1 / 37

INTRODUCTION

INTRODUCTION. Patrick Norman. World Trends. Smart World Smart Grids (Power, etc.) Mobile Integration between physical and digital world. World Trends. Smart World Smart Grids (Power, etc.) Mobile Integration between physical and digital world.

norman-riggs
Download Presentation

INTRODUCTION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INTRODUCTION Patrick Norman

  2. World Trends • Smart World • Smart Grids (Power, etc.) • Mobile • Integration between physical and digital world

  3. World Trends • Smart World • Smart Grids (Power, etc.) • Mobile • Integration between physical and digital world

  4. By 2015, a G20 nation’s critical infrastructure will be disrupted and damaged by online sabotage. (Gartner.com)

  5. IT Threats • DDoS attacks • Fraud • (Add more after meeting with professor RUHI)

  6. Cyber Gangs • Russian Business Network • Rock Phish Gang • NSA • Grey Pigeon Authors • Stormworm Gang • Awola Crew • DRG Group • South American Groups • Oga

  7. BlackHat vs. WhiteHat Hackers BlackHats Work to exploit computer systems (I intend to only give maybe 1 or two examples of each hacker and tell a brief summary of what they did) Examples • Jonathan James • Adrian Lamo • Kevin Mitnick • Kevin Poulsen • Robert Tappan Morris WhiteHats “"Ethical Hackers," hired by companies to test the integrity of their systems” Examples • Stephen Wozniak • Tim Berners-Lee • Linus Torvalds • Richard Stallman • Tsutomu Shimomura

  8. Forensics Investigators Main responsibilities (Job activities) • Attempting to uncover the trace of an attacker to identify him • Uncovering IT System security threats • Testifying in court against convicts

  9. Importance of Computer Forensics Systems How can Computer Forensics Systems improve security • Better identification of system threats to improve protective measures • Catching cyber criminals will have a better effect than regular criminals because they have bots automatically generating threats (FIX THIS)

  10. Simulation

  11. Background of Simulation 2 Important Components: • Statistical Modelling • Create models to predict random events • Software • Arena • Custom code

  12. Statistical Modelling When should this be used? • To predict random events • When there are one or many unknowns Key success components • Large data sets • Well-defined problem • Structured problem

  13. Simulation • Why do we simulate? • An improved tool • Avoid taking risks • When do we simulate? • Before and after an event • Certain types of problems work best • Can we rely on it? • 70-90%

  14. Simulation Inputs • Use random number generators • Set of rules and functions that are problem dependent Outputs • How do we interpret results? • “There is no perfect answer” • The problem could change • Further developing the model will only make it more accurate

  15. Simulation and SDLC The 2 Most Important Steps: Design Phase • Look for vulnerabilities • Exhaustive test sets • Identify design flaws Operations Phase • Collect data • Identify flaws in existing systems • Improve future projects

  16. SDLC = 0% = 0% = 60% = 0% = 40%

  17. Software Monte Carlo • Off-the-shelf • Advantages Network Modelling • Off-the-shelf • Advantages Custom Code • Advantages

  18. Computer Forensics

  19. Mobile Forensics • Outsell PCs • Harder to investigate • Newly acquired need to investigate • Data paths • Numerous Manufacturers • NIST

  20. Tools & Techniques • SIMbrush • MOBILedit! • TULP 2G

  21. Network Forensics • “Network forensics is the science that deals with capture, recording, and analysis of network traffic for detecting intrusions and investigating them.”

  22. Tools & Techniques

  23. Key Techniques • IDS • Intrusion Detection System • Packet Capture • Capturing data packets crossing a network • Proprietary • Unique techniques developed by individual vendors • Pattern Matching • Ex: Hashing

  24. Database Forensics • Internet Boom • Legal Duty • Database forensics as a tool

  25. Tools & Techniques • SQL Server Management Studio Express • SQL CMD • Windows Forensic Tool Chest • NetCat • WinHex

  26. Challenges • Encryption • Use as Evidence • Evolving Technology

  27. Application

  28. Step 1: Observation

  29. Observation • Actual Observation • On the shop floor • Historic • Statistics • Distribution • Diagrams • System Architecture

  30. Observation Develop the Equation BASIS FOR ENTIRE MODEL

  31. Step Two Develop the Model

  32. Models • Network Models • Processes • Data flow • Queues

  33. Models • Monte Carlo • Deterministic • Largely Random

  34. Model • Objective • Gain Knowledge • Matching real and simulated • Now Let’s break it

  35. Step 3 Analyze and Fix

  36. Analysis • Multiple Iterations • Compare Expected and Actual Results • Compare Actual and Historic Results

  37. Benefits to UNIWO • Security of IT systems • Pre and post simulation will allow us to identify threats earlier • Stability • Probability of having an unexpected system shutdown is decreased significantly • Simulation added to computer forensics will improve chances for catching cybercriminals by identifying their patterns

More Related