Your SlideShare is downloading. ×
Information Security Overview
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Information Security Overview

799
views

Published on

null Dharmashala Chapter - March 2014 Meet

null Dharmashala Chapter - March 2014 Meet

Published in: Education, Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
799
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Information Security By Murtuja Bharmal
  • 2. Agenda • Classical Penetration Attacks • Current Threat Landscape • New Attack Vector
  • 3. Classical Penetration attacks • Penetration attack steps: o Reconnaissance o Fingerprinting o Application Analysis o Threat Analysis o Exploitation of vulnerability
  • 4. Evolution • How Solution Evolved – Firewall become smarter – IPS evolved, can stop netowork base attack in real time – Policy control can be strongly enfored for enterprise assets (DMZ, Server etc.)
  • 5. Classical attack simulation Local Lan Firewall/IPS INTERNET DMZ LAN 12 3 4
  • 6. Current Threat Landscape • Paradigm shift in Threat landscape • More than 80% attacks today are web based • Attack vector is shifting from Network to Application • Malware growth has been exponential • Number of compromised active hosts on internet are in millions • Data theft is on all time high • Hacking is no more about thrill, it's all money
  • 7. New Attack Vector
  • 8. Latest attack technique • Attacks are highly automated • Dynamic host generation • User generated forums for C & C (Twitter, google groups,IRC) • Automated polymorphic malware generation • Built-in debugger evasion • Malicious code-injection in legitimate sites(msn canada, BOI). There goes your URL Filter! • Advanced encrypted channels for communication
  • 9. Botnet Command and Control BOT BOT BOT BOT C & C
  • 10. Favorite attack vectors • Browser is the most preferred attack vector: o Exploiting browser plugins: • PDF (aka Penetration Document Format) , Flash, Java and other client applications • Or plain old reliable user who'll do anything if you ask nicely :)
  • 11. The Ultimate Problem INPUT
  • 12. Exploiting System Flaws ATM Fraud in Kolkat and Bihar http://www.currentweek.net/2010/08/atm-sbi-boi-fraud- tools-screw-drivers.html Double refund fraud in kolkata http://timesofindia.indiatimes.com/city/kolkata-/Police- crack-Rs-2-crore-double- refund/articleshow/6904492.cms
  • 13. Top Security Trends Nation-sponsored hacking: When APT meets industrialization The insider threat is much more than you had imagined Man in the Browser attacks will man up Misanthropes and anti-socials: Privacy vs. security in social networks File security takes centre stage Data security goes to the cloud Mobile devices compromise data security Hackers feeling the heat Cyber security becomes a business process Convergence of data security and privacy regulation worldwide Source: http://blog.imperva.com/2010/11/index.html
  • 14. void@null.co.in