Successfully reported this slideshow.
Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM)
I Spy
The World of Info Securi...
Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM)
Security
3. Physical
Security
...
Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM)
OSSTMM
I am a scientist.
I am ...
Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM)
Finite Knowledge Limits
What i...
Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM)
Business Intelligence
1. Map a...
Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM)
Privacy Review
Policy
1. Ident...
Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM)
Invisible Information
Electrom...
Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM)
Info Security for the Future
E...
Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM)
Processing the Masses
Standard...
Upcoming SlideShare
Loading in …5
×

I spy. The world of info Security from the known to the unknown.

408 views

Published on

Presentación en la que participamos junto con Pete Herzog, Director del ISECOM, durante los I Juegos Fractales de la Vila de Gràcia celebrados en el CSOA de Les Naus. En ella se presentan aspectos sobre la nueva versión del OSSTMM (Open Source Security Testing Methodology Manual), liderada por Pete Herzog y en la que colaboran expertos en seguridad de todo el mundo, entre los que se encuentran miembros del equipo técnico de Internet Security Auditors. Además se presentó el proyecto de la Hacker High School de este año, apadrinada por La Salle y en la que colabora Internet Security Auditors en España y Mediaservice desde Italia, además de muchas otras personas que colaboran de forma desinteresada.

Published in: Technology
  • Be the first to comment

I spy. The world of info Security from the known to the unknown.

  1. 1. Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM) I Spy The World of Info Security from the known to the unknown.
  2. 2. Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM) Security 3. Physical Security 4. Communications Security 6. Internet Security 5. Wireless Security 1. Process Security 2. Information Security There is no such thing as security based on stolen entropy. The universe is made of information which contains matter and energy. Is security a manifest of information or is it about energy?
  3. 3. Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM) OSSTMM I am a scientist. I am a researcher. I am a detective. I am a scholar. I am a spy. I am a watchdog. I am a hacker. Data Collection Competitive Intelligence Scouting Exploit Research and Verification Posture Review System Service Verification Privacy Review Document Grinding Internet Application Testing Routing Denial of Service Testing Trusted Systems Testing Password Cracking Access Control Testing Containment Measures Testing Alert and Log Review Security Policy Review Verification Testing Logistics and Controls Network Surveying Intrusion Detection Review Survivability Review Privileged Service Testing
  4. 4. Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM) Finite Knowledge Limits What is the most detail, dirt, and nasty little secret I can find out by looking at the big picture?
  5. 5. Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM) Business Intelligence 1. Map and measure the directory structure of the web servers 2. Map the measure the directory structure of the FTP servers 3. Examine the WHOIS database for business services relating to registered host names 4. Determine the IT cost of the Internet infrastructure based on OS, Applications, and Hardware. 5. Determine the cost of support infrastructure based on regional salary requirements for IT professionals, job postings, number of personnel, published resumes, and responsibilities. 6. Measure the buzz (feedback) of the organization based on newsgroups, web boards, and industry feedback sites 7. Record the number of products being sold electronically (for download) 8. Record the number of products found in P2P sources, wares sites, available cracks up to specific versions, and documentation both internal and third party about the products 9. Identify the business partners 10. Identify the customers from organizations to industry sectors 11. Verify the clarity and ease of use of the merchandise purchasing process 12. Verify the clarity and ease of use for merchandise return policy and process 13. Verify that all agreements made over the Internet from digital signature to pressing a button which signifies acceptance of an end-user agreement can be repudiated immediately and for up to 7 days. When I look deep inside myself, I see your weaknesses.
  6. 6. Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM) Privacy Review Policy 1. Identify public privacy policy 2. Identify web-based forms 3. Identify database type and location for storing data 4. Identify data collected by the organization 5. Identify storage location of data 15. Identify fictionalized persons, organizations, institutions with real persons. 16. Identify persons or organizations portrayed in a negative manner. 17. Identify persons, organizations, or materials which as themselves or of a likeness thereof which is used for commercial reasons as in web sites or advertisements. 18. Identify information about employees persons, organizations, or materials which contain private information. While nobody is watching you, I see you studying us.
  7. 7. Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM) Invisible Information Electromagnetic Radiation (EMR) Testing 802.11 Wireless Networks testing Bluetooth Networks Testing Wireless Input Device Testing Wireless Handheld Testing Cordless Communications Testing Wireless Surveillance Device Testing Wireless Transaction Device Testing RFID Testing Infrared Testing
  8. 8. Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM) Info Security for the Future Electromagnetic and High Frequency Firewalls • Invisible fences work for dogs and cats and not they work for information! All Frequency Intrusion Detection • Am I being bugged? • Is that your satellite relay coming through my home? Smart Electromagnetic Containment Measure Materials • Your radio waves are being monitored for my health.
  9. 9. Copyright 2002 - 2003 - Pete Herzog, Institute for Security and Open Methodologies (ISECOM) Processing the Masses Standards and Methodologies • Do it right the first time. Practical Security Conferences for Professionals • Spit out the bad practices • Suck in the good ones Hacker Highschool for Teens • From asocial to watchdog in just a few weeks!

×