Chapter 8 - 02 - Discuss Various Threat Intelligence Feeds and Sources - 03_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Chapter 8 - 02 - Discuss Various Threat Intelligence Feeds and Sources - 01_ocred.pdf
- Chapter 8 - 02 - Discuss Various Threat Intelligence Feeds and Sources - 06_ocred.pdf
- Chapter 8 - 02 - Discuss Various Threat Intelligence Feeds and Sources - 01_ocred_fax_ocred.pdf
- Chapter 8 - 02 - Discuss Various Threat Intelligence Feeds and Sources - 02_ocred_fax_ocred.pdf
- Chapter 8 - 02 - Discuss Various Threat Intelligence Feeds and Sources - 05_ocred_fax_ocred.pdf
- Chapter 8 - 02 - Discuss Various Threat Intelligence Feeds and Sources - 06_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools...
Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Example: Government TI Feed Providers The free Automated Indicator Sharing (AIS), provided by The Department of Defense e the US Department of Homeland Security (DHS), allows the Cyber Crime Center (DC3) Indicator https://www.dc3.mil Sharin exchange of cyber threat indicators between the federal 0O 606 haring (AIS) government and the private sector at machine speed US Computer Emergency Response Team (US-CERT) https://us-cert.cisa.gov 3 Homeland nogm-Q~ Secun(y European Union Agency for Network and Information Security (ENISA) CI"A CYBER « INFRASTRUCTURE https://www.enisa.europa.eu Federal Bureau of Investigation R R a—— (FBI) Cyber Crime itermation shaing Automated ]ndlcator Sharing (AIS) https://www.fbi.gov Atomated indicator Sharing51 The Depastment of Homeland Security's (DHS) tiee Automated Indicatos Shazing (AIS) capability enables the exchange of cybet threat indicators between the Federal Government and the private sector at machine speed. ate pieces of information like Thieat indicators STOP. TH'NK. CONNECT. © malicious P addiesses o1 the sender addiess of a phishing email (although they can also be https://www.stopthinkconnect.org much mote complicated) https://www.dhs.gov Copyright © by All Rights Reserved. Reproduction is Strictly Prohibited. Example: Government TI Feed Providers = Automated Indicator Sharing (AlS) Source: https.//www.dhs.gov The free Automated Indicator Sharing (AlIS), provided by the US Department of Homeland Security (DHS), allows the exchange of cyber threat indicators between the federal government and the private sector at machine speed. Here, threat indicators are malicious IP addresses, sender addresses of phishing emails, etc. g Homeland noEm--Q= Securlty Topics News In Focus Mow Do 1? Get Involved AbOut DHS Enter Search Term On DHS gov v m CICA CYBER+INFRASTRUCTURE About CISA Cybersecurity Infrastructure Security Emergency Communications National Risk Management News & Media A > Q84 > Cyvbersecurty > Information Shannp > Automated Indicator Sharing (AIS) Information Sharing Automated Indicator Sharing (AIS) Automated Indicator Sharing (AIS) The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) Cyber Information Sharing and capability enables the exchange of cyber threat indicators between the Federal Government Collaboration Program (CISCP) and the private sector at machine speed. Threat indicators are pieces of information like Enhanced Cybersecurity Services malicious IP addresses or the sender address of a phishing email (although they can also be Information Sharing and Analysis much more complicated). Figure 8.6: Screenshot of Automated Indicator Sharing (AIS) Module 08 Page 1035 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Some additional government Tl feed providers are listed below: The Department of Defense Cyber Crime Center (DC3) (https.//www.dc3.mil) US Computer Emergency Response Team (US-CERT) (https.//us-cert.cisa.gov) European Union Agency for Network and Information Security (ENISA) (https://www.enisa.europa.eu) Federal Bureau of Investigation (FBI) Cyber Crime (https.://www.fbi.gov) STOP. THINK. CONNECT. (https.//www.stopthinkconnect.org) Module 08 Page 1036 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Threat Intelligence Sources Open-Source Intelligence Human Intelligence (OSINT) (OSINT) (HUMINT) QQO Information is collected from QO Q Information is collected from the publicly available sources interpersonal contacts and analyzed to obtain a rich O HUMINT sources: useful form of intelligence O HUMINT sources: O OSINT sources: o Foreign defense personnel and Q OSINT sources: : advisors o Media o) o Accredited diplomats o Internet o NGOs o NGOs o Public government data o Prisoners of War (POWs) o Prisoners of War (POWs) o Corporate/academic g o Refugees publishing o Traveler interview or o Literature debriefing by EC il All Rights Rights Reserved. Reproduction Reproduction sis Strictly Prohibited. Threat Intelligence Sources (Cont’d) Signals Signals Intelligence Intelligence (SIGINT) (SIGINT) ' Technical Intelligence (TECHINT) OQ Information is collected by intercepting OQ Information is collected from an the signals adversary’s equipment or captured enemy material (CEM) O The signals intelligence comprises of: * Communication Intelligence (COMINT): OO TECHINT TECHINT sources: sources: Obtained from interception of * Foreign equipment = Foreign equipment communication signals = ** Electronic Intelligence (ELINT): Electronic Intelligence (ELINT): Obtained Obtained = Foreign Foreign weapon weapon systems systems from electronic sensors like radars and = Satellites lidar = Technical research papers =* Foreign Instrumentation Signals ® Technical research papers Intelligence (FISINT): Signals detected ** Foreign media Foreign media from non-human communication systems * Human contacts Cil.L. All Rights All Rights Reserved. Reserved. Reproduction Reproduction isis Strictly Prohibited Strictly Prohibited. Module 08 Page 1037 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Threat Intelligence Sources (Cont’d) Social Media Intelligence (SOCMINT) Cyber Counterintelligence (CCI) Q Information is collected from social networking a Information is collected from proactively established sites and other types of social media sources security infrastructure or by employing various threat manipulation techniques to lure and trap threats OQO SOCINT sources: o Facebook CCl Sources: o o Linkedin o(o] Honeypots o o Twitter o(o] Passive DNS monitors o o o Online web trackers WhatsApp o o Sock puppets (fake profiling) on online forums o Instagram o o Telegram o Publishing false reports o Threat Intelligence Sources (Cont’d) Industry Association and Vertical Communities Indicators of Compromise (IoCs) Q Information is collected from various threat intelligence sharing communities where the Q Information is collected from network security QO organizations share intelligence information threats and breaches and also from the alerts among each other generated on the security infrastructure, which will likely indicate an intrusion Q Vertical community sources: QO Q 1oCs Sources: o Financial Services Information Sharing and o Commercial and industrial sources Analysis Center (FS-ISAC) o Free loC specific sources o Online security-related sources o MISP (Malware Information Sharing Platform) o Social media and news feeds o Information Technology—Information Sharing o loC buckets and Analysis Center (IT-ISAC) Module 08 Page 1038 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.