Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

THE DECADE BEHIND AND THE DECADE AHEAD - Saumil Shah

146 views

Published on

Where we do depends a lot on where we came from. My talk takes us through a journey from 2001 to 2019 and looking at the decade that lies ahead.

https://nsconclave.net-square.com/the-decade-behind-and-the-decade-ahead.html

Published in: Technology
  • Be the first to comment

  • Be the first to like this

THE DECADE BEHIND AND THE DECADE AHEAD - Saumil Shah

  1. 1. NETSQUARE < THE DECADE BEHIND.. AND THE decade ahead > saumil shah - ceo, net-square
  2. 2. NETSQUARE NSCONCLAVE2020 #REPUBLICDAY सारे जहाँ से अ)छा
  3. 3. NETSQUARE #RepublicDaY2K
  4. 4. NETSQUARE # whoami - Saumil Shah THE ACCIDENTAL ENTREPRENEUR • 21 years in Infosec. • M.S. Computer Science Purdue University. • LinkedIn: saumilshah • Twitter: @therealsaumil
  5. 5. NETSQUARE YEAR 2000 Pentium 3 ~ 800MHz / 256M Ram / 20GB PCMCIA expansion, No USB Mobile Charges ₹14 / minute 64Kbps 1:4 "compressed broadband" The Dawn of WEB HACKING Hardware Used: Person to Person Communication: Internet Connectivity: Emerging Trends in Cybersecurity:
  6. 6. NETSQUARE EVOLUTION & MOORE'S LAW "THE NUMBER OF COMPONENTS PER INTEGRATED CIRCUIT SHALL DOUBLE EVERY COUPLE OF YEARS"
  7. 7. NETSQUARE Virginia Tech System X: Nov 2003 1100 PowerMac G5's 12 TFLOPS #3 Supercomputer in the world, November 2003 > 10 TFLOPS for < $10M Dr. Srinidhi Varadarajan
  8. 8. NETSQUARE NVIDIA AGX Xavier: Nov 2019
  9. 9. NETSQUARE 5 Minutes of Music 50MB 3.5MB 44.1KHz, Stereo 44.1KHz, Stereo
  10. 10. NETSQUARE Evolution's Outcomes
  11. 11. NETSQUARE 2007
  12. 12. NETSQUARE Again…Evolution
  13. 13. NETSQUARE The Evolution of Attacks: 2001-19
  14. 14. NETSQUARE Servers Applications Desktops Browsers Pockets Minds How Have Targets Shifted?
  15. 15. NETSQUARE IP:Port Applications on HTTP Broadband Networks HTML5 Wireless Connectivity Social Networks Target Enablers
  16. 16. NETSQUARE Attacks Follow The Money Defacement and DDoS ID Theft and Phishing Financial Fraud Targeted APT Ransomware Cambridge Analytica
  17. 17. NETSQUARE Evolution Quiz:
  18. 18. NETSQUARE
  19. 19. NETSQUARE FIREWALLS IDS/IPS ANTIVIRUS WAF DLP, EPS DEP, ASLR SANDBOX EVOLUTION OF DEFENSE 2001-19 DIFFERENT.... Reactive Approach Block the Bad Things and be Secure again
  20. 20. NETSQUARE FIREWALLS IDS/IPS ANTIVIRUS WAF DLP, EPS DEP, ASLR SANDBOX ONE-WAY ATTACK FRAGROUTER OBFUSCATION CHAR ENCODING DNS EXFIL ROP, INFOLEAK JAILBREAK DIFFERENT.... BUT SAME SAME
  21. 21. NETSQUARE Organizations have plenty volunteers to add layers of complexity… …but few none for attack surface reduction and reducing privileged code. THOMAS DULLIEN, "Why we are not building a defendable Internet" BH ASIA 2O17
  22. 22. NETSQUARE Security = "RISK REDUCTION" Rules Signatures Updates Machine Learning
  23. 23. NETSQUARE
  24. 24. NETSQUARE Microsoft 2001
  25. 25. NETSQUARE From: Bill Gates Sent: Tuesday, January 15, 2002 5:22 PM Subject: Trustworthy computing Every few years I have sent out a memo talking about the highest priority for Microsoft. Two years ago, it was the kickoff of our .NET strategy. Before that, it was several memos about the importance of the Internet to our future and the ways we could make the Internet truly useful for people. Over the last year it has become clear that ensuring .NET is a platform for Trustworthy Computing is more important than any other part of our work. If we don't do this, people simply won't be willing -- or able -- to take advantage of all the other great work we do. Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry to a whole new level of Trustworthiness in computing.
  26. 26. NETSQUARE
  27. 27. NETSQUARE 2005: Ciscogate – Michael Lynn https://www.schneier.com/blog/archives/2005/07/cisco_harasses.html
  28. 28. NETSQUARE 2009 CAN SEC WEST Photo credit: Garrett Gee
  29. 29. NETSQUARE Evolution of the Internet Physical Data Link IP TCP / UDP Session Presentation Application INTEROPERABILITY DECENTRALISED
  30. 30. NETSQUARE Evolution of the Internet HTTP WEB 1.0 WEB 2.0 CLOUDSocial N/W A.I. SKYNET HTTP IS THE DATAGRAM OF THE APPLICATION LAYER THE MATRIX VIRTUALISATION MOORE'S LAW BOSTON DYNAMICS F.A.A.N.G.
  31. 31. NETSQUARE
  32. 32. NETSQUARE
  33. 33. NETSQUARE A Brave New World
  34. 34. NETSQUARE Where Do We Live? #BREXIT #US Elections #CAA …typing
  35. 35. NETSQUARE PLANET CYBERSPACE NATURE'S AND PHYSICS' LAWS DON'T APPLY HERE. NEITHER DO YOUR GOVERNMENTS'
  36. 36. NETSQUARE Computerization, Discretion, Freedom Sergey Bratus, Anna Shubina December 31, 2015 Surveillance of social networking, pervasive user tracking in hopes of reaping profits promised by “big data”, and ubiquitous failure to secure stockpiled personal data went from being the concern of the few to making mainstream media. We’ve learned that what hurts privacy is also likely to hurt freedom. But, despite all these revelations, the worst and the most pervasive danger of computerizing our everyday lives has so far avoided public attention: that computers modify our behaviors related to discretion, professional autonomy, and, ultimately, moral choice. Computerization changes every area of human activity it touches, by bringing new rules and new metrics. With enough of these at work, humans must act with an eye to not just what they do (or should do) in the actual real-world situations, but also to how it will look in the computer representation of it—and the latter are never complete. And when they disagree, one must either spend the extra time and effort “fighting the system”, bend the rules—or give up.
  37. 37. NETSQUARE
  38. 38. NETSQUARE
  39. 39. NETSQUARE Alberto Brandolini @ziobrando (The Bullshit Asymmetry)
  40. 40. NETSQUARE THIS PERSON DOES NOT EXIST.COM Social Network Neighbourhood
  41. 41. NETSQUARE
  42. 42. NETSQUARE THE EVOLUTION OF ARTIFICIAL INTELLIGENCE
  43. 43. NETSQUARE
  44. 44. NETSQUARE CYBERSPACE BIOLOGY: CELLS = PIXELS • HUMAN FACULTIES FOR THREAT DETECTION FAIL IN CYBERSPACE. • FOR HUMANS, WHAT IS COMMON SENSE IN REALITY IS IGNORANCE IN VIRTUALITY. • FALSE SENSE OF SECURITY AND PRIVACY THROUGH INEFFECTIVE INFOSEC PRODUCTS.
  45. 45. NETSQUARE ELEMENTS OF A TRUSTWORTHY SYSTEM TRANSPARENCY METRICS RESILIENCE USERS
  46. 46. NETSQUARE BANK STATEMENTS Account Activity Spending Record Account Reconciliation Unauthorized Expenses
  47. 47. NETSQUARE Thomas Dullien http://addxorrol.blogspot.com/2018/03/a-bank-statement-for-app-activity-and.html "How could one empower users to account for their private data, while at the same time helping platform providers identify malicious software better? By providing users with the equivalent of a bank statement for app/software activity. The way I imagine it would be roughly as follows: A separate component of my mobile phone (or computer) OS keeps detailed track of app activity: What peripherals are accessed at what times, what files are accessed, etc." A BANK STATEMENT FOR APP/SOFTWARE ACTIVITY
  48. 48. NETSQUARE
  49. 49. NETSQUARE PEBKAC
  50. 50. NETSQUARE
  51. 51. NETSQUARE ROOT CAUSES OF "LACK OF TRUST" • THE INTERNET WAS DESIGNED FOR U.S. MILITARY COMMUNICATIONS. USER IDS WERE NEVER A PART OF ITS DESIGN. • ARE YOU ALLOWED TO DRIVE AN UNREGISTERED CAR ON THE ROAD, AND WITHOUT A DRIVERS' LICENSE?
  52. 52. NETSQUARE numberofusers infosec maturity HOPELESS UNINFORMED PROACTIVE ROCK STARS IDENTIFY YOUR TARGET USERS... Always going to be an enigma. If properly guided, these users are willing to improve their usage habits. The next Rock Star users. Leave them alone, and possibly learn from them.
  53. 53. NETSQUARE ...AND IMPROVE THEIR MATURITYnumberofusers infosec maturity HOPELESS UNINFORMED PROACTIVE ROCK STARS
  54. 54. NETSQUARE LET'S TALK ABOUT PASSWORDS
  55. 55. NETSQUARE https://xkcd.com/936 WE'VE SUCCESSFULLY TRAINED EVERYONE TO USE PASSWORDS THAT ARE HARD FOR HUMANS TO REMEMBER, BUT EASY FOR COMPUTERS TO GUESS.
  56. 56. NETSQUARE MAKE AUTHENTICATION GREAT AGAIN
  57. 57. NETSQUARE PUT THE USER IN CONTROL
  58. 58. NETSQUARE
  59. 59. NETSQUARE
  60. 60. NETSQUARE RESIST Pass The Parcel Rules, Signatures, Updates, Patches The Next Short-Lived Security Product Encumber Your Users INFOSEC: The business of selling FEAR
  61. 61. NETSQUARE RESONATE Take Ownership Build Defendable Systems Security and Trustworthiness as a core feature EMPOWER Your Users INFOSEC: The business of enabling TRUST
  62. 62. NETSQUARE JAI HIND saumil@net-square.com @therealsaumil

×