Information Security Overview
Upcoming SlideShare
Loading in...5

Information Security Overview



null Dharmashala Chapter - March 2014 Meet

null Dharmashala Chapter - March 2014 Meet



Total Views
Views on SlideShare
Embed Views



1 Embed 266 266



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Information Security Overview Information Security Overview Presentation Transcript

  • Information Security By Murtuja Bharmal
  • Agenda • Classical Penetration Attacks • Current Threat Landscape • New Attack Vector
  • Classical Penetration attacks • Penetration attack steps: o Reconnaissance o Fingerprinting o Application Analysis o Threat Analysis o Exploitation of vulnerability
  • Evolution • How Solution Evolved – Firewall become smarter – IPS evolved, can stop netowork base attack in real time – Policy control can be strongly enfored for enterprise assets (DMZ, Server etc.)
  • Classical attack simulation Local Lan Firewall/IPS INTERNET DMZ LAN 12 3 4
  • Current Threat Landscape • Paradigm shift in Threat landscape • More than 80% attacks today are web based • Attack vector is shifting from Network to Application • Malware growth has been exponential • Number of compromised active hosts on internet are in millions • Data theft is on all time high • Hacking is no more about thrill, it's all money
  • New Attack Vector
  • Latest attack technique • Attacks are highly automated • Dynamic host generation • User generated forums for C & C (Twitter, google groups,IRC) • Automated polymorphic malware generation • Built-in debugger evasion • Malicious code-injection in legitimate sites(msn canada, BOI). There goes your URL Filter! • Advanced encrypted channels for communication
  • Botnet Command and Control BOT BOT BOT BOT C & C
  • Favorite attack vectors • Browser is the most preferred attack vector: o Exploiting browser plugins: • PDF (aka Penetration Document Format) , Flash, Java and other client applications • Or plain old reliable user who'll do anything if you ask nicely :)
  • The Ultimate Problem INPUT
  • Exploiting System Flaws ATM Fraud in Kolkat and Bihar tools-screw-drivers.html Double refund fraud in kolkata crack-Rs-2-crore-double- refund/articleshow/6904492.cms
  • Top Security Trends Nation-sponsored hacking: When APT meets industrialization The insider threat is much more than you had imagined Man in the Browser attacks will man up Misanthropes and anti-socials: Privacy vs. security in social networks File security takes centre stage Data security goes to the cloud Mobile devices compromise data security Hackers feeling the heat Cyber security becomes a business process Convergence of data security and privacy regulation worldwide Source: