SlideShare a Scribd company logo

Hvordan stopper du CryptoLocker?

Download as PPTX, PDF
S
Steinar Aandal-Vanger

Her kan du finne ut hvordan du kan hindre filene dine fra å bli kryptert av kriminelle.

Technology
1 of 38
Traps VS. Cryptolocker Steinar Aandal-Vanger Westcon Security
Hvem er vi? Steinar Aandal-Vanger Jobbet med Palo Alto Networks siden 2009 Palo Alto Networks instruktør Holdt Palo Alto kurs de siste 5 årene i Norge og på Island Har jobbet med it-sikkerhetsprodukter siden 1999, herunder Ironport, Check Point, Juniper, RSA Security, TippingPoint, SourceFire...m.fl. Westcon Security - distributør av it-sikkerhetsprodukter i Norge - Palo Alto Networks - Juniper - F5 - Arbor, Infoblox, HP Enterprise m.fl. 2 | © 2015, Palo Alto Networks. Confidential and Proprietary. WestconSecurity
Agenda • Traps – Advanced Endpoint protection • Ransomware • Traps; Exploit and Malware prevention • Prevention Stages
Is Real-Time, Automatic Prevention of Attacks that Exploit Unknown and Zero-Day Vulnerabilities Possible? 4 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Palo Alto Networks Security Platform Natively Integrated Extensible Automated Next-Generation Firewall Advanced Endpoint Protection WildFire Threat Intelligence Cloud TRAPS Unknown Files Query Verdict
What is the Best Approach to Preventing Attacks? Anatomy of a Targeted Attack Plan the Attack Gather Intelligence Silent Infection Leverage Exploit Malware Communicates with Attacker Control Channel Malicious File Executed Execute Malware Data Theft, Sabotage, Destruction Steal Data
What is the Best Approach to Preventing Attacks? Anatomy of a Targeted Attack Plan the Attack Gather Intelligence Silent Infection Leverage Exploit Malware Communicates with Attacker Control Channel Malicious File Executed Execute Malware Data Theft, Sabotage, Destruction Steal Data PotentialImpact
What is the Best Approach to Preventing Attacks? Anatomy of a Targeted Attack Traps Prevention Plan the Attack Gather Intelligence Silent Infection Leverage Exploit Malware Communicates with Attacker Control Channel Malicious File Executed Execute Malware Data Theft, Sabotage, Destruction Steal Data PotentialImpact
Exploits vs. Malicious Executables Exploit  Malformed data file  Processed by a legitimate application  Exploits a vulnerability in the legitimate application to allows the attacker to execute code  Small payload Malicious Executable  Malicious code  Does not rely on application vulnerabilities  Contains executable code  Aims to control the machine  Large payload Examples: weaponized PDF files & Flash videos Examples: ransomware, fake AV
Exploits vs. Malicious Executables Exploit  Malformed data file  Processed by a legitimate application  Exploits a vulnerability in the legitimate application to allows the attacker to execute code  Small payload Malicious Executable  Malicious code  Does not rely on application vulnerabilities  Contains executable code  Aims to control the machine  Large payload Examples: weaponized PDF files & Flash videos Examples: ransomware, fake AV “Next Gen” Anti-Malware Solutions Signature-based AV Palo Alto Networks Traps
1: Infect System with Malware 2: Restrict Access to System/Data 3: Profit! Ransomware, Cryptolocker etc…
User visits compromised website Exploit Kit silently exploits client-side vulnerability System infected, attacker has full access to steal data Drive-by download of malicious payload Via Website
Backdoor Trojan Exploit Document Backdoor Access Spear Phishing Email Attacker Target Via eMail
15 | © 2015, Palo Alto Networks. Confidential and Proprietary.
The 3 Core Capabilities of Advanced Endpoint Protection 1. Prevents Exploits Including unknown & zero-day exploits
The 3 Core Capabilities of Advanced Endpoint Protection 1. 2. Prevents Exploits Including unknown & zero-day exploits Prevents Malicious Executables Including unknown & advanced malware
The 3 Core Capabilities of Advanced Endpoint Protection 1. 2. Prevents Exploits Including unknown & zero-day exploits Prevents Malicious Executables Including unknown & advanced malware 3. Highly-Scalable, Integrated Security Platform For data exchange & cross-organization protection
Prevent Exploits Number of New Variants Each Year Individual Attacks Software Vulnerability Exploits +10,000s Core Techniques Exploitation Techniques < 3 *Source: CVEDetails.com Block the Core Techniques – Not the Individual Attacks
Exploit technique prevention 21 | ©2013, Palo Alto Networks. Confidential and Proprietary. A document is opened by user Traps engines seamlessly inject traps to the software that opens the file Process is protected. Traps perform NO scanning and NO monitoring CPU <0.1% In case of exploitation attempt, the exploit hits a “trap” and fails before any malicious activity initiation Attack is blocked before any malicious activity initiation Safe! Process is terminated Forensic data is collected Useradmin is notified Traps triggers immediate actions
Exploit Techniques - Example Begin Malicious Activity Normal Application Execution Heap Spray ROP Utilizing OS Function Gaps Are Vulnerabilities  Activate key logger  Steal critical data  More… Exploit Attack 1. Exploit attempt contained in a PDF sent by “known” entity. 2. PDF is opened and exploit techniques are set in motion to exploit vulnerability in Acrobat Reader. 3. Exploit evades AV and drops a malware payload onto the target. 4. Malware evades AV, runs in memory.
Exploit Techniques Normal Application Execution Heap Spray Traps EPM No Malicious Activity Exploit Attack Traps Exploit Prevention Modules (EPM) 1. Exploit attempt blocked. Traps requires no prior knowledge of the vulnerability. 1. Exploit attempt contained in a PDF sent by “known” entity. 2. PDF is opened and exploit techniques are set in motion to exploit vulnerability in Acrobat Reader. 3. Exploit evades AV and drops a malware payload onto the target. 4. Malware evades AV, runs in memory.
Exploit Techniques - Unknown Technique Normal Application Execution Unknown Exploit Technique ROP No Malicious Activity Traps EPM Exploit Attack 1. Exploit attempt contained in a PDF sent by “known” entity. 2. PDF is opened and exploit techniques are set in motion to exploit vulnerability in Acrobat Reader. 3. Exploit evades AV and drops a malware payload onto the target. 4. Malware evades AV, runs in memory. Traps Exploit Prevention Modules (EPM) 1. Exploit attempt blocked. Traps requires no prior knowledge of the vulnerability. 2. If there is a new technique it will succeed but the next one will be blocked, still preventing malicious activity.
Exploit Prevention Case Study Unknown Exploits Utilize Known Techniques DLL Security IE Zero Day CVE-2013-3893 Heap Spray DEP Circumvention UASLR ROP/Utilizing OS Function ROP Mitigation/ DLL Security Adobe Reader CVE-2013-3346 Heap Spray Memory Limit Heap Spray Check and Shellcode Preallocation DEP Circumvention UASLR Utilizing OS Function DLL Security Adobe Flash CVE-2015- 3010/0311 ROP ROP Mitigation JiT Spray J01 Utilizing OS Function DLL Security Memory Limit Heap Spray Check
Prevent Malicious Executables Advanced Execution Control Reduce surface area of attack. Control execution scenarios based on file location, device, child processes, unsigned executables. Local hash control allows for granular system hardening. Dynamic analysis with cloud- based threat intelligence. WildFire Inspection and Analysis Prevent unknown malware with technique-based mitigation. (Example: Thread Injection) Malware Techniques Mitigation
The Right Way to Prevent Malicious Executables User Tries to Open Executable File Restrictions And Executable Rules HASH Checked Against WildFire Malware Technique Prevention Employed WildFire ESM Forensics Collected Unknown? E X E Benign Malicious Examples Examples Child Process? Thread Injection? Restricted Folder or Device? Create Suspend? Execution Stopped Safe!
Utilization of OS functions JIT Heap Spray Child Process Suspend Guard Unsigned Executable Restricted Location Admin Pre-Set Verdicts Wildfire Known Verdict On Demand Inspection Injection Attempts Blockage Traps Malware Protection Example: CryptoLocker Traps Kill-Points Through the Attack Life Cycle Delivery Exploitation Download and Execute Execution Restriction 1 Execution Restriction 2 Execution Restriction 3 Local Verdict Check Wildfire Verdict Check Wildfire Inspection Malicious Thread Injection Intelligence and Emulation Traps Exploit Protection Advanced Execution Control Malicious Behavior Protection Memory Corruption Logic Flaws 4 5 6 78 9 10 Exploitation Technique 1 Exploitation Technique 2 Exploitation Technique 3 1 2 3
Exploit Prevention Notification
End User Alert Wildfire
End User Alert Unsigned Execution
End User Alert Suspend Guard
Traps Prevention Screen on ESM Console.
Traps System Requirements, Footprint, and Coverage Supported Operating Systems Footprint Workstations – Physical and Virtual  Windows XP SP3  Windows Vista SP2  Windows 7  Windows 8 / 8.1  Windows 10 Servers – Physical and Virtual  Windows Server 2003 32 bit  Windows Server 2008 (+R2)  Windows Server 2012 (+R2)  25 MB RAM  0.1% CPU  No Scanning Application Coverage  Default Policy: 100+ processes  Automatically detects new processes  Can extend protection to any application, including in-house developed apps.
Highly-Scalable, Integrated Security Platform Architecture  Scalability  Ease of security administration Operational Capabilities  Footprint  Performance Impact Platform Coverage  Physical systems  Virtual systems Threat Intelligence  Integrated threat intelligence  Threat data sharing
Traps Benefits Prevent Zero Day Vulnerabilities and Unknown Malware Install Patches on Your Own Schedule Protect ANY Application From Exploits Minimal Performance Impact Save Time and Money Signature-less No Frequent Updates Network and Cloud integration
Palo Alto Networks Security Platform Natively Integrated Extensible Automated Next-Generation Firewall Advanced Endpoint Protection Threat Intelligence Cloud TRAPS Unknown Files Query Verdict
Neste steg 40 | © 2015, Palo Alto Networks. Confidential and Proprietary. Ultimate Test Drive (UTD) Du få praktisk erfaring i bruk av TRAPS i en gruppe på 6-10 personer. Vår instruktør guider deg gjennom ulike konfigurasjonseksempler. Demo i eget nettverk. Hvis du allerede er overbevist om at TRAPS kan være riktig for deg, kan vi komme til deg og installere en live test i ditt eget nettverk. Begge aktiviteter er kostnadsfrie. Ta kontakt på webinar.no@westcon.com for mer informasjon. Legg til Subject: "Jeg vil være med på kostnadsfri UTD" Legg til Subject: "Jeg vil ha kostnadsfri TRAPS-demo i eget nettverk."
Thank you Steinar Aandal-Vanger Westcon Security 47 9189 8832

Recommended

Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Lancope, Inc.
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
Network Intelligence India
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
Global Micro Solutions
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
Yuval Sinay, CISSP, C|CISO
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
TISA
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
festival ICT 2016
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
Vamsee Krishna Kiran
 

Recommended

Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Lancope, Inc.
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
Network Intelligence India
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
Global Micro Solutions
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
Yuval Sinay, CISSP, C|CISO
 
Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554Apt sharing tisa protalk 2-2554
Apt sharing tisa protalk 2-2554
TISA
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
festival ICT 2016
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
Vamsee Krishna Kiran
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Ollie Whitehouse
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
Priyanka Aash
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
Satria Ady Pradana
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
ITpreneurs
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyCSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
Yhal Htet Aung
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
anupriti
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Roorkee Cetpa
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Shah Sheikh
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hacker
bestip
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of service
Vi Tính Hoàng Nam
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Security B-Sides
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Roorkee Cetpa
 
ECSA Exam Centre in Adyar
ECSA Exam Centre in Adyar ECSA Exam Centre in Adyar
ECSA Exam Centre in Adyar
sasikalaD3
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
G Prachi
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
Anton Chuvakin
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security Professional
Satria Ady Pradana
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
Priyanka Aash
 
Prottを支えるチームと技術
Prottを支えるチームと技術Prottを支えるチームと技術
Prottを支えるチームと技術
Sadaaki HIRAI
 
Bus_Rationale[1]
Bus_Rationale[1]Bus_Rationale[1]
Bus_Rationale[1]
Pedro L. Gonz
 

More Related Content

What's hot

EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
ITpreneurs
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hacker
bestip
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Security B-Sides
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 

What's hot (20)

Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyCSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hacker
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of service
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
ECSA Exam Centre in Adyar
ECSA Exam Centre in Adyar ECSA Exam Centre in Adyar
ECSA Exam Centre in Adyar
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
Down The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security ProfessionalDown The Rabbit Hole, From Networker to Security Professional
Down The Rabbit Hole, From Networker to Security Professional
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches Deception Technology: Use Cases & Implementation Approaches
Deception Technology: Use Cases & Implementation Approaches
 

Viewers also liked

HW_Infographic banner_FA_OUTLNS-lowres
HW_Infographic banner_FA_OUTLNS-lowresHW_Infographic banner_FA_OUTLNS-lowres
HW_Infographic banner_FA_OUTLNS-lowres
Christopher Kotz
 
Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016
Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016
Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016
Shuichi Tsutsumi
 
Portfolio Doc - The Goons
Portfolio Doc - The GoonsPortfolio Doc - The Goons
Portfolio Doc - The Goons
Keelan Filtness
 

Viewers also liked (14)

Prottを支えるチームと技術
Prottを支えるチームと技術Prottを支えるチームと技術
Prottを支えるチームと技術
 
Bus_Rationale[1]
Bus_Rationale[1]Bus_Rationale[1]
Bus_Rationale[1]
 
Reyes Review R5
Reyes Review R5Reyes Review R5
Reyes Review R5
 
IFES Presentation
IFES PresentationIFES Presentation
IFES Presentation
 
HW_Infographic banner_FA_OUTLNS-lowres
HW_Infographic banner_FA_OUTLNS-lowresHW_Infographic banner_FA_OUTLNS-lowres
HW_Infographic banner_FA_OUTLNS-lowres
 
Edward Deming the Forch
Edward Deming the ForchEdward Deming the Forch
Edward Deming the Forch
 
Sketch速習会@Wantedly
Sketch速習会@WantedlySketch速習会@Wantedly
Sketch速習会@Wantedly
 
Top JavaScript Frameworks Compared
Top JavaScript Frameworks ComparedTop JavaScript Frameworks Compared
Top JavaScript Frameworks Compared
 
юля плющ презентація
юля плющ презентаціяюля плющ презентація
юля плющ презентація
 
20161125 awsサービスアップデート
20161125 awsサービスアップデート20161125 awsサービスアップデート
20161125 awsサービスアップデート
 
Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016
Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016
Practical Core Bluetooth in IoT & Wearable projects @ UIKonf 2016
 
School life
School lifeSchool life
School life
 
負荷試験入門公開資料 201611
負荷試験入門公開資料 201611負荷試験入門公開資料 201611
負荷試験入門公開資料 201611
 
Portfolio Doc - The Goons
Portfolio Doc - The GoonsPortfolio Doc - The Goons
Portfolio Doc - The Goons
 

Similar to Hvordan stopper du CryptoLocker?

What is Remote Buffer Overflow Attack.pdf
What is Remote Buffer Overflow Attack.pdfWhat is Remote Buffer Overflow Attack.pdf
What is Remote Buffer Overflow Attack.pdf
uzair
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
lbcollins18
 

Similar to Hvordan stopper du CryptoLocker? (20)

(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Spyware risk it's time to get smart
Spyware risk it's time to get smartSpyware risk it's time to get smart
Spyware risk it's time to get smart
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
 
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day Reality
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
 
Continuous security testing - sharing responsibility
Continuous security testing - sharing responsibilityContinuous security testing - sharing responsibility
Continuous security testing - sharing responsibility
 
What is Remote Buffer Overflow Attack.pdf
What is Remote Buffer Overflow Attack.pdfWhat is Remote Buffer Overflow Attack.pdf
What is Remote Buffer Overflow Attack.pdf
 
Practical Incident Response - Work Guide
Practical Incident Response - Work GuidePractical Incident Response - Work Guide
Practical Incident Response - Work Guide
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration TestingAsegurarme de la Seguridad?, Un Vistazo al Penetration Testing
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
 
Computer security
Computer securityComputer security
Computer security
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 
Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanMalware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojan
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 
Kaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst SummitKaspersky North American Virus Analyst Summit
Kaspersky North American Virus Analyst Summit
 
Certified network defenders
Certified network defendersCertified network defenders
Certified network defenders
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Recently uploaded (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Hvordan stopper du CryptoLocker?

  • 2. Hvem er vi? Steinar Aandal-Vanger Jobbet med Palo Alto Networks siden 2009 Palo Alto Networks instruktør Holdt Palo Alto kurs de siste 5 årene i Norge og på Island Har jobbet med it-sikkerhetsprodukter siden 1999, herunder Ironport, Check Point, Juniper, RSA Security, TippingPoint, SourceFire...m.fl. Westcon Security - distributør av it-sikkerhetsprodukter i Norge - Palo Alto Networks - Juniper - F5 - Arbor, Infoblox, HP Enterprise m.fl. 2 | © 2015, Palo Alto Networks. Confidential and Proprietary. WestconSecurity
  • 3. Agenda • Traps – Advanced Endpoint protection • Ransomware • Traps; Exploit and Malware prevention • Prevention Stages
  • 4. Is Real-Time, Automatic Prevention of Attacks that Exploit Unknown and Zero-Day Vulnerabilities Possible? 4 | © 2015, Palo Alto Networks. Confidential and Proprietary.
  • 5. Palo Alto Networks Security Platform Natively Integrated Extensible Automated Next-Generation Firewall Advanced Endpoint Protection WildFire Threat Intelligence Cloud TRAPS Unknown Files Query Verdict
  • 6. What is the Best Approach to Preventing Attacks? Anatomy of a Targeted Attack Plan the Attack Gather Intelligence Silent Infection Leverage Exploit Malware Communicates with Attacker Control Channel Malicious File Executed Execute Malware Data Theft, Sabotage, Destruction Steal Data
  • 7. What is the Best Approach to Preventing Attacks? Anatomy of a Targeted Attack Plan the Attack Gather Intelligence Silent Infection Leverage Exploit Malware Communicates with Attacker Control Channel Malicious File Executed Execute Malware Data Theft, Sabotage, Destruction Steal Data PotentialImpact
  • 8. What is the Best Approach to Preventing Attacks? Anatomy of a Targeted Attack Traps Prevention Plan the Attack Gather Intelligence Silent Infection Leverage Exploit Malware Communicates with Attacker Control Channel Malicious File Executed Execute Malware Data Theft, Sabotage, Destruction Steal Data PotentialImpact
  • 9. Exploits vs. Malicious Executables Exploit  Malformed data file  Processed by a legitimate application  Exploits a vulnerability in the legitimate application to allows the attacker to execute code  Small payload Malicious Executable  Malicious code  Does not rely on application vulnerabilities  Contains executable code  Aims to control the machine  Large payload Examples: weaponized PDF files & Flash videos Examples: ransomware, fake AV
  • 10. Exploits vs. Malicious Executables Exploit  Malformed data file  Processed by a legitimate application  Exploits a vulnerability in the legitimate application to allows the attacker to execute code  Small payload Malicious Executable  Malicious code  Does not rely on application vulnerabilities  Contains executable code  Aims to control the machine  Large payload Examples: weaponized PDF files & Flash videos Examples: ransomware, fake AV “Next Gen” Anti-Malware Solutions Signature-based AV Palo Alto Networks Traps
  • 11. 1: Infect System with Malware 2: Restrict Access to System/Data 3: Profit! Ransomware, Cryptolocker etc…
  • 12. User visits compromised website Exploit Kit silently exploits client-side vulnerability System infected, attacker has full access to steal data Drive-by download of malicious payload Via Website
  • 13. Backdoor Trojan Exploit Document Backdoor Access Spear Phishing Email Attacker Target Via eMail
  • 14. 15 | © 2015, Palo Alto Networks. Confidential and Proprietary.
  • 15.
  • 16. The 3 Core Capabilities of Advanced Endpoint Protection 1. Prevents Exploits Including unknown & zero-day exploits
  • 17. The 3 Core Capabilities of Advanced Endpoint Protection 1. 2. Prevents Exploits Including unknown & zero-day exploits Prevents Malicious Executables Including unknown & advanced malware
  • 18. The 3 Core Capabilities of Advanced Endpoint Protection 1. 2. Prevents Exploits Including unknown & zero-day exploits Prevents Malicious Executables Including unknown & advanced malware 3. Highly-Scalable, Integrated Security Platform For data exchange & cross-organization protection
  • 19. Prevent Exploits Number of New Variants Each Year Individual Attacks Software Vulnerability Exploits +10,000s Core Techniques Exploitation Techniques < 3 *Source: CVEDetails.com Block the Core Techniques – Not the Individual Attacks
  • 20. Exploit technique prevention 21 | ©2013, Palo Alto Networks. Confidential and Proprietary. A document is opened by user Traps engines seamlessly inject traps to the software that opens the file Process is protected. Traps perform NO scanning and NO monitoring CPU <0.1% In case of exploitation attempt, the exploit hits a “trap” and fails before any malicious activity initiation Attack is blocked before any malicious activity initiation Safe! Process is terminated Forensic data is collected Useradmin is notified Traps triggers immediate actions
  • 21. Exploit Techniques - Example Begin Malicious Activity Normal Application Execution Heap Spray ROP Utilizing OS Function Gaps Are Vulnerabilities  Activate key logger  Steal critical data  More… Exploit Attack 1. Exploit attempt contained in a PDF sent by “known” entity. 2. PDF is opened and exploit techniques are set in motion to exploit vulnerability in Acrobat Reader. 3. Exploit evades AV and drops a malware payload onto the target. 4. Malware evades AV, runs in memory.
  • 22. Exploit Techniques Normal Application Execution Heap Spray Traps EPM No Malicious Activity Exploit Attack Traps Exploit Prevention Modules (EPM) 1. Exploit attempt blocked. Traps requires no prior knowledge of the vulnerability. 1. Exploit attempt contained in a PDF sent by “known” entity. 2. PDF is opened and exploit techniques are set in motion to exploit vulnerability in Acrobat Reader. 3. Exploit evades AV and drops a malware payload onto the target. 4. Malware evades AV, runs in memory.
  • 23. Exploit Techniques - Unknown Technique Normal Application Execution Unknown Exploit Technique ROP No Malicious Activity Traps EPM Exploit Attack 1. Exploit attempt contained in a PDF sent by “known” entity. 2. PDF is opened and exploit techniques are set in motion to exploit vulnerability in Acrobat Reader. 3. Exploit evades AV and drops a malware payload onto the target. 4. Malware evades AV, runs in memory. Traps Exploit Prevention Modules (EPM) 1. Exploit attempt blocked. Traps requires no prior knowledge of the vulnerability. 2. If there is a new technique it will succeed but the next one will be blocked, still preventing malicious activity.
  • 24. Exploit Prevention Case Study Unknown Exploits Utilize Known Techniques DLL Security IE Zero Day CVE-2013-3893 Heap Spray DEP Circumvention UASLR ROP/Utilizing OS Function ROP Mitigation/ DLL Security Adobe Reader CVE-2013-3346 Heap Spray Memory Limit Heap Spray Check and Shellcode Preallocation DEP Circumvention UASLR Utilizing OS Function DLL Security Adobe Flash CVE-2015- 3010/0311 ROP ROP Mitigation JiT Spray J01 Utilizing OS Function DLL Security Memory Limit Heap Spray Check
  • 25. Prevent Malicious Executables Advanced Execution Control Reduce surface area of attack. Control execution scenarios based on file location, device, child processes, unsigned executables. Local hash control allows for granular system hardening. Dynamic analysis with cloud- based threat intelligence. WildFire Inspection and Analysis Prevent unknown malware with technique-based mitigation. (Example: Thread Injection) Malware Techniques Mitigation
  • 26. The Right Way to Prevent Malicious Executables User Tries to Open Executable File Restrictions And Executable Rules HASH Checked Against WildFire Malware Technique Prevention Employed WildFire ESM Forensics Collected Unknown? E X E Benign Malicious Examples Examples Child Process? Thread Injection? Restricted Folder or Device? Create Suspend? Execution Stopped Safe!
  • 27. Utilization of OS functions JIT Heap Spray Child Process Suspend Guard Unsigned Executable Restricted Location Admin Pre-Set Verdicts Wildfire Known Verdict On Demand Inspection Injection Attempts Blockage Traps Malware Protection Example: CryptoLocker Traps Kill-Points Through the Attack Life Cycle Delivery Exploitation Download and Execute Execution Restriction 1 Execution Restriction 2 Execution Restriction 3 Local Verdict Check Wildfire Verdict Check Wildfire Inspection Malicious Thread Injection Intelligence and Emulation Traps Exploit Protection Advanced Execution Control Malicious Behavior Protection Memory Corruption Logic Flaws 4 5 6 78 9 10 Exploitation Technique 1 Exploitation Technique 2 Exploitation Technique 3 1 2 3
  • 29. End User Alert Wildfire
  • 30. End User Alert Unsigned Execution
  • 31. End User Alert Suspend Guard
  • 32. Traps Prevention Screen on ESM Console.
  • 33. Traps System Requirements, Footprint, and Coverage Supported Operating Systems Footprint Workstations – Physical and Virtual  Windows XP SP3  Windows Vista SP2  Windows 7  Windows 8 / 8.1  Windows 10 Servers – Physical and Virtual  Windows Server 2003 32 bit  Windows Server 2008 (+R2)  Windows Server 2012 (+R2)  25 MB RAM  0.1% CPU  No Scanning Application Coverage  Default Policy: 100+ processes  Automatically detects new processes  Can extend protection to any application, including in-house developed apps.
  • 34. Highly-Scalable, Integrated Security Platform Architecture  Scalability  Ease of security administration Operational Capabilities  Footprint  Performance Impact Platform Coverage  Physical systems  Virtual systems Threat Intelligence  Integrated threat intelligence  Threat data sharing
  • 35. Traps Benefits Prevent Zero Day Vulnerabilities and Unknown Malware Install Patches on Your Own Schedule Protect ANY Application From Exploits Minimal Performance Impact Save Time and Money Signature-less No Frequent Updates Network and Cloud integration
  • 36. Palo Alto Networks Security Platform Natively Integrated Extensible Automated Next-Generation Firewall Advanced Endpoint Protection Threat Intelligence Cloud TRAPS Unknown Files Query Verdict
  • 37. Neste steg 40 | © 2015, Palo Alto Networks. Confidential and Proprietary. Ultimate Test Drive (UTD) Du få praktisk erfaring i bruk av TRAPS i en gruppe på 6-10 personer. Vår instruktør guider deg gjennom ulike konfigurasjonseksempler. Demo i eget nettverk. Hvis du allerede er overbevist om at TRAPS kan være riktig for deg, kan vi komme til deg og installere en live test i ditt eget nettverk. Begge aktiviteter er kostnadsfrie. Ta kontakt på webinar.no@westcon.com for mer informasjon. Legg til Subject: "Jeg vil være med på kostnadsfri UTD" Legg til Subject: "Jeg vil ha kostnadsfri TRAPS-demo i eget nettverk."