From your Pocket to your Heart and Back

593 views

Published on

Cyber Security in the Financial and Healthcare Industries, and How They Affect Homeland Security

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
593
On SlideShare
0
From Embeds
0
Number of Embeds
20
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

From your Pocket to your Heart and Back

  1. 1. FromYour Pocket, to Your Heart, and Back Cyber Security in the Financial and Healthcare Industries, and How They Affect Homeland Security! ! Ian Amit, Director of Services
  2. 2. Hi!
  3. 3. Always remember that you are absolutely unique.! Just like everyone else.! Margaret Mead
  4. 4. Part I ! Where we look at some examples
  5. 5. The RAP Console is unauthenticated and displays information about the access point. Figure 1 shows a screenshot of the RAP Console home page. Figure 1: Unauthenticated RAP Console On the Diagnostics tab it is possible to view the conn_log, sapd_debug, dmseg, and rapper debug logs. The rapper debug log will log the PAP Username:
  6. 6. The RAP Console is unauthenticated and displays information about the access point. Figure 1 shows a screenshot of the RAP Console home page. Figure 1: Unauthenticated RAP Console On the Diagnostics tab it is possible to view the conn_log, sapd_debug, dmseg, and rapper debug logs. The rapper debug log will log the PAP Username: Wireless Network Penetration Testing Services setup_tunnel Initialized Timers IKE_init: completed after (0.0) (pid:16341) time:1999-12-31 16:37:53 seconds. Before getting PSK PSK:****** User:xiaobo1 Pass:****** A more serious information disclosure is the “Generate & save support file” option available on the home page of the RAP Console. The support.tgz file contained 73 files, including the ikepsk, pappasswd, and papuser files, as shown in Figure 2.
  7. 7. What’s the problem there?
  8. 8. Medical or Financial? What’s the problem there?
  9. 9. Medical or Financial? What’s the problem there? Who cares?
  10. 10. Medical or Financial? What’s the problem there? Who cares?
  11. 11. Fairly unique to healthcare, right?! Need to provide people access to medical facilities… Kind’a like a financial institution needs to provide customers access to facilities, and their money…
  12. 12. ASSETS Traditionally protected? Mapping all access paths? Mapping all storage locations? Secondary? Tertiary?…
  13. 13. Human Resources What can it tell on your organization? Business plans? Access to resources? Motivation (i.e. opportunity…)
  14. 14. Part II ! Where we try to connect MORE dots
  15. 15. The single biggest problem in communication is the illusion that it has taken place.! George Bernard Shaw
  16. 16. Homeland security? Critical Infrastructure!
  17. 17. Homeland security? Critical Infrastructure!
  18. 18. Homeland security? Critical Infrastructure!
  19. 19. Homeland security? Critical Infrastructure!
  20. 20. Homeland security? Critical Infrastructure!
  21. 21. Part III ! Where we “disprove” what we just learned :-P
  22. 22. Always remember that you are absolutely unique. ! Just like everyone else.! Margaret Mead Remember this?:
  23. 23. Always remember that you are absolutely unique. ! Just like everyone else.! Margaret Mead Remember this?:
  24. 24. We can't solve problems by using the same kind of thinking we used when we created them! Albert Einstein
  25. 25. Yes, you do need your! own special way of dealing! with your security posture.
  26. 26. What makes me “tick”? • What can take the business down?! ! • Who is involved???
  27. 27. vs. Product Centric Threat/Asset Centric
  28. 28. Let that last one sit there for a second… Product Centric Threat/Asset Centric
  29. 29. Let that last one sit there for a second… Product Centric Threat/Asset Centric
  30. 30. Let that last one sit there for a second… Produc RiskProduct Centric Threat/Asset Centric
  31. 31. Let that last one sit there for a second… Produc Risk Zero lateral knowledge transfer Peer knowledge transfer Product Centric Threat/Asset Centric
  32. 32. Let that last one sit there for a second… Produc Risk Zero lateral knowledge transfer Peer knowledge transfer Zero self learning (experience) Improves with practice Product Centric Threat/Asset Centric
  33. 33. Let that last one sit there for a second… Produc Risk Zero lateral knowledge transfer Peer knowledge transfer Zero self learning (experience) Improves with practice Based on lab threats Based on real (relevant) threats Product Centric Threat/Asset Centric
  34. 34. Let that last one sit there for a second… Produc Risk Zero lateral knowledge transfer Peer knowledge transfer Zero self learning (experience) Improves with practice Based on lab threats Based on real (relevant) threats “Industry Best Practice” Tailored for YOUR practice Product Centric Threat/Asset Centric
  35. 35. Product / Event Risk / Asset Vertical Lateral
  36. 36. Product / Event Risk / Asset Vertical Lateral
  37. 37. We all know the “how” ! Start asking “why”!
  38. 38. We all know the “how” ! Start asking “why”!
  39. 39. Thank YOU! ! @iiamit

×