Network Monitoring Workshop - Incident Response Overview

Slide Note
Embed
Share

This workshop covers various aspects of incident response, including tools and techniques such as network taps, protocol analysis with Wireshark, data summarization with Bro/Zeek, alerting with Snort/Suricata, and more. Sessions delve into topics like TLS inspection, wireless network monitoring, and traffic capturing methods. Participants will gain insights into network security practices and practical skills for handling incidents effectively.

adalaid
adalaid Follow

Uploaded on Sep 23, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Welcome to NC CRRC Incident Response

  2. This Mornings Plan Talk about who we are What will we do in this workshop Breakout labs Eat lunch Incident Response 2

  3. Who are Kyle & Cody Incident Response 3

  4. What well cover: Session I We re all birds of a different feather High level overview of what these tools are Network taps Protocol analysis (wireshark) Summarize data (bro/zeek) Alerting on bad stuff (snort/suricata) Methods of capturing network traffic What does our data look like: NSM centric Incident Response Deeper dive into wireshark File extraction Scavenger hunt 4

  5. Session II Incident Response 5

  6. Session III Incident Response 6

  7. Session IV: TLS Inspection For those with more money than time Dip into commercial firewall applications Palo Alto It s ok: academics can get it for free Application ID Issues in capturing traffic: encryption Methods of solving: encryption Incident Response 7

  8. Session V: Wireless We hype packet level analysis But we often forget wifi Key pieces of 802.11: management frames Normal stuff: associations & disassociations What trashy things do people do on 802.11? How we can detect/monitor for this Incident Response 8

  9. Session VI The last session! Network monitoring scavenger hunt Incident Response 9

  10. Getting Traffic Just use a hub Port mirroring/SPAN port Network TAP Incident Response 10

  11. Using Hubs Just kidding

  12. SPAN Ports Mirror all traffic from a switch to a device Device can be: An analysis/capture device A VLAN A virtual machine Can drop traffic if oversubscribed Incident Response The switch treats SPAN data with a lower priority than regular port-to-port data - Cisco 12

  13. Oversubscription Incident Response 13

  14. Network TAP TAP: Test Access Point Can be active or passive Meets extra legal requirements sometimes* Incident Response Isn t hindered with oversubscriptions 14

  15. Incident Response 15

  16. Challenges Incident Response 16

  17. Types of Data in NSM Incident Response 17

Related


Incident Briefings and Meetings: Overview and Best Practices

Incident Briefings and Meetings: Overview and Best Practices

hussein
Understanding the Patient Safety Incident Response Framework (PSIRF)

Understanding the Patient Safety Incident Response Framework (PSIRF)

sonder
Network Slicing with OAI 5G CN Workshop Overview

Network Slicing with OAI 5G CN Workshop Overview

justice
Network Forensics and Incident Response Overview

Network Forensics and Incident Response Overview

mahealan
Basic Incident Command System Overview

Basic Incident Command System Overview

arav
Effective Incident Briefings and Meetings Overview

Effective Incident Briefings and Meetings Overview

ananya
Incident Command System Overview and Structure

Incident Command System Overview and Structure

vela
Understanding Incident Command System (ICS) Organizational Components

Understanding Incident Command System (ICS) Organizational Components

zyr_m
Overview of UTSA's IS-6353 Incident Response Course

Overview of UTSA's IS-6353 Incident Response Course

elestren
NHSE Patient Safety Incident Response Framework Overview

NHSE Patient Safety Incident Response Framework Overview

ivanna
Comprehensive Overview of Incident Command System for Schools

Comprehensive Overview of Incident Command System for Schools

innes
Incident Management Plan Development Process Overview

Incident Management Plan Development Process Overview

kelin
Resilient Incident Management Architecture for Business Continuity

Resilient Incident Management Architecture for Business Continuity

aragon
KYTC.D-3 Incident Management Meeting 2nd Quarter May 6th, 2014

KYTC.D-3 Incident Management Meeting 2nd Quarter May 6th, 2014

shyam
Public Health Incident Leadership: Roles, Responsibilities, and Expectations

Public Health Incident Leadership: Roles, Responsibilities, and Expectations

aza_fr
Effective Management of Public Health Incidents: Objectives and Team Leadership

Effective Management of Public Health Incidents: Objectives and Team Leadership

bullinger_m
Developing Monitoring Tools for Programmatic Oversight

Developing Monitoring Tools for Programmatic Oversight

zdild
Understanding Flow Monitoring in OVS for Efficient Network Management

Understanding Flow Monitoring in OVS for Efficient Network Management

andreea
Incident Command Structure and Span of Control Overview

Incident Command Structure and Span of Control Overview

azarias
Chemical Lab Incident Response at Purdue University

Chemical Lab Incident Response at Purdue University

kade_914
Food for Peace Monitoring and Evaluation Workshop Overview

Food for Peace Monitoring and Evaluation Workshop Overview

groy
Understanding Virtual Incident Procurement (VIPR) in Government Agencies

Understanding Virtual Incident Procurement (VIPR) in Government Agencies

travis
Incident Management Fundamentals and Command Structure Review

Incident Management Fundamentals and Command Structure Review

westley
Understanding Incident Reporting in Healthcare

Understanding Incident Reporting in Healthcare

charity

More Related Content

KYTC District 6 Great Eight Incident Management Task Force Meeting Recap
KYTC District 6 Great Eight Incident Management Task Force Meeting Recap
NIMH Clinical Research Education and Monitoring Program Overview
NIMH Clinical Research Education and Monitoring Program Overview
Emergency Response and Management Overview
Emergency Response and Management Overview
National Response Center Operations Overview
National Response Center Operations Overview
Metamodel-based Photovoltaic Monitoring System for Renewable Energies at Hongik University
Metamodel-based Photovoltaic Monitoring System for Renewable Energies at Hongik University
Unpredictable Arctic Monitoring Framework for Extreme Event Integration
Unpredictable Arctic Monitoring Framework for Extreme Event Integration
Effective Monitoring Practices for Federal Programs in Education
Effective Monitoring Practices for Federal Programs in Education
Importance of Field Monitoring in Adventure Activities
Importance of Field Monitoring in Adventure Activities
RCMP Emergency Management Overview
RCMP Emergency Management Overview
Rapid NHS Response Teams: Enhancing Home Care and Avoiding Hospital Admissions
Rapid NHS Response Teams: Enhancing Home Care and Avoiding Hospital Admissions
Continuous Monitoring of Water Quality in Little Bear River
Continuous Monitoring of Water Quality in Little Bear River
Overview of Incident Command System (ICS) for Emergency Response
Overview of Incident Command System (ICS) for Emergency Response
Review of South Sudan Nutrition Cluster Performance Monitoring Workshop
Review of South Sudan Nutrition Cluster Performance Monitoring Workshop
Rethinking Network Monitoring: A Journey from Troubleshooting to Automation
Rethinking Network Monitoring: A Journey from Troubleshooting to Automation
IPv6 Security and Threats Workshop Summary
IPv6 Security and Threats Workshop Summary
Understanding Snort: An Open-Source Network Intrusion Detection System
Understanding Snort: An Open-Source Network Intrusion Detection System
Insights from Fifth ITU Workshop on Network 2030 in Geneva, Switzerland
Insights from Fifth ITU Workshop on Network 2030 in Geneva, Switzerland
Comprehensive Transit Network Implementation Workshop
Comprehensive Transit Network Implementation Workshop
Network Traffic Analysis with Wireshark: Examples and Techniques
Network Traffic Analysis with Wireshark: Examples and Techniques
Research into incident response
Research into incident response
Understanding Critical Incident Stress Management (CISM)
Understanding Critical Incident Stress Management (CISM)
Enhancing Organizational Learning through BeSafe Taranaki Shared Learnings
Enhancing Organizational Learning through BeSafe Taranaki Shared Learnings
Effective Incident Command System for School Emergency Preparedness
Effective Incident Command System for School Emergency Preparedness
Advancements in Online Saw Monitoring for Wood Industry 4.0
Advancements in Online Saw Monitoring for Wood Industry 4.0