1 / 26

Botnet Detection & Countermeasures

Botnet Detection & Countermeasures. About Me – Kiran Ratnaker. IT Security Researcher Certified Ethical Hacker Certified Forensic Investigator Certified Security Analyst WatchGuard Certified Professional Contact Twitter - @ kiranratnakar. Agenda. What is BotNet Botnet Detection

lesh
Download Presentation

Botnet Detection & Countermeasures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BotnetDetection & Countermeasures

  2. About Me – KiranRatnaker IT Security Researcher Certified Ethical Hacker Certified Forensic Investigator Certified Security Analyst WatchGuard Certified Professional Contact Twitter - @kiranratnakar

  3. Agenda • What is BotNet • Botnet Detection • Countermeasures

  4. Close Encounter with Botnet • Network of 150 Machines Dead • No Internet, No Local Server Access

  5. Mac Flooding, ARP Poison, MITM, DDoS…

  6. Worst Things • No bot detection by AV • Websensefailed • Firewall proxy bottleneck • IP in exploit blacklist

  7. How We Restored Network Operations? • Enabled Security features on LAN • ARP Spoofing Prevention, DoS Attack Prevention Settings, Broadcast...Multicast...Unicast Traps • Reduced network speed >Check for port utilizing high bandwidth > Shut it down > Format the machines

  8. Challenges in Dev & QA Environment • Developer needs Admin Access • Innovation needs openness • QA Needs old versions • Port based applications is history • p2p apps on top & so as attacks

  9. What is BotNet BotMaster • Botnet: Bot + Network • Compromised machine install programs which performs autonomus tasks, these Networked bots controlled by single botmaster with multiple command & control centers……. builds Botnet C&C C&C Bots Bots

  10. How Botnet Spreads itself ? Peer to Peer

  11. Cyber Crimes Ransomware Feck Id

  12. 2016 Cyberattack • Denial-of-service attack on DYN (Distributed Network Services, Inc.)

  13. Detection • Symptoms • Benchmark • Machine Log • L3 Switch Log • Firewall Log

  14. Benchmark • TCP/IP Connections on Machine & Firewall • 100 x 50 = 5000 Connections • What are the total Number of Machines as per Inventory & Logs • ARP on Switch = Number of Machines

  15. Machine IP + Mac Address + VLAN Route + VLAN Broadcast on L3 Switch

  16. Process Explorer

  17. Wireshark

  18. Countermeasures • Daily Checks • IP Black List, Concurrent Connections, Botnet Ports, Deny Packets, Geolocation, DNS • Enable AV Firewall + IPS • Update Security Patches • Firmware Updates • Machines, Network Switches, Printers, WAP, Firewall • Install only required applications

  19. Process Explorer Questions ? Microsoft Netmon Questions

  20. AshishShanker ashish.shanker@synerzip.com @ShankerAshish +1.214.507.2843 • 22

  21. Synerzip Accelerate the delivery of your product roadmap Address technology skill gaps Save at least 50% with offshore software development Augment your team with optional on-site professionals Your trusted outsourcing partner for Agile software product development.

  22. Synerzip Clients

  23. Connect with Synerzip facebook.com/Synerzip @Synerzip linkedin.com/company/synerzip

  24. Manging Software People & Teams on Thursday, March 16, 2017 at Noon CST Next Webinar Webinar Presenter: Ron Lichty, Author & Agile Consultant

More Related