Top Banner
www.tisnet.com.tw 資安實戰攻防演練中心 (Cyber Range Workshop)
16

資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

May 26, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

www.tisnet.com.tw

資安實戰攻防演練中心 (Cyber Range Workshop)

Page 2: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

“ 有看過真正攻擊發生時的樣子嗎? ”

2

Page 3: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

簡報目錄

•實戰攻防演練中心簡介及目標

•教育訓練平台

•教學方式及特點

• Q & A

3

Page 4: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

Cyber Range 資安實戰攻防演練中心

簡介及目標

4

Page 5: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

5

資安教育訓練的下一步 – 由紙本進入到實作

Page 6: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

6

課程內容 - 包含攻擊的事前、事中及事後

Visibility and Context

Firewall

NGFW

NAC + Identity Services

VPN

UTM

NGIPS

Web Security

Email Security

Advanced Malware Protection

Network Behavior Analysis

BEFORE Discover

Enforce

Harden

AFTER Scope

Contain

Remediate

Detect

Block

Defend

DURING

Page 7: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

課程內容 – 資安實戰攻防演練提供

SIEM

CSIRT

NetFlow

Wireless Security

Web/Mail Security

Firewall / IPS

Cyber Threat Defense

Cloud Security

Talos OpenDNS Threat Grid

超過 100 種的真實攻擊 情境與組合

整合安全情報資訊 / 惡意網址及軟體

7

Page 8: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

實作課程的學習效益 檢視企業防護架構 透過實際的演練來對比目前企業的環境架構完備程度,達成事件發生前可偵測、警示及發生時可阻斷

經驗學習 由實作的經驗中學習為企業

建立適合的管理流程與機制,並且一併建立適當的反饋機制以修正相對應的管理流程及機制

提高對異常的警覺 學習檢測網路封包或行為的異常、分析 event 及 log 資訊,並判斷是否為攻擊行為

鑑往知來 檢視是否曾經歷過相同或類似的攻擊、當時處理的程序是否適當且處理的結果是否合乎組織的預期

8

Page 9: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

9

教育訓練平台

Page 10: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

10

Cyber Range 實作環境含完整的企業架構

Identity Services Engine

Flow Collector FC

SMC StealthWatch Management Internet

Inside Host

NetFlow

AVC

TrustSec

Wireless Security

ASA NGFW

Cisco Talos

Web Security Appliance

Email Security Appliance

Cyber Threat

Defense

Firepower IPS

Splunk

Cisco

Prime

Fire

SIGHT

Data Analytics N1KV

ASAv

Virtual Security

Threat Grid

OpenDNS

Imperva

Open Source Attack

Tools

IXIA

Breaking Point

Page 11: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

教學方式及特點

11

Page 12: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

走動式教學

以學員最佳的學習效果為出發點

隨時與學員保持最佳的互動性

低師生比

兩位講師及兩位助教同時教學,師生比最多 1:6 ,以維持最佳的教學品質

一人一機

確保每位學員皆能完整操作所有實作個案

分組合作

兩人一組、共同討論

解題競賽

以學員間的互相競爭來提升及加強學習效果

75% 為實作課程

概要說明各種攻擊情境及原理,以實作為課程重點

Page 13: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

日期 內容 Day 1 上午 Cyber Range架構簡介及情境演示

電腦安全事件應變小組(Computer Security Incident Response Team, CSIRT)實務介紹

Day 1 下午 安全性資訊與事件管理(Security Information and Event Management, SIEM)概述 實戰演練:初階攻擊與防禦、含背景流量之混和式攻擊

Day 2 上午 防火牆(Firewall)及入侵防禦系統(IPS)簡介 實戰演練:5個相關攻擊情境

Day 2 下午 入侵技術簡介 網頁及電子郵件安全 實戰演練:5個相關攻擊情境

Day 3 上午 網路威脅防禦簡介 實戰演練:5個相關攻擊情境

Day 3 下午 無線網路安全 實戰演練:物聯網設備攻擊及應變 實戰演練:含背景流量之混合式攻擊 實戰競賽:藍隊(防禦方)競技

課程大綱 – 三日正式課程

75% 的課程皆為實作體驗

Page 14: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

04 03

02 01

檢測

分析

防禦

應變

發現入侵的 徵兆

鑑別入侵手法及管道

阻斷攻擊的 來源

排除或是限縮 受影響的範圍

完整學習資安事件處理的程序

14

超過 100 種的真實攻擊 情境與組合

整合安全情報資訊 / 惡意網址及軟體

Page 15: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

企業級資安實戰攻防演練中心

資安實戰攻防演練中心 官網 cybersecurity.com.tw/ 如欲瞭解更多實戰攻防演練中心相關訊息,請洽 協志聯合科技 盧小姐 (02)55625463 [email protected] 大同世界科技 黃小姐 (02)55625627 [email protected]

15

http://cybersecurity.com.tw/
mailto:[email protected]
mailto:[email protected]
Page 16: 資安實戰攻防演練中心 - HITCON...Splunk Cisco Prime Fire SIGHT Data Analytics N1KV ASAv Virtual Security Threat Grid OpenDNS Imperva Open Source Attack Tools IXIA Breaking

www.tisnet.com.tw

Q&A


Related Documents
Deploy the ASAv Using VMware - Cisco · Deploy the ASAv Using VMware You can deploy the ASAv using VMware. VMware Feature Support for the ASAv, page 7 Prerequisites for the ASAv and

Deploy the ASAv Using VMware - Cisco · Deploy the ASAv...

Category: Documents
OpenDNS Enterprise Overview

OpenDNS Enterprise Overview

Category: Technology
ASAV 2010 Shagya-Arabian Jump-Start Program

ASAV 2010 Shagya-Arabian Jump-Start Program

Category: Documents
Cisco ASAv Configuration Lab

Cisco ASAv Configuration Lab

Category: Documents
OpenDNS Whitepaper: Platform Technology

OpenDNS Whitepaper: Platform Technology

Category: Technology
OpenDNS Enterprise Dashboard Tour

OpenDNS Enterprise Dashboard Tour

Category: Technology
OpenDNS Cloud-Security & Threat Intelligence - Cisco · OpenDNS Cloud-Security & Threat Intelligence . 2 CONFIDENTIAL AUTHORITATIVE DNS Owns and publishes ... SporB_OpenDNS_Advanced

OpenDNS Cloud-Security & Threat Intelligence - Cisco ·...

Category: Documents
ASAV Shagya-Arabian Newsletter Autumn 2010

ASAV Shagya-Arabian Newsletter Autumn 2010

Category: Documents
Cisco Adaptive Security Virtual Appliance (ASAv) Getting ... · CiscoAdaptiveSecurityVirtualAppliance(ASAv)GettingStarted Guide,9.13 FirstPublished:2019-09-25 LastModified:2020-04-20

Cisco Adaptive Security Virtual Appliance (ASAv) Getting...

Category: Documents
OpenDNS Your Family by Glen Roberts

OpenDNS Your Family by Glen Roberts

Category: Technology
ASAV Shagya-Arabian Newsletter December 2010

ASAV Shagya-Arabian Newsletter December 2010

Category: Documents
Docker at OpenDNS

Docker at OpenDNS

Category: Technology