0
Bright Talk Security Summit: July 8 th  2010 Mark Henshaw
Statistics <ul><li>Employees spend 50 minutes a day using social networking at work </li></ul><ul><li>40%+ of work emails ...
Threat in depth <ul><li>Your senior management </li></ul><ul><li>Your user communities </li></ul><ul><li>Your processes, o...
Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a f...
Sponsored intrusion <ul><li>Sponsored intrusion is a deliberate targeted attempt by a hostile party to gain unlawful acces...
Intrusion Prevention System <ul><li>A misnomer - even the best IPS are unable to detect all cyber attacks, therefore IPS w...
Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a f...
Business as a target <ul><li>Intrusion attacks, highly sophisticated across multiple surfaces </li></ul><ul><li>The ‘as a ...
High profile attacks <ul><li>What if your company is high-profile and symbolic of a countries national identity </li></ul>...
But it’s all about the user <ul><li>Your senior management </li></ul><ul><li>Your user communities </li></ul><ul><li>Your ...
Spear Phishing <ul><li>GhostNet, Chinese espionage ring </li></ul><ul><li>1,300 infected computers in 103 countries </li><...
Worlds largest botnet - Africa <ul><li>African IT experts estimate an 80% infection rate on all PCs continent-wide </li></...
Authentication and ease of access
Third age of hacking <ul><li>1st Age: Servers </li></ul><ul><ul><li>Servers </li></ul></ul><ul><ul><li>FTP, Telnet, Mail, ...
$100 For an email password
 
Weapons <ul><li>Keylogger’s </li></ul><ul><ul><li>Both hardware and software </li></ul></ul><ul><ul><li>Easy to use </li><...
iPhone p0wned <ul><li>Stealing the email credentials for an iPhone </li></ul><ul><ul><li>Run a man in the middle attack ov...
Another way in to your network <ul><li>Business has been asking for advice relating to the suitability of iPhone’s for cor...
Social (networks) engineering <ul><li>Exploiting users </li></ul><ul><li>Stealing their private data </li></ul><ul><li>Tru...
Social networks, trust <ul><li>Increase in the pervasiveness of vulnerabilities due to unfettered hyperconnected trust is ...
Social networking <ul><li>Social networking - becoming a big risk </li></ul><ul><ul><li>Current issues </li></ul></ul><ul>...
Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a f...
Defence in depth, a distraction <ul><li>A feel-good distraction? </li></ul><ul><li>Obviously not, but from the Boards pers...
Defence in depth, a distraction <ul><li>We know its all about the user… </li></ul><ul><li>But the education and awareness ...
Defence in depth, a distraction <ul><li>The board thinks Defence in depth is mostly done </li></ul><ul><li>It’s about tech...
Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a f...
Your IP, a matter of time <ul><li>If you are an interesting target then…yes </li></ul><ul><li>Countless examples </li></ul...
Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a f...
   Risk taker Risk averse   How do you see it? Cloud provider Start-up Mature business CIO Business unit Legal Governanc...
Elastic computing, cloud <ul><li>You are a target or will become a target where your data is held alongside valuable infor...
Elastic computing, cloud <ul><li>Firewalls can't manage access to cloud applications because by definition these applicati...
Elastic computing, cloud <ul><li>Geography can lose all meaning, location seems irrelevant – not able to tell where data i...
Elastic computing, cloud <ul><li>Your organisation releases the elastic cloud space previously used – it may be done by an...
Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a f...
Reducing the likelihood <ul><li>The advent of the netcentric world has changed the threat environment dramatically </li></...
Reducing the likelihood <ul><li>Drive change from the top </li></ul><ul><li>Deliver Social Media Policy </li></ul><ul><li>...
Reducing the likelihood <ul><li>A layered defence of active and passive defences </li></ul><ul><li>Active defences may pro...
Reducing the likelihood <ul><li>Cloud computing must provide security on par with what exists inside the firewall - compli...
Reducing the likelihood <ul><li>Employ skilled staff with thorough understanding of the network environment and then train...
Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a f...
End <ul><li>For more information please contact </li></ul><ul><ul><li>[email_address] </li></ul></ul><ul><li>Visit the IT ...
Upcoming SlideShare
Loading in...5
×

Bright talk intrusion prevention are we joking - henshaw july 2010 a

744

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
744
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Sponsored intrusion is a deliberate targeted attempt by a hostile party to gain unlawful access to another network and systems, and ultimately a) steal their intellectual property, b) complete some malicious electronic act causing destruction and/or collapse The attack is funded and supported, possibly by the state Coordinated and employs a good level of expertise and sophistication The network and systems under attack can be in the same country as the attacker, but often the attack will be launched into another countries territory Cybercrime is the training ground for cyberwarfare Cyberspace is a crime syndicates dream
  • Intrusion attacks, highly sophisticated across multiple surfaces The ‘as a service model’ has been available to cyber criminals and state sponsored organisations for some time Exponential computing power is available, and now offered as a service through the cloud ~real-time password computation Everything is hackable ~TPM Cyptoprocessor, Chris Tarnovsky People are fallible, social engineers are feasting at the all you can eat buffet of social networking sites ~we help the intrusion process, insecure technology, ubiquitous trust Present an easy target, may as well advertise
  • What if your company is high-profile and symbolic of a countries national identity McDonald’s = USA Defacements and hacking associated with multinational companies or product lines, and high-profile organisations McDonald’s, Skype, Mazda, Burger King, Pepsi, Fujifilm, Volkswagen, Sprite, Gillette, Fanta, Daihatsu, and Kia United Nations, Havard University, Microsoft, Royal Dutch Shell, the National Basketball Association The intrusion attack on your company may come from an unexpected quarter Not in it for financial gain A foreign power attempting to overthrow the capitalist dictator
  • GhostNet, Chinese espionage ring 1,300 infected computers in 103 countries 30% located in government offices, media companies and non-government organisations (NGOs) RAT named gh0st RAT, complete control of host computer Actvate web cam and conduct audio and video surveillance Search for and exfiltrate sensitive documents Initiate key logging to capture usernames and passwords Variant of an old Spear Phishing scheme Attacker sends out carefully worded email message to an organisation or company that features highly focused content
  • African IT experts estimate an 80% infection rate on all PCs continent-wide, including government computers ~a cyber pandemic Unable to afford anti-virus software Dial-up download times make updates obsolete Broadband service is now delivered mid 2010 providing a massive, target-rich environment 100 Million computers available for botnet herders to add infected hosts 1 Million hosts could generate enough traffic to take most Fortune 500 companies collectively offline
  • 1st Age: Servers Servers FTP, Telnet, Mail, Web. These were the things that consumed bytes from a bad guy The Hack left a foot print 2nd Age: Browsers Javascript, ActiveX, Java, Image formats, DOMs These are the things that are getting locked down Slowly Incompletely 3rd Age: Passwords Gaining someone&apos;s password is the skeleton key to their life and your business Totally invisible – no trace
  • You are a target or will become a target where your data is held alongside valuable information Governance/Compliance: maze of data handling rules Legal maturity: Cloud models complex hard to define, poor or non existent legal structures and precedents Cost: driving utilisation of possible high-risk providers SaaS, PaaS, DaaS, etc cloud providers and sub providers who?, where?, what? Data aggregation done at different levels in the cloud, multiple copies of data in the cloud, how to assure deletion of this data Data is fungible and can be transferred to lowest cost cloud provider, without consent of customer – low cost provider may have poor or non existent policy and security
  • Firewalls can&apos;t manage access to cloud applications because by definition these applications are accessed over the Internet outside the corporate firewall Poor system authentication, authorisation and accounting (AAA) could facilitate unauthorised access to resources, privileges escalation, impossibility of tracking the misuse of resources and security incidents in general – insecure storage of cloud access credentials by customer, insufficient roles available, credentials stored on a transitory machine. Cloud makes password based authentication attacks (trend of fraudster using a Trojan to steal corporate passwords) much more impactful since corporate applications are now exposed to the internet.
  • The advent of the netcentric world has changed the threat environment dramatically Organisations need to reassess how they collect, analyse and use intelligence Offence must inform defence Looking forward, proactive Reduce your attractiveness, make someone else the target There is a need to find the right balance between security and transparency – pragmatic approach
  • Drive change from the top, implement governance structures that are aware and monitoring, put the CISO on the Board Deliver Social Media Policy Threat modelling, coupled with a risk assessment and risk management program to focus resources appropriately Testing high risk groups of people within the organisation for social engineering attacks Implement 2-factor authentication for all remote users
  • Duty of prevention, technical capacity of trace programs to trace attacks back to their point of origin, and attribution
  • Transcript of "Bright talk intrusion prevention are we joking - henshaw july 2010 a"

    1. 1. Bright Talk Security Summit: July 8 th 2010 Mark Henshaw
    2. 2. Statistics <ul><li>Employees spend 50 minutes a day using social networking at work </li></ul><ul><li>40%+ of work emails are of a personal nature and non business related </li></ul><ul><li>3-5% of users will enter personal data into a phishing site if they reach it </li></ul><ul><li>46% of the respondents to a messaging survey said they had experienced an increase in malware incidents </li></ul><ul><li>More than 2700 websites hosting malware are going online every day </li></ul><ul><li>Malware delivery vectors: email 15%, Web 85% </li></ul><ul><li>20%+ of outgoing emails contains content that poses a legal, financial or regulatory risk </li></ul><ul><li>Social-networking sites do not monitor content for the hosting of malware </li></ul><ul><li>49% of companies allow unlimited access to social networking sites </li></ul><ul><li>Web email or web postings account for 37% of information leaks </li></ul><ul><li>Two-thirds of organisations are using at least one Web 2.0 application, yet also see these applications as a serious privacy concern </li></ul>
    3. 3. Threat in depth <ul><li>Your senior management </li></ul><ul><li>Your user communities </li></ul><ul><li>Your processes, or lack thereof </li></ul><ul><li>Your software and applications </li></ul><ul><li>Your infrastructure </li></ul><ul><li>Your suppliers and outsourced processes </li></ul><ul><li>Your competitors </li></ul>INCREASING RISKS GENERALLY CATALOGUED - IN A MANAGEMENT PROCESS
    4. 4. Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a feel good distraction? If they [cyber criminals] want your IP then is it just a matter of time? Elastic cloud computing or elastic intrusion?
    5. 5. Sponsored intrusion <ul><li>Sponsored intrusion is a deliberate targeted attempt by a hostile party to gain unlawful access to another network and systems, and ultimately a) steal their intellectual property, b) complete some malicious electronic act causing destruction and/or collapse </li></ul><ul><li>The attack is funded and supported, possibly by the state </li></ul><ul><li>Coordinated and employs a good level of expertise and sophistication </li></ul>
    6. 6. Intrusion Prevention System <ul><li>A misnomer - even the best IPS are unable to detect all cyber attacks, therefore IPS will not prevent all intrusions </li></ul><ul><li>The CEO/COO and Board see IPS as another ‘silver bullet’ </li></ul><ul><li>We’ve got firewalls and now this IDS/IPS stuff, we must be bullet proof </li></ul><ul><li>Just one element in your overall defence in depth strategy – one instrument in a very large orchestra </li></ul>
    7. 7. Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a feel good distraction? If they [cyber criminals] want your IP then is it just a matter of time? Elastic cloud computing or elastic intrusion?
    8. 8. Business as a target <ul><li>Intrusion attacks, highly sophisticated across multiple surfaces </li></ul><ul><li>The ‘as a service model’ has been available to cyber criminals and state sponsored organisations for some time </li></ul><ul><li>Exponential computing power is available, and now offered as a service through the cloud ~real-time password computation </li></ul><ul><li>Everything is hackable </li></ul><ul><li>People are fallible, social engineers are feasting at the all you can eat buffet of social networking sites </li></ul><ul><li>Present an easy target, may as well advertise </li></ul>
    9. 9. High profile attacks <ul><li>What if your company is high-profile and symbolic of a countries national identity </li></ul><ul><li>McDonald’s = USA </li></ul><ul><li>Defacements and hacking associated with multinational companies or product lines, and high-profile organisations </li></ul><ul><ul><li>McDonald’s, Skype, Mazda, Burger King, Pepsi, Fujifilm, Volkswagen, Sprite, Gillette, Fanta, Daihatsu, and Kia </li></ul></ul><ul><ul><li>United Nations, Havard University, Microsoft, Royal Dutch Shell, the National Basketball Association </li></ul></ul><ul><li>The intrusion attack on your company may come from an unexpected quarter </li></ul><ul><li>Not in it for financial gain </li></ul><ul><li>A foreign power attempting to overthrow the capitalist dictator </li></ul>
    10. 10. But it’s all about the user <ul><li>Your senior management </li></ul><ul><li>Your user communities </li></ul><ul><li>Your processes, or lack thereof </li></ul><ul><li>Your software and applications </li></ul><ul><li>Your infrastructure </li></ul><ul><li>Your suppliers and outsourced processes </li></ul><ul><li>Your competitors </li></ul>And it’s really not that difficult!
    11. 11. Spear Phishing <ul><li>GhostNet, Chinese espionage ring </li></ul><ul><li>1,300 infected computers in 103 countries </li></ul><ul><li>30% located in government offices, media companies and non-government organisations (NGOs) </li></ul><ul><li>RAT named gh0st RAT, complete control of host computer </li></ul><ul><li>Variant of an old Spear Phishing scheme </li></ul><ul><li>Attacker sends out carefully worded email message </li></ul>
    12. 12. Worlds largest botnet - Africa <ul><li>African IT experts estimate an 80% infection rate on all PCs continent-wide </li></ul><ul><li>Unable to afford anti-virus software </li></ul><ul><li>Dial-up download times make updates obsolete </li></ul><ul><li>Broadband service is now delivered mid 2010 providing a massive, target-rich environment </li></ul><ul><li>100 Million computers available for botnet herders to add infected hosts </li></ul>
    13. 13. Authentication and ease of access
    14. 14. Third age of hacking <ul><li>1st Age: Servers </li></ul><ul><ul><li>Servers </li></ul></ul><ul><ul><li>FTP, Telnet, Mail, Web. </li></ul></ul><ul><ul><li>These were the things that consumed bytes from a bad guy </li></ul></ul><ul><ul><li>The Hack left a foot print </li></ul></ul><ul><li>2nd Age: Browsers </li></ul><ul><ul><li>Javascript, ActiveX, Java, Image formats, DOMs </li></ul></ul><ul><ul><li>These are the things that are getting locked down </li></ul></ul><ul><ul><ul><li>Slowly </li></ul></ul></ul><ul><ul><ul><li>Incompletely </li></ul></ul></ul><ul><li>3rd Age: Passwords </li></ul><ul><ul><li>Gaining someone's password is the skeleton key to their life and your business </li></ul></ul><ul><ul><li>Totally invisible – no trace </li></ul></ul>
    15. 15. $100 For an email password
    16. 17. Weapons <ul><li>Keylogger’s </li></ul><ul><ul><li>Both hardware and software </li></ul></ul><ul><ul><li>Easy to use </li></ul></ul><ul><ul><li>Search for invisible keylogger on YouTube </li></ul></ul><ul><li>Phishing </li></ul>
    17. 18. iPhone p0wned <ul><li>Stealing the email credentials for an iPhone </li></ul><ul><ul><li>Run a man in the middle attack over wireless </li></ul></ul><ul><ul><li>Spoof an Access Point with ID ‘BTOpenZone’ using Hotspotter </li></ul></ul><ul><ul><li>iPhone automatically joins </li></ul></ul><ul><ul><li>Fake SSL cert using ettercap </li></ul></ul><ul><ul><li>Very weak alert </li></ul></ul><ul><ul><li>Majority of users accept, creds are sent, domain creds if Exchange sync </li></ul></ul><ul><ul><li>Fake certificate cached permanently, works on v3.0 B5 </li></ul></ul><ul><ul><li>Only defence is the ‘sleepy’ iPhone, or the very latest firmware </li></ul></ul>Credit Ken Munroe, PTP ‘ BTOpenZone’ iPhone joins network automatically Tries to synchronise email, sends certificate Capture certificate, fake a response, using valid info Weak alert, user accepts iPhone sends us its email/domain password
    18. 19. Another way in to your network <ul><li>Business has been asking for advice relating to the suitability of iPhone’s for corporate email use </li></ul><ul><li>Many people believe the iPhone offers equivalent or better security for email when compared with BlackBerry or Windows Mobile </li></ul>Does it?
    19. 20. Social (networks) engineering <ul><li>Exploiting users </li></ul><ul><li>Stealing their private data </li></ul><ul><li>Trust and relationship mapping to other legitimate users </li></ul>
    20. 21. Social networks, trust <ul><li>Increase in the pervasiveness of vulnerabilities due to unfettered hyperconnected trust is challenging the traditional defence in depth security strategies. </li></ul><ul><li>Network-to-network (n2n) bridgeheads can develop creating attack points passing through traditional defence layers and into the heart of your corporate network. </li></ul><ul><li>Trust can present real risks to your business. </li></ul>
    21. 22. Social networking <ul><li>Social networking - becoming a big risk </li></ul><ul><ul><li>Current issues </li></ul></ul><ul><ul><ul><li>People giving out information – Yes passwords and sensitive data </li></ul></ul></ul><ul><ul><ul><li>The hackers No.1 social engineering tool </li></ul></ul></ul><ul><ul><ul><li>Very very soft target for passwords </li></ul></ul></ul><ul><ul><ul><li>Twittergate was a social engineering hack </li></ul></ul></ul><ul><ul><ul><li>APIs feeding…Apache Lucene, Hadoop and Nutch…creating Hotnets for the social network analyst </li></ul></ul></ul><ul><ul><ul><li>Virtual entities are pretending to be real people in a way that enables criminals to gather personal information from the unsuspecting </li></ul></ul></ul><ul><ul><li>Emerging issues – watch this space </li></ul></ul><ul><ul><ul><li>Robots can appear online as a genuine person </li></ul></ul></ul><ul><ul><ul><li>Integrate other site functions (Your tweet’s in my Facebook) </li></ul></ul></ul><ul><ul><ul><li>Password hacking SSO mode </li></ul></ul></ul>
    22. 23. Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a feel good distraction? If they [cyber criminals] want your IP then is it just a matter of time? Elastic cloud computing or elastic intrusion?
    23. 24. Defence in depth, a distraction <ul><li>A feel-good distraction? </li></ul><ul><li>Obviously not, but from the Boards perspective…yes </li></ul><ul><li>Just as IPS suggests another ‘silver bullet’ </li></ul><ul><li>Defence in depth strategy, integrated, holistic, organism, many moving parts each intimately connected </li></ul><ul><li>Log files, monitoring, alerting, responding, automation </li></ul><ul><li>Behavioural management, AI and adaptive </li></ul>
    24. 25. Defence in depth, a distraction <ul><li>We know its all about the user… </li></ul><ul><li>But the education and awareness training budget got slashed again, needed it for a new Zoominfo website </li></ul><ul><li>We let them loose with web 2.0 technology, it’s good for the business, and the business wants to use the latest iPhone </li></ul><ul><li>Social networking sites are a boon, and Second Life helps our design teams </li></ul><ul><li>We don’t have a Social Media Policy yet </li></ul><ul><li>We’ve got firewalls and IPS so we’re sorted…right? </li></ul>
    25. 26. Defence in depth, a distraction <ul><li>The board thinks Defence in depth is mostly done </li></ul><ul><li>It’s about technical solutions to technical problems </li></ul><ul><li>They are distracted by the poor coding of applications, and rightly so </li></ul><ul><li>And they are concerned by the SOX control deficiencies, that could make them smart a little </li></ul><ul><li>Surely the users can exercise a little common sense </li></ul>But its all about the user, they are exposed and in trouble
    26. 27. Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a feel good distraction? If they [cyber criminals] want your IP then is it just a matter of time? Elastic cloud computing or elastic intrusion?
    27. 28. Your IP, a matter of time <ul><li>If you are an interesting target then…yes </li></ul><ul><li>Countless examples </li></ul><ul><li>The recent &quot;Operation Aurora&quot; attacks showed how world class IT and Defence companies could be caught out </li></ul><ul><li>Do you know where you Intellectual Property (IP) is? </li></ul><ul><li>How is it managed? </li></ul><ul><li>Who has access and why? </li></ul><ul><li>How is it protected? </li></ul><ul><li>Interestingly there are many organisations who are unable to answer these simple questions, some have not categorised what their IP is… </li></ul>
    28. 29. Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a feel good distraction? If they [cyber criminals] want your IP then is it just a matter of time? Elastic cloud computing or elastic intrusion?
    29. 30.  Risk taker Risk averse  How do you see it? Cloud provider Start-up Mature business CIO Business unit Legal Governance Security (E.g., Cost dominated) (E.g., Risk dominated) CISO
    30. 31. Elastic computing, cloud <ul><li>You are a target or will become a target where your data is held alongside valuable information </li></ul><ul><li>Governance/Compliance: maze of data handling rules </li></ul><ul><li>Legal maturity: Cloud models complex hard to define, poor or non existent legal structures and precedents </li></ul><ul><li>Cost: driving utilisation of possible high-risk providers </li></ul><ul><li>Data is fungible and can be transferred to lowest cost cloud provider, without consent of customer – low cost provider may have poor or non existent policy and security </li></ul>
    31. 32. Elastic computing, cloud <ul><li>Firewalls can't manage access to cloud applications because by definition these applications are accessed over the Internet outside the corporate firewall </li></ul><ul><li>Poor system authentication, authorisation and accounting (AAA) could facilitate unauthorised access to resources, privileges escalation, impossibility of tracking the misuse of resources and security incidents in general </li></ul><ul><li>Cloud makes password based authentication attacks (trend of fraudster using a Trojan to steal corporate passwords) much more impactful </li></ul>
    32. 33. Elastic computing, cloud <ul><li>Geography can lose all meaning, location seems irrelevant – not able to tell where data is at any given point in time </li></ul><ul><li>Multiple data copies being stored in different locations – also true for private cloud </li></ul><ul><li>Public cloud economics is about trading available processing and storage capacity…data is fungible, and able to be moved …like trading electricity </li></ul>
    33. 34. Elastic computing, cloud <ul><li>Your organisation releases the elastic cloud space previously used – it may be done by an aggregator you are unaware of </li></ul><ul><li>You think your data has gone…it’s still there </li></ul><ul><li>Organised crime has identified this </li></ul><ul><li>They watch for elastic cloud space release and then buy up </li></ul><ul><li>Forensically examine and mine your information </li></ul><ul><li>No need to execute some elaborate intrusion, just sit and wait </li></ul>
    34. 35. Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a feel good distraction? If they [cyber criminals] want your IP then is it just a matter of time? Elastic cloud computing or elastic intrusion?
    35. 36. Reducing the likelihood <ul><li>The advent of the netcentric world has changed the threat environment dramatically </li></ul><ul><li>Organisations need to reassess how they collect, analyse and use intelligence </li></ul><ul><li>Offence must inform defence </li></ul><ul><li>Reduce your company attractiveness, make someone else the target </li></ul><ul><li>There is a need to find the right balance between security and transparency – pragmatic approach </li></ul>
    36. 37. Reducing the likelihood <ul><li>Drive change from the top </li></ul><ul><li>Deliver Social Media Policy </li></ul><ul><li>Threat modelling, coupled with a risk assessment and risk management program </li></ul><ul><li>Testing high risk groups of people within the organisation for social engineering attacks </li></ul><ul><li>Implement 2-factor authentication for all remote users </li></ul>
    37. 38. Reducing the likelihood <ul><li>A layered defence of active and passive defences </li></ul><ul><li>Active defences may provoke, or violate internet laws </li></ul><ul><li>Duty of prevention </li></ul><ul><li>Social Media Policy and OPSEC training </li></ul><ul><li>Enforce application securing principles </li></ul><ul><li>Education and awareness training for all staff </li></ul><ul><li>Patch vulnerable systems </li></ul>
    38. 39. Reducing the likelihood <ul><li>Cloud computing must provide security on par with what exists inside the firewall - compliance is impossible without controls </li></ul><ul><li>Password based authentication will become insufficient and a need for stronger or two-factor authentication for accessing cloud resources will be necessary </li></ul><ul><li>Requires intelligent cloud strategy from the very beginning </li></ul>
    39. 40. Reducing the likelihood <ul><li>Employ skilled staff with thorough understanding of the network environment and then train them on the attacks and mindset of the cybercriminal </li></ul><ul><li>Remove domain admin accounts for end users </li></ul><ul><li>Ensure all logs produced are reviewed and acted upon </li></ul><ul><li>Education, education, education… </li></ul><ul><li>Training, training, training… </li></ul>
    40. 41. Agenda So what can we do to reduce the likelihood? Can you prevent state sponsored intrusion? Is defence in depth just a feel good distraction? If they [cyber criminals] want your IP then is it just a matter of time? Elastic cloud computing or elastic intrusion?
    41. 42. End <ul><li>For more information please contact </li></ul><ul><ul><li>[email_address] </li></ul></ul><ul><li>Visit the IT Duco blog to download the complete forum raw transcript (Word doc, docx), you can also leave your comments there too </li></ul><ul><ul><li>http://duconotitia.blogspot.com/2010/06/intrusion-prevention-are-we-joking.html </li></ul></ul><ul><li>A version of this slide deck will also be available on the blog </li></ul><ul><li>Thanks to all who contributed, writing into the blog and LinkedIn groups </li></ul>
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×