Practical Cyber Defense

  • 110 views
Uploaded on

This presentation was given at the CIISF Conference - "Cyber threat to opportunity: protecting your business in a changing world" held in jersey on 30th May 2014

This presentation was given at the CIISF Conference - "Cyber threat to opportunity: protecting your business in a changing world" held in jersey on 30th May 2014

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
110
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
9
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Practical CyberDefense By Paul Dutot
  • 2. About me ● Co Founder of the CIISF Practical CyberDefense ● Employed as an Ethical Security Consultant @ Logicalis Jersey ● Practice Offensive & Defensive Security for businesses at all verticals
  • 3. Agenda ● Concepts I and II Practical CyberDefense ● Stages 1-5 of a practical Cyber Defense with more demo's ● Resources Questions at the end please ● Reverse & Bind Shells Demo
  • 4. Concepts I “Attackers have months to prepare, defenders have minutes to react” Practical CyberDefense “This is not a security control !!!!” vs
  • 5. Concepts II “Security is a journey” Practical CyberDefense “What are the bad guys trying to achieve?
  • 6. Reverse & Bind Shells Practical CyberDefense Demo
  • 7. Stage 1 – Buy In ● Appoint a 'Cyber' champion ● 'C' level Buy In ● Maintain a 'Cyber' risk register Practical CyberDefense ● Do Security Awareness
  • 8. Stage 2 - Reconnaisance Some Forgotten Ones Practical CyberDefense Demo
  • 9. Reconnaisance Aims Practical CyberDefense ● To profile your organsiation ● In preparation for social enginering attacks and or email phishing
  • 10. Reconnaisance - Mitigation Practical CyberDefense ● Undertake reconnaisance to find public information ● Mitigate risk by takedown and creating contray information ● Test your defenses and train your users
  • 11. Phishing is a big deal !!! Practical CyberDefense
  • 12. Stage 3 – Understanding AV Is AV really protecting us - the case for and against Practical CyberDefense
  • 13. Stage 3 – AV Bypass Demo - The case against Practical CyberDefense
  • 14. Stage 3 – The case for We still need AV to protect us ! Practical CyberDefense
  • 15. Stage 4 – Think outside the box ● Databases – They are the end game Practical CyberDefense ● Web applications – Owasp Top 10 ● UC Communications – TDos / Toll Fraud ● Data Encryption – Laptops / Desktops / Databases
  • 16. Stage 5 – It's not if but when SIEM – Security, Information& Event Monitoring Practical CyberDefense
  • 17. Stage 5 – SIEM OSSIM SIEM – Free open Source SIEM Demo Practical CyberDefense
  • 18. Resources Florida State ● http://www.cs.fsu.edu/~redwood/OffensiveSecurity/ Practical CyberDefense SANS Institute ● http://www.sans.org/critical-security-controls/controls/ OWASP Top 10 - 2013 ● https://www.owasp.org/index.php/Top_10_2013-Top_10
  • 19. Thank you – Any Questions? Blog – http://cyberkryption.com Practical CyberDefense @cyberkryption paul.dutot@je.logicalis.com