Your SlideShare is downloading. ×
0
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Hey you... get off my network
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Hey you... get off my network

1,184

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,184
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Hey You… Get off my Network…<br />How to stay firm against security threats and plan ahead for security…<br />Esmaeil Sarabadani<br />Systems and Security Consultant<br />
  • 2. What will be covered … <br /><ul><li>The History and Story of DATA …
  • 3. Cloud Computing and its Possible Security Threats
  • 4. Security in the Cloud from the Client’s Perspective
  • 5. Social Engineering
  • 6. Security Misconfiguration
  • 7. Microsoft Attack Surface Analyzer
  • 8. Microsoft Baseline Security Analyzer
  • 9. Security Vulnerabilities
  • 10. 0-Day Exploits and How to Stop Them...
  • 11. Enhanced Mitigation Experience Toolkit
  • 12. Endpoint Security</li></li></ul><li>The Changing World !!!<br />
  • 13. Living in a Connected World…<br />DATA<br />
  • 14. Data in the Past<br /><ul><li>More Static
  • 15. Difficult to Move
  • 16. Higher Risk of Loss
  • 17. More Physical Security
  • 18. Less Storage Space</li></li></ul><li>
  • 19. Now Data is in …<br />CLOUD<br /><ul><li>Reduced Cost
  • 20. Increased Storage
  • 21. Highly Automated 
  • 22. Flexibility
  • 23. More Mobility 
  • 24. More Power</li></li></ul><li>What Type of Data is in the Cloud?<br /><ul><li>Corporate Important Data
  • 25. Users’ Personal Data
  • 26. Credit Card Information
  • 27. Government’s Confidential Information
  • 28. People’s Personal Information like Phone Numbers, e-mail</li></ul> Addresses, User Accounts and Passwords and so more.<br /><ul><li>And so more…</li></ul>How Secure is the Cloud ?!!<br />
  • 29. <ul><li>The network outage for one month.
  • 30. More than 100 million users’ credit card information was stolen.
  • 31. 3.18 Billion USD forecasted Sony loss.
  • 32. Losing so many of its users.</li></ul>Hacked !!!<br />On April 19th 2011<br />Let’s look at it in another way …<br />
  • 33. the SocialNetworkingwebsites <br />have Changed the way human being interacts…<br />People are revealing<br />so much information about themselves …<br />600 million Users<br />100 million Users<br /><ul><li>Status Messages
  • 34. Foursquare Check-ins
  • 35. Phone Numbers
  • 36. Photos and Videos</li></ul>Result = LessControl- LessPrivacy<br />200 million Users<br />
  • 37. Social Engineering<br />an Old but Empowered Technique<br /><ul><li>It is easier now with the growth in social network.
  • 38. Everything you do produces data
  • 39. Hackers use that data
  • 40. Security focus is too much on distant attacks
  • 41. Nobody really knows what needs to be secured</li></li></ul><li>AFamousHackerandSocial Engineer<br /><ul><li>Hacked into Pentagon, FBI, Novell, University of California, Motorola, Nokia, Sun Microsystems, Fujitsu Siemens
  • 42. 5 Years in Prison
  • 43. Computer Security Consultant Now</li></li></ul><li>The Steps in Hacking<br />Step 2<br />Initial intrusion into the network<br />Step 1<br />Reconnaissance<br />Step 3<br />Establish a backdoor into the network<br />Step 4<br />Obtain user credentials<br />Step 5<br />Install various utilities<br />Step 6<br />Privilege escalation /lateral movement /data exfiltration<br />Step 7<br />Maintain persistence<br />We can stop the hackers from the very beginning steps.<br />
  • 44. Adopting a Multi-Layered Defense Approach <br />Defense in Depth<br />Security Management <br />Threat and Vulnerability Management, Monitoring and Response <br />Data<br />Access Control and Monitoring, File/Data Integrity<br />User<br />Account Management, Training and Awareness, Screening<br />Application<br />Secure Engineering (SDL), Access Control and Monitoring, Anti-Malware<br />Access Control and Monitoring, Anti-Malware, Patch and Configuration Management<br />Host<br />Internal Network<br />Dual-factor Authorization, Intrusion Detection, Vulnerability Scanning<br />Network Perimeter<br />Edge Routers, Firewalls, Intrusion Detection, Vulnerability Scanning<br />Facility<br />Physical Controls, Video Surveillance, Access Control<br />
  • 45. Microsoft Attack Surface Analyzer<br /><ul><li>Developed by the Security Engineering Group at Microsoft
  • 46. Assesses the changes in Windows attack surface</li></ul>Analysis Steps:<br />Perform a Baseline Scan on a healthy system.<br />Perform another Scan on the Under-Analysis System.<br />Compare the Results.<br />Get the Report.<br />
  • 47. Microsoft Attack Surface Analyzer<br />Demo<br />
  • 48. Security Vulnerability<br />Security Exploits<br />Penetration Testers<br /> Software Security Engineers<br />
  • 49. <ul><li>Discovering Vulnerabilities in Microsoft Products
  • 50. Releasing Security Updates, Patches and Service Packs
  • 51. Advanced Update Notifications
  • 52. Microsoft Security Essentials
  • 53. Malicious Software Removal Tool</li></li></ul><li>What if Hackers are Faster ?!!<br />1 week<br />Security Vulnerability<br />Security Patch<br />3 Days<br />Exploit<br />
  • 54. Enhanced Mitigation Experience Toolkit<br />(EMET v 2.1)<br /><ul><li>Uses Security Mitigation Technologies
  • 55. Makes it Difficult to Exploit the 0-Day Bugs on Systems
  • 56. Can Cover Security Bugs on any Softwares on the System</li></li></ul><li>Microsoft Advanced Updates Notification<br />http://technet.microsoft.com/en-us/security/default.aspx<br />
  • 57. Security Focus<br />http://www.securityfocus.com<br />
  • 58. Secunia<br />http://www.secunia.com<br />
  • 59. Microsoft Baseline Security Analyzer<br />(MBSA v2.2)<br />It checks clients and Servers for:<br />Microsoft Operating System and Products Security Vulnerabilities<br />
  • 60. Microsoft Baseline Security Analyzer 2.2<br />Demo<br />
  • 61. General Rules <br />of Security in the Network<br /><ul><li>Least Privilege
  • 62. Reduce Risky Behavior
  • 63. Harden the Clients</li></li></ul><li>More than 30 million Users<br /><ul><li>Real-Time Protection
  • 64. System Scanning and Cleaning
  • 65. Live System Behavior Monitoring
  • 66. Dynamic Signature Service
  • 67. Protection Against False Positive
  • 68. Network Inspection System</li></li></ul><li>It’s too late to stop the hackers when the hack is done.<br />Sasser Worm<br /><ul><li>April 2004
  • 69. Infecting millions of computers
  • 70. Blocking Delta Air Lines Flights Satellite Communications</li></ul>Blaster Worm<br /><ul><li>August 2003
  • 71. Infecting millions of computers
  • 72. Millions of Dollars damages </li></ul>Sven Jaschan<br />Jeffrey Lee Parson<br />
  • 73.
  • 74. int contact() { <br />e-mail Address: e.sarabadani@gmail.com<br />My Blog: http://esihere.wordpress.com/<br />}<br />

×