The theater we call security

573 views

Published on

Presentation by Evert Smith at the University of Pretoria to the honors class of 2008.

The presentation begins by naming the different domains of security and an explanation of C.I.A. A graphical illustration of how attack sophistication vs intruder knowledge has changed between 1990 and 2004 is given. The presentation ends with an explanation of what the security theater is and a few interesting IT security news.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
573
On SlideShare
0
From Embeds
0
Number of Embeds
26
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The theater we call security

  1. 1. …. we come in THE THEATER WE CALL SECURITY Presented by Evert Smith 21 July 2008
  2. 2. I NNTROD theBreakdownU •whatisIS ? The lightC •whatDoesitTake? TheT FuIBackground - the personO - the skill
  3. 3. Background
  4. 4. the domains of securitySecurity Management PracticesSecurity Architecture and ModelsPreventive MaintenanceApplication Development SecurityOperations SecurityPhysical SecurityCryptographyTelecommunications, Network, and Internet SecurityBusiness Continuity PlanningLaw, Investigations, and Ethics
  5. 5. Security is about C.I.A Risk drives infosec Decisions & Importance decided by the C.I.A factor Confidentiality Examples of C.I.AIntegrity Availability - Email interception - Cheque fraud - Messy computer room
  6. 6. * C++ #include <iostream> * Assembly int main() IDEAL * awk { MODELWindows API (in Borland Pascal) World!” } BEGIN Hello; program { print “Hello * SMALL std::coutconst “Hello World!n”; << uses WinTypes, WinProcs; STACKszClassName = „PASCLASS32′; 100h } DATASEG WndProc(Window:export; Message, WParam: Word; function LParam: Longint): Longint; HWnd; * HW DB “hello, world”, 13, 10, „$‟ C++|C++/CLI var LPPaint : TPaintStruct; int main() : HDC; CODESEGTheDC begin WndProc := 0; { Begin: case Message of wm_Destroy: System::Console::WriteLine(”Hello World!”); MOV AX, @data begin PostQuitMessage(0); } MOV DS, AX Exit; end; wm_Paint: MOV DX, OFFSET HW begin TheDC := BeginPaint(Window, LPPaint); MOV AH, 09H 5, 5, „hello, world‟, 12); TextOut(TheDC,Why doINT 21H issues ? (I’ve been using this for years – cuz it hasn’t we have end; end;changed)MOV AX, 4C00H WndProc := DefWindowProc(Window, Message, WParam, LParam); end; procedure WinMain; • TechnologyHWnd; becoming more complex → SLOC var INT 21HWindow: Message: TMsg; END Begin TWndClass = ( • The Internet not designed to be safe → Redundancy const WindowClass: style: 0; • Socio-economical changes → Social networks lpfnWndProc: @WndProc; cbClsExtra: 0; cbWndExtra: 0; • Rushed, Like Whatever → Time is money hInstance: 0; hIcon: 0; hCursor: 0; hbrBackground: 0; lpszMenuName: szClassName;
  7. 7. Entropy:VirusesPatchesSpamPhishing / PharmingHoaxesApathyMalware/SpywareHackers
  8. 8. Are youcontributing?
  9. 9. Who is credited in being the father of the Internet?Arpanet, Vint Cerf, Bob Khan et al (1975 TCP/IP)Who invented the mouse ?Douglas Engelbart (1964)Who invented e-mail?Ray Tomlinson (1971)Who invented the WWW<html>Tim Brenners-Lee (1988)
  10. 10. Security theater consists of security countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security Who says nucular ?Security Theater• Your desk – good defence against nucular attacks•Airports in the US i.e. Liquid ban, profiling. Gun-shirts•Shopping malls intensly in your face i.e. Bag checks, guards in gene• Personal computer security – it’s a joke
  11. 11. Security Theater – the human touch• Security design is about psychology - ignored andexploited• The pig vs Security
  12. 12. • Unpatched Windows PCs "Own3d" In Less Than Four Minutes (or Maybe 16 Hours) t• Spammer Gets 30 Months for Inundating AOL• Charges Against New Zealand Botmaster Dropped• Rogue Employee Locks San Franciscos Network• Review site furious over McAfee SiteAdvisor false alert‘• Facebook Bug Exposes Members Data
  13. 13. #!/bin/bash# Funcion to prompt questions from audience and appear# to look intelligent while [ ! –lt audience. bored ] do verbose answering of questions sleep like forever done echo “That’s All Folks. Thanks for Listening.” ….this is where
  14. 14. #!/bin/bash “It’s a pity you have to pay for awesomeness” evert@sensepost.com ….this is where 

×