It's Okay To Touch Yourself - DerbyCon 2013

1,418 views

Published on

It takes a company an average of 35 days to detect when they have been compromised. For some, it can take years. As fast as software changes and new vulnerabilities are discovered, waiting for an annual penetration test is just not enough. In this talk, I will show you how we perform self-audits on our own network on a continual basis. You will learn about the tools that we use so that you can audit your own network to determine if your technical and physical controls will detect a security incident. I will show you how our self-audits and 'fire drills' engage our IT team, allowing us to learn both how to detect when an incident is occurring and how to react. I will also share some mistakes I've made and give you tips on performing a self-assessment without disrupting your business. You will see how this has strengthened our awareness education and our overall security posture. If you've never performed a self-audit this talk will be a great introduction. It's okay to touch your...network.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,418
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

It's Okay To Touch Yourself - DerbyCon 2013

  1. 1. It's Okay To Touch Yourself! DerbyCon 2013 Ben Ten (@Ben0xA)
  2. 2. About Me ● 12+ years experience in Health Care Information Systems ● Vice President & Security Officer ● Developer (Builder) ● Security Consultant, Trainer It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  3. 3. About Me ● Federal Regulation Compliance Oversight (HIPAA, HITECH, PCI, Meaningful Use, Red Flag) ● Manager ● Gamer ● Love Science Fiction It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  4. 4. Overview It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 This talk is SFW!
  5. 5. Overview ● State of Breach Detection ● What is a Self Assessment ● Performing Fire Drills ● Pitfalls to Avoid ● Tools ● Acknowledgments ● Q&A It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  6. 6. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  7. 7. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #10
  8. 8. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #9
  9. 9. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #8
  10. 10. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #7
  11. 11. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #6
  12. 12. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #5
  13. 13. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #4
  14. 14. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #3
  15. 15. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #2
  16. 16. DerbyConTest It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 #1
  17. 17. Why This Talk? Why Me? It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 A @dave_rel1k story...
  18. 18. Why This Talk? Why Me? It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  19. 19. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 64% of businesses did not detect they had a breach until after 90 days! Source: 2013 Global Security Report ~ Trustwave https://www2.trustwave.com/2013GSR.html
  20. 20. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  21. 21. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Approximately 70% of breaches were discovered by external parties who then notified the victim. Source: 2013 Data Breach Investigations Report ~ Verizon http://www.verizonenterprise.com/DBIR/2013/
  22. 22. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  23. 23. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Source: 2013 Data Breach Investigations Report ~ Verizon http://www.verizonenterprise.com/DBIR/2013/
  24. 24. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 But we have these tools!!!11!!!two ● SIEM ● DLP ● IDS/IPS ● Logs
  25. 25. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 So, what's the problem?
  26. 26. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● Poorly implemented tools ● Lack of implemented tools ● Or maybe it's a perception issue...
  27. 27. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Security by Obscurity
  28. 28. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Security by Vicinity
  29. 29. State of Breach Detection It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Security by Divinity
  30. 30. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 It's time to get intimate with your...network!
  31. 31. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 At the very least, the critical parts of your network!
  32. 32. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 PTES – An Intro ● Pre-engagement Interactions ● Intelligence Gathering ● Threat Modeling ● Vulnerability Analysis ● Exploitation ● Post Exploitation ● Reporting
  33. 33. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● Pre-engagement Interactions ● Intelligence Gathering ● Threat Modeling ● Vulnerability Analysis ● Exploitation ● Post Exploitation ● Reporting PTES – An Intro
  34. 34. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 http://www.pentest-standard.org/index.php/Vulnerability_Analysis
  35. 35. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 http://www.pentest-standard.org/index.php/Vulnerability_Analysis
  36. 36. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 http://www.pentest-standard.org/index.php/Vulnerability_Analysis
  37. 37. DISCLAIMER It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● I am not a professional penetration tester. But, I am staying at the Hyatt. ● Do not attempt anything on any network unless you have written permission! ● Do not do this on production first. Use a test environment!
  38. 38. DISCLAIMER It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  39. 39. DISCLAIMER It's Okay To Touch Yourself Ben0xA - DerbyCon 2013
  40. 40. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Getting Intimate Know your Ports!
  41. 41. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Getting Intimate Know your Logs!
  42. 42. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Getting Intimate Know your Software!
  43. 43. It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 https://www2.trustwave.com/cpn-hackers-playbook-2013-sm.html Self Assessment
  44. 44. Self Assessment It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Tools ● NeXpose (Rapid7) ● Nessus (Tenable) ● BurpSuite ● Health Monitor ● nmap/zenmap ● ninite
  45. 45. Fire Drills It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Why?
  46. 46. Fire Drills It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● Are your tools working? ● Does your team react appropriately? ● What is happening during that nmap, nexpose, nessus, scan? ● What's the Incident Response plan and is it working?
  47. 47. Pitfalls to Avoid It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● Verify Scope! ● Start Small / Focused ● Be wary of untested tools! ● Secure your results ● Don't DoS yourself
  48. 48. It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 “[T]he ultimate goal should be to develop an environment in which security events are discovered innately—by both responsible security professionals or others in the organization.” Source: 2013 Global Security Report ~ Trustwave https://www2.trustwave.com/2013GSR.html New Tool
  49. 49. It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 My Big Security Idea! New Tool
  50. 50. It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 New Tool Will Steele @pen_test
  51. 51. It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 New Tool
  52. 52. Conclusion It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 In Conclusion
  53. 53. Acknowledgments It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● @securitymoey ● @jwgoerlich ● @jaysonstreet ● @elizmmartin ● @rogueclown ● @dualcoremusic ● @derbycon Conclusion
  54. 54. PoshSec Developers It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● @mwjohnson ● @jwgoerlich ● @securitymoey ● @mortprime ● @rjcassara ● @PoshSec Conclusion
  55. 55. PoshSec Framework - Beta It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 http://github.com/poshsec/poshsecframework Conclusion View the ReadMe!
  56. 56. Contact Information It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 ● @Ben0xA ● Ben0xA on Freenode (IRC) ● derbycon@ben0xa.com ● http://ben0xa.com ● http://github.com/Ben0xA ● http://github.com/PoshSec Questions? Conclusion
  57. 57. Thank You! It's Okay To Touch Yourself Ben0xA - DerbyCon 2013 Conclusion

×