Category: Network Operations

April 9, 2020

Playbook for Malicious Network Behavior: Malicious Traffic

Alerts are generated when something suspicious is seen by one of the Network monitoring devices. Network Security Tools:IDS (Intrusion Detection System)IPS (Intrusion Prevention System)DLP (Data Loss Prevention)SIEM (Security Incident and Event Management)NBAD (Network Behavior Anomaly Detection) Playbook Mitigation https://cert.societegenerale.com/resources/files/IRM-5-Malicious-Network-Behaviour.pdf References

April 9, 2020

Playbook for Failed SSH login

Brute-force and dictionary attacks against remote services such as SSH, are one of the Top-20 most common forms of attack on the Internet that compromise servers. In particular, Unix-based and Mac OS X servers that run an SSH service to allow administrators secure remote connections are at risk. Playbook Mitigation Disable root access – It is a good security practice to disable logins via SSH […]

April 9, 2020

Playbook for DDoS

Attacking or defending against DDoS attacks is very expensive and skill/time intensive. Companies have huge, multi redundant pipes. One of the main reason individuals or syndicates DDOS is to blackmail companies. If short on time directly jump to the playbooks section. Please note that DDoS attacks can be rapidly morphing or changing with multiple attack vectors and changing within minutes. The attacker could immediately change […]