Technical Cyber DefenseStrategies ExplainedMarcus Murray & Hasain AlshakartiTruesec Security Team, MVP-Enterprise Securityx2
Marcus Murray   Hasain Alshakarti
WARNING!      Session format            =      DISCUSSION!
Soo.. What does it take to be hack-proof?
Let´s start with the big picture!
We all know what a network looks like..    Web Srv   Mail Srv    DC        File Srv   Mail Srv                            ...
Internet Strategy                            ClientFront-end     Web Srv   Mail SrvBack-end     DC        SqlSrv     FileS...
Traditional internal Strategy                Client                                             AdminFront-end     Web Srv...
Demo – Hacking SQL..        SqlSrv
Traditional Internet strategy                                                                                  World acces...
Apply Internet strategy internally                                                                     World access       ...
Let´s add som future.. (today for some..)                                                                  World access   ...
Implementing Secure networking - DEMO• Ipsec domain isolation• Direct Access• Ipsec server isolation
Domain Isolation - Demo                                 World access                                                      ...
Direct access - Demo                                           World access                                               ...
Server isolation - Demo                                         World access                                              ...
So, if the clients are on the ”internet” all the time.. •   Physical access                           Client •   Firewall ...
Physical access protection• Bitlocker• Protect from DMA access!   – http://support.microsoft.com/k     b/2516445
Local Firewall • Is there ANY reason why the             Client   client firewall must allow   inbound traffic at any time...
Patching, of course, but what about the 0-days? • Non-Admin                             Client • Early mitigations        ...
Malware protection • Macro settings • Antivirus? Yes or No? • Remember applocker?    Client     User
Secure transports…. • Weak protocols…                   Client    – Clear text    – NTLM configurations             User  ...
So, what about BYOD?                                                                          World access                ...
..and… adminclients •   Should an adminuser/computer be          Client     on the ”internet”? •   Should an admin user re...
And let´s talk about server services. • Robust service                       Client     – Authentication     – Authorizati...
Web server attack                    Web Srv
Marcus Murray   Hasain Alshakarti
Thank you for listening! 
Upcoming SlideShare
Loading in...5
×

Technical Cyber Defense Strategies Explained!

747

Published on

More info on http://techdays.be.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
747
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Technical Cyber Defense Strategies Explained!"

  1. 1. Technical Cyber DefenseStrategies ExplainedMarcus Murray & Hasain AlshakartiTruesec Security Team, MVP-Enterprise Securityx2
  2. 2. Marcus Murray Hasain Alshakarti
  3. 3. WARNING! Session format = DISCUSSION!
  4. 4. Soo.. What does it take to be hack-proof?
  5. 5. Let´s start with the big picture!
  6. 6. We all know what a network looks like.. Web Srv Mail Srv DC File Srv Mail Srv Client Client
  7. 7. Internet Strategy ClientFront-end Web Srv Mail SrvBack-end DC SqlSrv FileSrv Client Client Admin User
  8. 8. Traditional internal Strategy Client AdminFront-end Web Srv Mail SrvBack-end DC SqlSrv FileSrv Client Client Admin User
  9. 9. Demo – Hacking SQL.. SqlSrv
  10. 10. Traditional Internet strategy World access Trusted access Admin access Client network Client (Internet)World Cloud Front-end Internet Front-endAccessible Client Client network Client Cloud back-end Internet back-end (Managed) Client Client Internal back-end Internal Front-end FileSrv
  11. 11. Apply Internet strategy internally World access Trusted access Admin access Client network Client network Client (Internet) (Managed)World Cloud Front-end Internet Front-end Secure Access LayerAccessible Client Cloud back-end Internet back-end Internal Front-end Internal back-end
  12. 12. Let´s add som future.. (today for some..) World access Trusted access Admin access Client network Client network Client (Internet) (Managed)World Cloud Front-end Internet Front-end Secure Access LayerAccessible Client Cloud back-end Internet back-end Internal Front-end Fabric controllers. Fabric controllers Internal back-end
  13. 13. Implementing Secure networking - DEMO• Ipsec domain isolation• Direct Access• Ipsec server isolation
  14. 14. Domain Isolation - Demo World access Trusted access Client Admin access Client network Client (Managed) File Srv Internal Sql Srv
  15. 15. Direct access - Demo World access Trusted access Client Admin access Client network (Managed) ClientWorld Secure Access Layer DA SrvAccessible File Srv Internal Sql Srv
  16. 16. Server isolation - Demo World access Trusted access Client Admin access Client network (Managed) ClientWorld Secure Access Layer DA SrvAccessible File Srv Internal Front-end Sql Srv Internal back-end
  17. 17. So, if the clients are on the ”internet” all the time.. • Physical access Client • Firewall User • Patching • Non-admin • Malware protection • Secure transport Web Srv
  18. 18. Physical access protection• Bitlocker• Protect from DMA access! – http://support.microsoft.com/k b/2516445
  19. 19. Local Firewall • Is there ANY reason why the Client client firewall must allow inbound traffic at any time? User Client User Web Srv
  20. 20. Patching, of course, but what about the 0-days? • Non-Admin Client • Early mitigations User • Patching strategy Client User Web Srv
  21. 21. Malware protection • Macro settings • Antivirus? Yes or No? • Remember applocker? Client User
  22. 22. Secure transports…. • Weak protocols… Client – Clear text – NTLM configurations User Client • Direct access! • IPSEC! User Web Srv
  23. 23. So, what about BYOD? World access Trusted access Admin access Client network Client network Client (Internet) (Managed)World Cloud Front-end Internet Front-end Secure Access LayerAccessible Client Cloud back-end Internet back-end Internal Front-end Internal back-end • Application classification • Data classification
  24. 24. ..and… adminclients • Should an adminuser/computer be Client on the ”internet”? • Should an admin user read email? Admin • Safe admin access – Non compromized computer – Trusted communication channel – Robust exposure of admin interface • Robust services DC • Limited number of administrators – Authentication – Authorization
  25. 25. And let´s talk about server services. • Robust service Client – Authentication – Authorization User • Firewall • Patching • privs • depencencies • Admin exposure Web Srv
  26. 26. Web server attack Web Srv
  27. 27. Marcus Murray Hasain Alshakarti
  28. 28. Thank you for listening! 
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×