SlideShare a Scribd company logo

Technical track kevin cardwell-10-00 am-solid-defense

I
ISSA LA

Technical track kevin cardwell-10-00 am-solid-defense

Technology
1 of 32
Download to read offline
Solid Defense Kevin Cardwell
2 External Screening router Internal Bastion host WWW server FTP server Services subnet Exploit's r us A little bit of exploit for you 
 The compromise was inevitable!  APT, sophisticated attackers etc etc MYTH! 2011 – 94% servers 2012 – 54% Mobile - 71% 2012 – 78% low difficulty 3
4
 Attacks of choice  Security is a process and methodology not a product! 5
6
 Harden them!  OWASP application testing guide  www.owasp.org  Harden the SQL databases ◦ Upgrade MS to SQL Server 2008 or beyond ◦ Follow application hardening guides 7
 NSA Guides ◦ http://www.nsa.gov/ia/guidance/security_configuration_guides/index. shtml  Center for Internet Security ◦ Benchmarks  www.cisecurity.org 8
 Provided by Microsoft  Can customize  Allows for baseline comparisons 9
 Application Whitelisting  Patch Applications  Patch Operating System  Minimize the number of users with privileged rights ◦ Disable the local admin account on domain computers 10
11
 We have gotten better at security  The hackers have gotten better at hacking  Patch system is broken  Residual risk  www.zerodayinitiative.com 12
Proven Defense Measures
 Traffic coming into your network  Implemented by almost all organizations  Security policy determines what is allowed and configured in the filters  No traffic arriving at the perimeter should have an internal source address ◦ Commonly referred to as sanity checking  RFC 2267 provides guidance for filters to prevent denial-of-service attacks  Block ICMP Echo Reply messages to the broadcast address  Bogon Filtering CaseStudy of malware infection => 64% of traffic blocked by bogon filtering 14
 One of the most neglected areas of filtering ◦ Most organizations neglect to filter traffic leaving their network ◦ Even after the rise of DDoS attacks, many organizations still do not ◦ There will always be some out there who never will  These sites are used as amplifiers to attack other networks  The concept is simple:  Most attacks use a spoofed address to attack as the source ◦ When you egress filter, then the packet is dropped  Blackhole routing  Critical Infrastructure systems should not generate connections out! DDoS = distributed denial of service 15
 If workstation site is not 24/7 ◦ Shut off access going out to the Internet  Block the well known malware ports of communication  http  ssh  https  Etc ◦ Monitor for attempts  All malware will attempt outbound connections  If no one is there, should be none  If 24/7 ◦ Only monitor critical systems  Servers should not initiate connections to the Internet ◦ Subscribe to a service  Watch for lookups of known malware nets 16
 Segmentation and isolation  Bind ports inside the bastion host External network Screening router Bastion host DMZ DMZ App Servers IDS 17
18
19
 Sinkhole domains 20
 Setup machines that should never receive traffic ◦ Alert on any inbound traffic 21
22
23
24
25
26
27
28
29
30
31
 We can defend!  cesi@ieee.org 32

Recommended

Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionDavid Perkins
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced FeaturesDavid Perkins
 
TSS_Overview
TSS_OverviewTSS_Overview
TSS_OverviewOwen Gonzalez
 
Network Security Tools
Network Security ToolsNetwork Security Tools
Network Security ToolsEmanuela Boroș
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Quick Heal Technologies Ltd.
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's MalwareDavid Perkins
 

Recommended

Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the UnionDavid Perkins
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorDavid Perkins
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionDavid Perkins
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced FeaturesDavid Perkins
 
TSS_Overview
TSS_OverviewTSS_Overview
TSS_OverviewOwen Gonzalez
 
Network Security Tools
Network Security ToolsNetwork Security Tools
Network Security ToolsEmanuela Boroș
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Quick Heal Technologies Ltd.
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's MalwareDavid Perkins
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XSophos Benelux
 
Best Practice to Fight with Ransomware................
Best Practice to Fight with Ransomware................Best Practice to Fight with Ransomware................
Best Practice to Fight with Ransomware................Bhairave Maulekhi
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?Osirium Limited
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability TesterAditya Jain
 
Next-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionNext-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionQuick Heal Technologies Ltd.
 
Clean dns enus
Clean dns enusClean dns enus
Clean dns enusBruno Guerreiro, COBIT, ITIL, MCSO, LPIC3 Security
 
Malicious Client Detection using Machine learning
Malicious Client Detection using Machine learningMalicious Client Detection using Machine learning
Malicious Client Detection using Machine learningCysinfo Cyber Security Community
 
50063
5006350063
50063Rui Dong
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
Mitre ATTACK and the North Korean Regime-Backed Programmer
Mitre ATTACK and the North Korean Regime-Backed ProgrammerMitre ATTACK and the North Korean Regime-Backed Programmer
Mitre ATTACK and the North Korean Regime-Backed ProgrammerDigital Shadows
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
MITRE ATT&CK and 2017 FSB Indictment
MITRE ATT&CK and 2017 FSB IndictmentMITRE ATT&CK and 2017 FSB Indictment
MITRE ATT&CK and 2017 FSB IndictmentDigital Shadows
 
Cyber security issues
Cyber security issuesCyber security issues
Cyber security issuesmmubashirkhan
 
Mapping the ASD Essential 8 to the Mitre ATTACK™ framework
Mapping the ASD Essential 8 to the Mitre ATTACK™ frameworkMapping the ASD Essential 8 to the Mitre ATTACK™ framework
Mapping the ASD Essential 8 to the Mitre ATTACK™ frameworkDigital Shadows
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat ProtectionLan & Wan Solutions
 
Essential Defense by Kevin Cardwell
Essential Defense by Kevin CardwellEssential Defense by Kevin Cardwell
Essential Defense by Kevin CardwellEC-Council
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Jeff Suratt
 

More Related Content

What's hot

Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XSophos Benelux
 
Best Practice to Fight with Ransomware................
Best Practice to Fight with Ransomware................Best Practice to Fight with Ransomware................
Best Practice to Fight with Ransomware................Bhairave Maulekhi
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?Osirium Limited
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability TesterAditya Jain
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionBlue Coat
 
Mitre ATTACK and the North Korean Regime-Backed Programmer
Mitre ATTACK and the North Korean Regime-Backed ProgrammerMitre ATTACK and the North Korean Regime-Backed Programmer
Mitre ATTACK and the North Korean Regime-Backed ProgrammerDigital Shadows
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
MITRE ATT&CK and 2017 FSB Indictment
MITRE ATT&CK and 2017 FSB IndictmentMITRE ATT&CK and 2017 FSB Indictment
MITRE ATT&CK and 2017 FSB IndictmentDigital Shadows
 
Cyber security issues
Cyber security issuesCyber security issues
Cyber security issuesmmubashirkhan
 
Mapping the ASD Essential 8 to the Mitre ATTACK™ framework
Mapping the ASD Essential 8 to the Mitre ATTACK™ frameworkMapping the ASD Essential 8 to the Mitre ATTACK™ framework
Mapping the ASD Essential 8 to the Mitre ATTACK™ frameworkDigital Shadows
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?AlienVault
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 

What's hot (20)

Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 
This is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept XThis is Next-Gen IT Security - Introducing Intercept X
This is Next-Gen IT Security - Introducing Intercept X
 
Best Practice to Fight with Ransomware................
Best Practice to Fight with Ransomware................Best Practice to Fight with Ransomware................
Best Practice to Fight with Ransomware................
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?Ransomware: Can you protect against attacks?
Ransomware: Can you protect against attacks?
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
 
Next-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway ProtectionNext-Gen Security Solution: Gateway Protection
Next-Gen Security Solution: Gateway Protection
 
Clean dns enus
Clean dns enusClean dns enus
Clean dns enus
 
Malicious Client Detection using Machine learning
Malicious Client Detection using Machine learningMalicious Client Detection using Machine learning
Malicious Client Detection using Machine learning
 
50063
5006350063
50063
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
 
Mitre ATTACK and the North Korean Regime-Backed Programmer
Mitre ATTACK and the North Korean Regime-Backed ProgrammerMitre ATTACK and the North Korean Regime-Backed Programmer
Mitre ATTACK and the North Korean Regime-Backed Programmer
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 
MITRE ATT&CK and 2017 FSB Indictment
MITRE ATT&CK and 2017 FSB IndictmentMITRE ATT&CK and 2017 FSB Indictment
MITRE ATT&CK and 2017 FSB Indictment
 
Cyber security issues
Cyber security issuesCyber security issues
Cyber security issues
 
Mapping the ASD Essential 8 to the Mitre ATTACK™ framework
Mapping the ASD Essential 8 to the Mitre ATTACK™ frameworkMapping the ASD Essential 8 to the Mitre ATTACK™ framework
Mapping the ASD Essential 8 to the Mitre ATTACK™ framework
 
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
 

Similar to Technical track kevin cardwell-10-00 am-solid-defense

Essential Defense by Kevin Cardwell
Essential Defense by Kevin CardwellEssential Defense by Kevin Cardwell
Essential Defense by Kevin CardwellEC-Council
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Jeff Suratt
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityImperva Incapsula
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-mspMike Saunders
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat ManagementLokesh Sharma
 
Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08kamensm02
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A PentesterNorthBayWeb
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshellYahia Kandeel
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxkarthikvcyber
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxSriK49
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxTikdiPatel
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...ShivamSharma909
 

Similar to Technical track kevin cardwell-10-00 am-solid-defense (20)

Essential Defense by Kevin Cardwell
Essential Defense by Kevin CardwellEssential Defense by Kevin Cardwell
Essential Defense by Kevin Cardwell
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers 
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
 
Network security
Network securityNetwork security
Network security
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-msp
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
 
Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 
So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A Pentester
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk Brief
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptx
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 

More from ISSA LA

Microsoft power point closing presentation-greenberg
Microsoft power point closing presentation-greenbergMicrosoft power point closing presentation-greenberg
Microsoft power point closing presentation-greenbergISSA LA
 
Its time to grow up by Eric C.
Its time to grow up by Eric C.Its time to grow up by Eric C.
Its time to grow up by Eric C.ISSA LA
 
Turner.issa la.mobile vulns.150604
Turner.issa la.mobile vulns.150604Turner.issa la.mobile vulns.150604
Turner.issa la.mobile vulns.150604ISSA LA
 
The savvy security leader final dg ppt issa_la
The savvy security leader final dg ppt issa_laThe savvy security leader final dg ppt issa_la
The savvy security leader final dg ppt issa_laISSA LA
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertISSA LA
 
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529ISSA LA
 
Malcolm issa preso june 2015
Malcolm issa preso june 2015Malcolm issa preso june 2015
Malcolm issa preso june 2015ISSA LA
 
La issa-2015-cyberwar-ranum
La issa-2015-cyberwar-ranumLa issa-2015-cyberwar-ranum
La issa-2015-cyberwar-ranumISSA LA
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mrISSA LA
 
Issala exec-forum-opening-150604
Issala exec-forum-opening-150604Issala exec-forum-opening-150604
Issala exec-forum-opening-150604ISSA LA
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablowISSA LA
 
Issa healthcare panel
Issa healthcare panelIssa healthcare panel
Issa healthcare panelISSA LA
 
Irari rules
Irari rulesIrari rules
Irari rulesISSA LA
 
Healthcare forum yelorda megan himss presentation
Healthcare forum yelorda megan himss presentation Healthcare forum yelorda megan himss presentation
Healthcare forum yelorda megan himss presentation ISSA LA
 
Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!ISSA LA
 
Fssf breach-incident-table-top
Fssf breach-incident-table-topFssf breach-incident-table-top
Fssf breach-incident-table-topISSA LA
 
Healthcare forum law enforcement panel prez
Healthcare forum law enforcement panel prezHealthcare forum law enforcement panel prez
Healthcare forum law enforcement panel prezISSA LA
 
Emerging tech track kovar-david-forensics-kovar
Emerging tech track kovar-david-forensics-kovarEmerging tech track kovar-david-forensics-kovar
Emerging tech track kovar-david-forensics-kovarISSA LA
 
Digital forensics track schroader-rob when forensics collide
Digital forensics track schroader-rob when forensics collideDigital forensics track schroader-rob when forensics collide
Digital forensics track schroader-rob when forensics collideISSA LA
 
Cloud flare issa_annual_summit_june_5_2015
Cloud flare issa_annual_summit_june_5_2015Cloud flare issa_annual_summit_june_5_2015
Cloud flare issa_annual_summit_june_5_2015ISSA LA
 

More from ISSA LA (20)

Microsoft power point closing presentation-greenberg
Microsoft power point closing presentation-greenbergMicrosoft power point closing presentation-greenberg
Microsoft power point closing presentation-greenberg
 
Its time to grow up by Eric C.
Its time to grow up by Eric C.Its time to grow up by Eric C.
Its time to grow up by Eric C.
 
Turner.issa la.mobile vulns.150604
Turner.issa la.mobile vulns.150604Turner.issa la.mobile vulns.150604
Turner.issa la.mobile vulns.150604
 
The savvy security leader final dg ppt issa_la
The savvy security leader final dg ppt issa_laThe savvy security leader final dg ppt issa_la
The savvy security leader final dg ppt issa_la
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvert
 
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529
 
Malcolm issa preso june 2015
Malcolm issa preso june 2015Malcolm issa preso june 2015
Malcolm issa preso june 2015
 
La issa-2015-cyberwar-ranum
La issa-2015-cyberwar-ranumLa issa-2015-cyberwar-ranum
La issa-2015-cyberwar-ranum
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mr
 
Issala exec-forum-opening-150604
Issala exec-forum-opening-150604Issala exec-forum-opening-150604
Issala exec-forum-opening-150604
 
Issa jason dablow
Issa jason dablowIssa jason dablow
Issa jason dablow
 
Issa healthcare panel
Issa healthcare panelIssa healthcare panel
Issa healthcare panel
 
Irari rules
Irari rulesIrari rules
Irari rules
 
Healthcare forum yelorda megan himss presentation
Healthcare forum yelorda megan himss presentation Healthcare forum yelorda megan himss presentation
Healthcare forum yelorda megan himss presentation
 
Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!Healthcare forum perry-david m-everything you know is wrong!
Healthcare forum perry-david m-everything you know is wrong!
 
Fssf breach-incident-table-top
Fssf breach-incident-table-topFssf breach-incident-table-top
Fssf breach-incident-table-top
 
Healthcare forum law enforcement panel prez
Healthcare forum law enforcement panel prezHealthcare forum law enforcement panel prez
Healthcare forum law enforcement panel prez
 
Emerging tech track kovar-david-forensics-kovar
Emerging tech track kovar-david-forensics-kovarEmerging tech track kovar-david-forensics-kovar
Emerging tech track kovar-david-forensics-kovar
 
Digital forensics track schroader-rob when forensics collide
Digital forensics track schroader-rob when forensics collideDigital forensics track schroader-rob when forensics collide
Digital forensics track schroader-rob when forensics collide
 
Cloud flare issa_annual_summit_june_5_2015
Cloud flare issa_annual_summit_june_5_2015Cloud flare issa_annual_summit_june_5_2015
Cloud flare issa_annual_summit_june_5_2015
 

Recently uploaded

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 

Technical track kevin cardwell-10-00 am-solid-defense

  • 3.  The compromise was inevitable!  APT, sophisticated attackers etc etc MYTH! 2011 – 94% servers 2012 – 54% Mobile - 71% 2012 – 78% low difficulty 3
  • 4. 4
  • 5.  Attacks of choice  Security is a process and methodology not a product! 5
  • 6. 6
  • 7.  Harden them!  OWASP application testing guide  www.owasp.org  Harden the SQL databases ◦ Upgrade MS to SQL Server 2008 or beyond ◦ Follow application hardening guides 7
  • 8.  NSA Guides ◦ http://www.nsa.gov/ia/guidance/security_configuration_guides/index. shtml  Center for Internet Security ◦ Benchmarks  www.cisecurity.org 8
  • 9.  Provided by Microsoft  Can customize  Allows for baseline comparisons 9
  • 10.  Application Whitelisting  Patch Applications  Patch Operating System  Minimize the number of users with privileged rights ◦ Disable the local admin account on domain computers 10
  • 11. 11
  • 12.  We have gotten better at security  The hackers have gotten better at hacking  Patch system is broken  Residual risk  www.zerodayinitiative.com 12
  • 14.  Traffic coming into your network  Implemented by almost all organizations  Security policy determines what is allowed and configured in the filters  No traffic arriving at the perimeter should have an internal source address ◦ Commonly referred to as sanity checking  RFC 2267 provides guidance for filters to prevent denial-of-service attacks  Block ICMP Echo Reply messages to the broadcast address  Bogon Filtering CaseStudy of malware infection => 64% of traffic blocked by bogon filtering 14
  • 15.  One of the most neglected areas of filtering ◦ Most organizations neglect to filter traffic leaving their network ◦ Even after the rise of DDoS attacks, many organizations still do not ◦ There will always be some out there who never will  These sites are used as amplifiers to attack other networks  The concept is simple:  Most attacks use a spoofed address to attack as the source ◦ When you egress filter, then the packet is dropped  Blackhole routing  Critical Infrastructure systems should not generate connections out! DDoS = distributed denial of service 15
  • 16.  If workstation site is not 24/7 ◦ Shut off access going out to the Internet  Block the well known malware ports of communication  http  ssh  https  Etc ◦ Monitor for attempts  All malware will attempt outbound connections  If no one is there, should be none  If 24/7 ◦ Only monitor critical systems  Servers should not initiate connections to the Internet ◦ Subscribe to a service  Watch for lookups of known malware nets 16
  • 17.  Segmentation and isolation  Bind ports inside the bastion host External network Screening router Bastion host DMZ DMZ App Servers IDS 17
  • 18. 18
  • 19. 19
  • 21.  Setup machines that should never receive traffic ◦ Alert on any inbound traffic 21
  • 22. 22
  • 23. 23
  • 24. 24
  • 25. 25
  • 26. 26
  • 27. 27
  • 28. 28
  • 29. 29
  • 30. 30
  • 31. 31
  • 32.  We can defend!  cesi@ieee.org 32