Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sophos Day Belux 2014

538 views

Published on

How can Sophos help you to protect your infrastructure?

  • Be the first to comment

  • Be the first to like this

Sophos Day Belux 2014

  1. 1. Is your network h@Cking pr00f? Malik Mesellem
  2. 2. Malik Mesellem Ethical Hacker MME BVBA ° 2010 Security Audits & Training Objective approach Focus is to advise No-nonsense mentality
  3. 3. What are we afraid of? Buffer Overflows DoS Trojans Port Scans Spoofing
  4. 4. I don’t think so… Old skool attacks✝ We all have firewalls ;) (since 1990)
  5. 5. So WTH(ack) is the problem? And who is the enemy?
  6. 6. A new wave of client-side threats…
  7. 7. + Complex application-level attacks
  8. 8. + Complex application-level attacks
  9. 9. Your secure (?) infrastructure Web server Client DC App server Firewall
  10. 10. Hacker’s attack plan? ATTACK the border = web apps
  11. 11. Application-level attack SQL injection SELECT * FROM … WHERE … ‘ OR 1=1--
  12. 12. Web server DOWN ;(
  13. 13. Hacker’s attack plan? ATTACK the weakest = humans
  14. 14. Client-side attack Spear phishing email campaign CVE-2014-0515 0-day client-side exploits
  15. 15. Client computer DOWN ;(
  16. 16. You’ve just lost 2 assets! They are inside the network… Pivot, seek, and pwn!
  17. 17. Network-level attack Issues in OS or application Buffer overflow
  18. 18. Application server DOWN ;(
  19. 19. You’ve just lost 3 assets! Keys to your castle…
  20. 20. Now they go for the GOLD! Pass-the-Hash Token impersonation
  21. 21. GAME OVER You’ve lost everything $$$
  22. 22. GAME OVER You’ve lost everything $$$
  23. 23. OMG… we definitely need heroes!
  24. 24. Secure email gateway Vulnerability & patch UTM firewall Endpoint AV Mobile control management
  25. 25. Two-factor authentication Web application firewall Server security IDS/IPS Security audits Training
  26. 26. Two-factor authentication Web application firewall Server security IDS/IPS
  27. 27. What if…
  28. 28. Q&A? Is your network h@Cking pr00f? Malik Mesellem Thank you!

×