It's Okay To Touch Yourself!
DerbyCon 2013
Ben Ten
(@Ben0xA)
About Me
● 12+ years experience in Health Care
Information Systems
● Vice President & Security Officer
● Developer (Builde...
About Me
● Federal Regulation Compliance
Oversight (HIPAA, HITECH, PCI,
Meaningful Use, Red Flag)
● Manager
● Gamer
● Love...
Overview
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
This talk is SFW!
Overview
● State of Breach Detection
● What is a Self Assessment
● Performing Fire Drills
● Pitfalls to Avoid
● Tools
● Ac...
DerbyConTest
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
DerbyConTest
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
#10
DerbyConTest
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
#9
DerbyConTest
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
#8
DerbyConTest
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
#7
DerbyConTest
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
#6
DerbyConTest
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
#5
DerbyConTest
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
#4
DerbyConTest
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
#3
DerbyConTest
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
#2
DerbyConTest
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
#1
Why This Talk? Why Me?
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
A @dave_rel1k story...
Why This Talk? Why Me?
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
64% of businesses did not
detect they had a b...
State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Approximately 70% of
breaches were discovered...
State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Source: 2013 Data Breach Investigations Repor...
State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
But we have these tools!!!11!!!two
● SIEM
● D...
State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
So, what's the problem?
State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
● Poorly implemented tools
● Lack of implemen...
State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Security by Obscurity
State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Security by Vicinity
State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Security by Divinity
Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
It's time to get intimate
with your...network!
Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
At the very least, the critical
parts of your network!
Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
PTES – An Intro
● Pre-engagement Interactions
● Intelli...
Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
● Pre-engagement Interactions
● Intelligence Gathering
...
Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
http://www.pentest-standard.org/index.php/Vulnerability...
Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
http://www.pentest-standard.org/index.php/Vulnerability...
Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
http://www.pentest-standard.org/index.php/Vulnerability...
DISCLAIMER
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
● I am not a professional penetration
tester. But, I am stay...
DISCLAIMER
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
DISCLAIMER
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Getting Intimate
Know your Ports!
Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Getting Intimate
Know your Logs!
Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Getting Intimate
Know your Software!
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
https://www2.trustwave.com/cpn-hackers-playbook-2013-sm.html
Self Asses...
Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Tools
● NeXpose (Rapid7)
● Nessus (Tenable)
● BurpSuite...
Fire Drills
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Why?
Fire Drills
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
● Are your tools working?
● Does your team react appropriat...
Pitfalls to Avoid
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
● Verify Scope!
● Start Small / Focused
● Be wary of ...
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
“[T]he ultimate goal should be to
develop an environment in which
secur...
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
My Big Security Idea!
New Tool
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
New Tool
Will Steele @pen_test
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
New Tool
Conclusion
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
In Conclusion
Acknowledgments
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
● @securitymoey
● @jwgoerlich
● @jaysonstreet
● @elizmm...
PoshSec Developers
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
● @mwjohnson
● @jwgoerlich
● @securitymoey
● @mortpr...
PoshSec Framework - Beta
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
http://github.com/poshsec/poshsecframework
Con...
Contact Information
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
● @Ben0xA
● Ben0xA on Freenode (IRC)
● derbycon@ben...
Thank You!
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Conclusion
Upcoming SlideShare
Loading in...5
×

It's Okay To Touch Yourself - DerbyCon 2013

843

Published on

It takes a company an average of 35 days to detect when they have been compromised. For some, it can take years. As fast as software changes and new vulnerabilities are discovered, waiting for an annual penetration test is just not enough. In this talk, I will show you how we perform self-audits on our own network on a continual basis. You will learn about the tools that we use so that you can audit your own network to determine if your technical and physical controls will detect a security incident. I will show you how our self-audits and 'fire drills' engage our IT team, allowing us to learn both how to detect when an incident is occurring and how to react. I will also share some mistakes I've made and give you tips on performing a self-assessment without disrupting your business. You will see how this has strengthened our awareness education and our overall security posture. If you've never performed a self-audit this talk will be a great introduction. It's okay to touch your...network.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
843
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "It's Okay To Touch Yourself - DerbyCon 2013"

  1. 1. It's Okay To Touch Yourself! DerbyCon 2013 Ben Ten (@Ben0xA)
  2. 2. About Me ● 12+ years experience in Health Care Information Systems ● Vice President & Security Officer ● Developer (Builder) ● Security Consultant, Trainer It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  3. 3. About Me ● Federal Regulation Compliance Oversight (HIPAA, HITECH, PCI, Meaningful Use, Red Flag) ● Manager ● Gamer ● Love Science Fiction It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  4. 4. Overview It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 This talk is SFW!
  5. 5. Overview ● State of Breach Detection ● What is a Self Assessment ● Performing Fire Drills ● Pitfalls to Avoid ● Tools ● Acknowledgments ● Q&A It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  6. 6. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  7. 7. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #10
  8. 8. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #9
  9. 9. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #8
  10. 10. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #7
  11. 11. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #6
  12. 12. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #5
  13. 13. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #4
  14. 14. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #3
  15. 15. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #2
  16. 16. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #1
  17. 17. Why This Talk? Why Me? It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 A @dave_rel1k story...
  18. 18. Why This Talk? Why Me? It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  19. 19. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 64% of businesses did not detect they had a breach until after 90 days! Source: 2013 Global Security Report ~ Trustwave https://www2.trustwave.com/2013GSR.html
  20. 20. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  21. 21. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Approximately 70% of breaches were discovered by external parties who then notified the victim. Source: 2013 Data Breach Investigations Report ~ Verizon http://www.verizonenterprise.com/DBIR/2013/
  22. 22. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  23. 23. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Source: 2013 Data Breach Investigations Report ~ Verizon http://www.verizonenterprise.com/DBIR/2013/
  24. 24. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 But we have these tools!!!11!!!two ● SIEM ● DLP ● IDS/IPS ● Logs
  25. 25. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 So, what's the problem?
  26. 26. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● Poorly implemented tools ● Lack of implemented tools ● Or maybe it's a perception issue...
  27. 27. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Security by Obscurity
  28. 28. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Security by Vicinity
  29. 29. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Security by Divinity
  30. 30. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 It's time to get intimate with your...network!
  31. 31. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 At the very least, the critical parts of your network!
  32. 32. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 PTES – An Intro ● Pre-engagement Interactions ● Intelligence Gathering ● Threat Modeling ● Vulnerability Analysis ● Exploitation ● Post Exploitation ● Reporting
  33. 33. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● Pre-engagement Interactions ● Intelligence Gathering ● Threat Modeling ● Vulnerability Analysis ● Exploitation ● Post Exploitation ● Reporting PTES – An Intro
  34. 34. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 http://www.pentest-standard.org/index.php/Vulnerability_Analysis
  35. 35. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 http://www.pentest-standard.org/index.php/Vulnerability_Analysis
  36. 36. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 http://www.pentest-standard.org/index.php/Vulnerability_Analysis
  37. 37. DISCLAIMER It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● I am not a professional penetration tester. But, I am staying at the Hyatt. ● Do not attempt anything on any network unless you have written permission! ● Do not do this on production first. Use a test environment!
  38. 38. DISCLAIMER It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  39. 39. DISCLAIMER It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  40. 40. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Getting Intimate Know your Ports!
  41. 41. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Getting Intimate Know your Logs!
  42. 42. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Getting Intimate Know your Software!
  43. 43. It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 https://www2.trustwave.com/cpn-hackers-playbook-2013-sm.html Self Assessment
  44. 44. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Tools ● NeXpose (Rapid7) ● Nessus (Tenable) ● BurpSuite ● Health Monitor ● nmap/zenmap ● ninite
  45. 45. Fire Drills It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Why?
  46. 46. Fire Drills It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● Are your tools working? ● Does your team react appropriately? ● What is happening during that nmap, nexpose, nessus, scan? ● What's the Incident Response plan and is it working?
  47. 47. Pitfalls to Avoid It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● Verify Scope! ● Start Small / Focused ● Be wary of untested tools! ● Secure your results ● Don't DoS yourself
  48. 48. It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 “[T]he ultimate goal should be to develop an environment in which security events are discovered innately—by both responsible security professionals or others in the organization.” Source: 2013 Global Security Report ~ Trustwave https://www2.trustwave.com/2013GSR.html New Tool
  49. 49. It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 My Big Security Idea! New Tool
  50. 50. It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 New Tool Will Steele @pen_test
  51. 51. It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 New Tool
  52. 52. Conclusion It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 In Conclusion
  53. 53. Acknowledgments It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● @securitymoey ● @jwgoerlich ● @jaysonstreet ● @elizmmartin ● @rogueclown ● @dualcoremusic ● @derbycon Conclusion
  54. 54. PoshSec Developers It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● @mwjohnson ● @jwgoerlich ● @securitymoey ● @mortprime ● @rjcassara ● @PoshSec Conclusion
  55. 55. PoshSec Framework - Beta It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 http://github.com/poshsec/poshsecframework Conclusion View the ReadMe!
  56. 56. Contact Information It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● @Ben0xA ● Ben0xA on Freenode (IRC) ● derbycon@ben0xa.com ● http://ben0xa.com ● http://github.com/Ben0xA ● http://github.com/PoshSec Questions? Conclusion
  57. 57. Thank You! It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Conclusion
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×