Your SlideShare is downloading. ×
0
Hey you…  Stay away from my network…  Esmaeil Sarabadani  Systems and Security Consultant  Redynamics Asia Sdn. Bhd.
What will be covered…•   Cloud computing, Social Networking    and the Information Leak•   Social Engineering•   Port Scan...
The world is changing …
Cloud    Computing…
Revealing Information…    Social Networks vs. Social Engineering        There is no patch for human stupidity!
What kind of risk ?!!           •   Employees reveal so much information               about the company.           •   Ha...
What kind of risk ?!! How much would you get to sell out your colleague?     Would you accept 1000 USD to give out a simpl...
Do not block Facebook to them at work…  Educate your users and employees...             Let them know about the threats......
The Steps in Hacking                                               Step 3                          Step 2                 ...
Port Scanning  Scanning the target computer to detect the open ports.                 What hackers do…     •    Detect Ope...
Nmap
Vulnerability Scanning Scanning the target computer:    •   For possible security bugs        and vulnerabilities    •   F...
Nessus & MBSA
•   Discovering Vulnerabilities in Microsoft Products•   Releasing Security Updates, Patches and Service Packs•   Advanced...
What if Hackers are Faster ?!!                          1 week         Security       Vulnerability               Security...
Enhanced Mitigation Experience Toolkit                         (EMET v 2.1)•   Uses Security Mitigation    Technologies•  ...
Enhanced Mitigation Experience Toolkit
Security Best Practices                        Be thorough.    Your security is only as strong as your weakest link.Securi...
Questions & Answers
ResourcesEmail: e.sarabadani@gmail.comBlog: http://esihere.wordpress.com/Twitter: http://www.twitter.com/esmaeilsUseful we...
Win Cool Prizes!!!   Complete the Tech Insights contests   and stand a chance to win many cool   prizes…   Look in your co...
We value your feedback!Please remember to complete theoverall conference evaluation form (inyour bag) and return it to the...
Hey you... Stay away from my network - Techinsights 2011 SEA
Upcoming SlideShare
Loading in...5
×

Hey you... Stay away from my network - Techinsights 2011 SEA

605

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
605
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Presenters please use this slide to direct participants to websites, books, trials, product pages etc as a follow through to your presentation
  • Transcript of "Hey you... Stay away from my network - Techinsights 2011 SEA"

    1. 1. Hey you… Stay away from my network… Esmaeil Sarabadani Systems and Security Consultant Redynamics Asia Sdn. Bhd.
    2. 2. What will be covered…• Cloud computing, Social Networking and the Information Leak• Social Engineering• Port Scanning and Nmap• Vulnerability scanning with MBSA & Nessus• Microsoft Security Response Center• Enhanced Mitigation Experience Toolkit• Security Best Practices
    3. 3. The world is changing …
    4. 4. Cloud Computing…
    5. 5. Revealing Information… Social Networks vs. Social Engineering There is no patch for human stupidity!
    6. 6. What kind of risk ?!! • Employees reveal so much information about the company. • Hackers create fake Facebook profiles pretending to be your colleagues. • Convincing the employees to click on malicious URLs that they post on Facebook. • People leave their: • Phone numbers • Photos • Status messages containing very important information
    7. 7. What kind of risk ?!! How much would you get to sell out your colleague? Would you accept 1000 USD to give out a simple document from inside the company? • How about 10,000 USD ??? • How about 100,000 USD ??? Do you trust everyone at work? How do you realize if someone is the bad guy?
    8. 8. Do not block Facebook to them at work… Educate your users and employees... Let them know about the threats... Evaluate their awareness every now and then…
    9. 9. The Steps in Hacking Step 3 Step 2 Step 4 Step 1 Establish a Initial intrusion Obtain userReconnaissance backdoor into into the network credentials the network Step 7 Step 6 Step 5 Privilege escalation Maintain /lateral movement Install various persistence /data exfiltration utilities
    10. 10. Port Scanning Scanning the target computer to detect the open ports. What hackers do… • Detect Open Ports • Detect the services behind those ports • Find security vulnerabilities of those services • Attack the vulnerabilities
    11. 11. Nmap
    12. 12. Vulnerability Scanning Scanning the target computer: • For possible security bugs and vulnerabilities • For open and filtered ports • To detect the target OS • To get a solution to fix the bug • To get a link for the exploits
    13. 13. Nessus & MBSA
    14. 14. • Discovering Vulnerabilities in Microsoft Products• Releasing Security Updates, Patches and Service Packs• Advanced Update Notifications• Microsoft Security Essentials• Malicious Software Removal Tool
    15. 15. What if Hackers are Faster ?!! 1 week Security Vulnerability Security Patch 3 Days Exploit
    16. 16. Enhanced Mitigation Experience Toolkit (EMET v 2.1)• Uses Security Mitigation Technologies• Makes it Difficult to Exploit the 0-Day Bugs on Systems• Can Cover Security Bugs on any Softwares on the System
    17. 17. Enhanced Mitigation Experience Toolkit
    18. 18. Security Best Practices Be thorough. Your security is only as strong as your weakest link.Security and complexity are often inversely proportional. Begin your security design from the clients.
    19. 19. Questions & Answers
    20. 20. ResourcesEmail: e.sarabadani@gmail.comBlog: http://esihere.wordpress.com/Twitter: http://www.twitter.com/esmaeilsUseful websites:http://technet.microsoft.com/http://www.insecuremag.com/http://technet.microsoft.com/en-us/edge/ff524488
    21. 21. Win Cool Prizes!!! Complete the Tech Insights contests and stand a chance to win many cool prizes… Look in your conference bags NOW!!
    22. 22. We value your feedback!Please remember to complete theoverall conference evaluation form (inyour bag) and return it to theRegistration Counter on the last day inreturn for a Limited Edition Gift
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×