, vulnerability exploitation, Signatures
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
IoC use in improving Detection and Response

• Unusual incident of user authentication and authorization


• Network Behaviour
• Registry Changes
• DNS Request

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Understanding your Network
Session 3

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Agenda

• Corporate Network Architecture


• Understanding DNS

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Corporate Network Architecture

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Routers and security

• Device that connects two or more packet-switched networks


or subnetworks
• Managing traffic between networks and allowing multiple
devices to use the same internet connection
• Pass data between LAN and WAN
• Types
• Wireless Router, Wired Router, Core Router, Edge Router
• Access control list
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Security challenges

• Vulnerability Exploits
• DOS / DDOS attacks
• Administrative credentials

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Zones and traffic flow

• Zones
• Red zone
• Orange zone (DMZ)
• Green zone

• Traffic Flow
• a sequence of packets from a source computer to a destination

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Switches and security

• Connects devices within a network


• Only used for interconnecting devices
• Types
• L2 switch & L3 switch
• Managed and unmanaged
• MAC addresses are used to transport data packets
• Port Security

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
VLAN

• virtual local area network


• Network packet is sent to only a specific broadcast domain
• Reduces the size of broadcast domains
• Logical grouping of devices by function rather than location
• Segment your network & enhance network security.

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Zero-trust architecture and least-privilege
ideals

• Focused on resource protection and the premise that trust is


never granted implicitly but must be continually evaluated
• Identity, credentials, access management, operations,
endpoints, hosting environments, and the interconnecting
infrastructure

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Zero Trust Architecture

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Principle of least privilege

• Security administrators restrict the types of applications and


resources a particular user or device can access until they
successfully authenticate onto a network

• limiting the scope of access restricts wide-range lateral


movement throughout the network, which can help prevent
large-scale data breaches.

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Understanding DNS

• Domain name System


• Phonebook of the Internet
• DNS is a client/server network communication protocol
• Translates the domain name into IP addresses
• Using Port Number 53 and Protocol UDP
• In zone transfer using TCP-53

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
Name to IP mapping structure

MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
DNS server and client types

• Resolvers
• Forwarding
• Caching
• authoritative servers
• Non-authoritative servers
• Root name servers
• TLD nameservers
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
DNS Records

• provide information about a domain, and how to handle


requests for that domain
• A record
• AAAA record
• CNAME record
• MX record
• TXT record
• NS record
• SOA record
• PTR record
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram
MUM-CT-1056
Centre for Development of Advanced Computing (C-DAC)
Kochi & Thiruvananthapuram

You might also like