Practical Cyber Defense

597 views

Published on

This presentation was given at the CIISF Conference - "Cyber threat to opportunity: protecting your business in a changing world" held in jersey on 30th May 2014

Published in: Internet, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
597
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Practical Cyber Defense

  1. 1. Practical CyberDefense By Paul Dutot
  2. 2. About me ● Co Founder of the CIISF Practical CyberDefense ● Employed as an Ethical Security Consultant @ Logicalis Jersey ● Practice Offensive & Defensive Security for businesses at all verticals
  3. 3. Agenda ● Concepts I and II Practical CyberDefense ● Stages 1-5 of a practical Cyber Defense with more demo's ● Resources Questions at the end please ● Reverse & Bind Shells Demo
  4. 4. Concepts I “Attackers have months to prepare, defenders have minutes to react” Practical CyberDefense “This is not a security control !!!!” vs
  5. 5. Concepts II “Security is a journey” Practical CyberDefense “What are the bad guys trying to achieve?
  6. 6. Reverse & Bind Shells Practical CyberDefense Demo
  7. 7. Stage 1 – Buy In ● Appoint a 'Cyber' champion ● 'C' level Buy In ● Maintain a 'Cyber' risk register Practical CyberDefense ● Do Security Awareness
  8. 8. Stage 2 - Reconnaisance Some Forgotten Ones Practical CyberDefense Demo
  9. 9. Reconnaisance Aims Practical CyberDefense ● To profile your organsiation ● In preparation for social enginering attacks and or email phishing
  10. 10. Reconnaisance - Mitigation Practical CyberDefense ● Undertake reconnaisance to find public information ● Mitigate risk by takedown and creating contray information ● Test your defenses and train your users
  11. 11. Phishing is a big deal !!! Practical CyberDefense
  12. 12. Stage 3 – Understanding AV Is AV really protecting us - the case for and against Practical CyberDefense
  13. 13. Stage 3 – AV Bypass Demo - The case against Practical CyberDefense
  14. 14. Stage 3 – The case for We still need AV to protect us ! Practical CyberDefense
  15. 15. Stage 4 – Think outside the box ● Databases – They are the end game Practical CyberDefense ● Web applications – Owasp Top 10 ● UC Communications – TDos / Toll Fraud ● Data Encryption – Laptops / Desktops / Databases
  16. 16. Stage 5 – It's not if but when SIEM – Security, Information& Event Monitoring Practical CyberDefense
  17. 17. Stage 5 – SIEM OSSIM SIEM – Free open Source SIEM Demo Practical CyberDefense
  18. 18. Resources Florida State ● http://www.cs.fsu.edu/~redwood/OffensiveSecurity/ Practical CyberDefense SANS Institute ● http://www.sans.org/critical-security-controls/controls/ OWASP Top 10 - 2013 ● https://www.owasp.org/index.php/Top_10_2013-Top_10
  19. 19. Thank you – Any Questions? Blog – http://cyberkryption.com Practical CyberDefense @cyberkryption paul.dutot@je.logicalis.com

×