Information Security Overview


Published on

null Dharmashala Chapter - March 2014 Meet

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Information Security Overview

  1. 1. Information Security By Murtuja Bharmal
  2. 2. Agenda • Classical Penetration Attacks • Current Threat Landscape • New Attack Vector
  3. 3. Classical Penetration attacks • Penetration attack steps: o Reconnaissance o Fingerprinting o Application Analysis o Threat Analysis o Exploitation of vulnerability
  4. 4. Evolution • How Solution Evolved – Firewall become smarter – IPS evolved, can stop netowork base attack in real time – Policy control can be strongly enfored for enterprise assets (DMZ, Server etc.)
  5. 5. Classical attack simulation Local Lan Firewall/IPS INTERNET DMZ LAN 12 3 4
  6. 6. Current Threat Landscape • Paradigm shift in Threat landscape • More than 80% attacks today are web based • Attack vector is shifting from Network to Application • Malware growth has been exponential • Number of compromised active hosts on internet are in millions • Data theft is on all time high • Hacking is no more about thrill, it's all money
  7. 7. New Attack Vector
  8. 8. Latest attack technique • Attacks are highly automated • Dynamic host generation • User generated forums for C & C (Twitter, google groups,IRC) • Automated polymorphic malware generation • Built-in debugger evasion • Malicious code-injection in legitimate sites(msn canada, BOI). There goes your URL Filter! • Advanced encrypted channels for communication
  9. 9. Botnet Command and Control BOT BOT BOT BOT C & C
  10. 10. Favorite attack vectors • Browser is the most preferred attack vector: o Exploiting browser plugins: • PDF (aka Penetration Document Format) , Flash, Java and other client applications • Or plain old reliable user who'll do anything if you ask nicely :)
  11. 11. The Ultimate Problem INPUT
  12. 12. Exploiting System Flaws ATM Fraud in Kolkat and Bihar tools-screw-drivers.html Double refund fraud in kolkata crack-Rs-2-crore-double- refund/articleshow/6904492.cms
  13. 13. Top Security Trends Nation-sponsored hacking: When APT meets industrialization The insider threat is much more than you had imagined Man in the Browser attacks will man up Misanthropes and anti-socials: Privacy vs. security in social networks File security takes centre stage Data security goes to the cloud Mobile devices compromise data security Hackers feeling the heat Cyber security becomes a business process Convergence of data security and privacy regulation worldwide Source:
  14. 14.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.