Information Security
By Murtuja Bharmal
Agenda
• Classical Penetration Attacks
• Current Threat Landscape
• New Attack Vector
Classical Penetration attacks
• Penetration attack steps:
o Reconnaissance
o Fingerprinting
o Application Analysis
o Threa...
Evolution
• How Solution Evolved
– Firewall become smarter
– IPS evolved, can stop netowork base attack in real
time
– Pol...
Classical attack simulation
Local Lan
Firewall/IPS
INTERNET
DMZ
LAN
12
3
4
Current Threat Landscape
• Paradigm shift in Threat landscape
• More than 80% attacks today are web based
• Attack vector ...
New Attack Vector
Latest attack technique
• Attacks are highly automated
• Dynamic host generation
• User generated forums for C & C
(Twitte...
Botnet Command and Control
BOT
BOT
BOT
BOT
C & C
Favorite attack vectors
• Browser is the most preferred attack vector:
o Exploiting browser plugins:
• PDF (aka Penetratio...
The Ultimate Problem
INPUT
Exploiting System Flaws
ATM Fraud in Kolkat and Bihar
http://www.currentweek.net/2010/08/atm-sbi-boi-fraud-
tools-screw-dr...
Top Security Trends
Nation-sponsored hacking: When APT meets industrialization
The insider threat is much more than you ha...
void@null.co.in
Upcoming SlideShare
Loading in...5
×

Information Security Overview

1,042

Published on

null Dharmashala Chapter - March 2014 Meet

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,042
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Information Security Overview

  1. 1. Information Security By Murtuja Bharmal
  2. 2. Agenda • Classical Penetration Attacks • Current Threat Landscape • New Attack Vector
  3. 3. Classical Penetration attacks • Penetration attack steps: o Reconnaissance o Fingerprinting o Application Analysis o Threat Analysis o Exploitation of vulnerability
  4. 4. Evolution • How Solution Evolved – Firewall become smarter – IPS evolved, can stop netowork base attack in real time – Policy control can be strongly enfored for enterprise assets (DMZ, Server etc.)
  5. 5. Classical attack simulation Local Lan Firewall/IPS INTERNET DMZ LAN 12 3 4
  6. 6. Current Threat Landscape • Paradigm shift in Threat landscape • More than 80% attacks today are web based • Attack vector is shifting from Network to Application • Malware growth has been exponential • Number of compromised active hosts on internet are in millions • Data theft is on all time high • Hacking is no more about thrill, it's all money
  7. 7. New Attack Vector
  8. 8. Latest attack technique • Attacks are highly automated • Dynamic host generation • User generated forums for C & C (Twitter, google groups,IRC) • Automated polymorphic malware generation • Built-in debugger evasion • Malicious code-injection in legitimate sites(msn canada, BOI). There goes your URL Filter! • Advanced encrypted channels for communication
  9. 9. Botnet Command and Control BOT BOT BOT BOT C & C
  10. 10. Favorite attack vectors • Browser is the most preferred attack vector: o Exploiting browser plugins: • PDF (aka Penetration Document Format) , Flash, Java and other client applications • Or plain old reliable user who'll do anything if you ask nicely :)
  11. 11. The Ultimate Problem INPUT
  12. 12. Exploiting System Flaws ATM Fraud in Kolkat and Bihar http://www.currentweek.net/2010/08/atm-sbi-boi-fraud- tools-screw-drivers.html Double refund fraud in kolkata http://timesofindia.indiatimes.com/city/kolkata-/Police- crack-Rs-2-crore-double- refund/articleshow/6904492.cms
  13. 13. Top Security Trends Nation-sponsored hacking: When APT meets industrialization The insider threat is much more than you had imagined Man in the Browser attacks will man up Misanthropes and anti-socials: Privacy vs. security in social networks File security takes centre stage Data security goes to the cloud Mobile devices compromise data security Hackers feeling the heat Cyber security becomes a business process Convergence of data security and privacy regulation worldwide Source: http://blog.imperva.com/2010/11/index.html
  14. 14. void@null.co.in
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×