• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Technical Cyber Defense Strategies Explained!
 

Technical Cyber Defense Strategies Explained!

on

  • 853 views

More info on http://techdays.be.

More info on http://techdays.be.

Statistics

Views

Total Views
853
Views on SlideShare
767
Embed Views
86

Actions

Likes
0
Downloads
28
Comments
0

1 Embed 86

http://www.microsoft.com 86

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Technical Cyber Defense Strategies Explained! Technical Cyber Defense Strategies Explained! Presentation Transcript

    • Technical Cyber DefenseStrategies ExplainedMarcus Murray & Hasain AlshakartiTruesec Security Team, MVP-Enterprise Securityx2
    • Marcus Murray Hasain Alshakarti
    • WARNING! Session format = DISCUSSION!
    • Soo.. What does it take to be hack-proof?
    • Let´s start with the big picture!
    • We all know what a network looks like.. Web Srv Mail Srv DC File Srv Mail Srv Client Client
    • Internet Strategy ClientFront-end Web Srv Mail SrvBack-end DC SqlSrv FileSrv Client Client Admin User
    • Traditional internal Strategy Client AdminFront-end Web Srv Mail SrvBack-end DC SqlSrv FileSrv Client Client Admin User
    • Demo – Hacking SQL.. SqlSrv
    • Traditional Internet strategy World access Trusted access Admin access Client network Client (Internet)World Cloud Front-end Internet Front-endAccessible Client Client network Client Cloud back-end Internet back-end (Managed) Client Client Internal back-end Internal Front-end FileSrv
    • Apply Internet strategy internally World access Trusted access Admin access Client network Client network Client (Internet) (Managed)World Cloud Front-end Internet Front-end Secure Access LayerAccessible Client Cloud back-end Internet back-end Internal Front-end Internal back-end
    • Let´s add som future.. (today for some..) World access Trusted access Admin access Client network Client network Client (Internet) (Managed)World Cloud Front-end Internet Front-end Secure Access LayerAccessible Client Cloud back-end Internet back-end Internal Front-end Fabric controllers. Fabric controllers Internal back-end
    • Implementing Secure networking - DEMO• Ipsec domain isolation• Direct Access• Ipsec server isolation
    • Domain Isolation - Demo World access Trusted access Client Admin access Client network Client (Managed) File Srv Internal Sql Srv
    • Direct access - Demo World access Trusted access Client Admin access Client network (Managed) ClientWorld Secure Access Layer DA SrvAccessible File Srv Internal Sql Srv
    • Server isolation - Demo World access Trusted access Client Admin access Client network (Managed) ClientWorld Secure Access Layer DA SrvAccessible File Srv Internal Front-end Sql Srv Internal back-end
    • So, if the clients are on the ”internet” all the time.. • Physical access Client • Firewall User • Patching • Non-admin • Malware protection • Secure transport Web Srv
    • Physical access protection• Bitlocker• Protect from DMA access! – http://support.microsoft.com/k b/2516445
    • Local Firewall • Is there ANY reason why the Client client firewall must allow inbound traffic at any time? User Client User Web Srv
    • Patching, of course, but what about the 0-days? • Non-Admin Client • Early mitigations User • Patching strategy Client User Web Srv
    • Malware protection • Macro settings • Antivirus? Yes or No? • Remember applocker? Client User
    • Secure transports…. • Weak protocols… Client – Clear text – NTLM configurations User Client • Direct access! • IPSEC! User Web Srv
    • So, what about BYOD? World access Trusted access Admin access Client network Client network Client (Internet) (Managed)World Cloud Front-end Internet Front-end Secure Access LayerAccessible Client Cloud back-end Internet back-end Internal Front-end Internal back-end • Application classification • Data classification
    • ..and… adminclients • Should an adminuser/computer be Client on the ”internet”? • Should an admin user read email? Admin • Safe admin access – Non compromized computer – Trusted communication channel – Robust exposure of admin interface • Robust services DC • Limited number of administrators – Authentication – Authorization
    • And let´s talk about server services. • Robust service Client – Authentication – Authorization User • Firewall • Patching • privs • depencencies • Admin exposure Web Srv
    • Web server attack Web Srv
    • Marcus Murray Hasain Alshakarti
    • Thank you for listening! 