Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Social Engineering and other Foes in the GDPR Year

37 views

Published on

Il workshop è dedicato all'approfondimento di una serie di attacchi e minacce da tener sotto controllo per ottemperare al pieno rispetto del GDPR.
Si approfondiranno temi legati a crittografia, data loss prevention, sicurezza fisica, social engineering attack e Open Source Intelligence.
Una veloce full immersion utile per sintetizzare e costruire il nuovo modus operandi ICT aziendale.

Target:
Lato domanda ICT: CIO, CISO, tecnici dei sistemi informatici e della loro sicurezza, responsabili delle diverse direzioni utenti dei sistemi informatici, responsabili del personale e dell’organizzazione, responsabili degli acquisti, CEO, COO e decisori sull’ICT
Lato offerta ICT: personale commerciale e marketing, tecnici, responsabili del personale e dell’organizzazione, CEO e COO, oltre a CIO, CSO, CISO e personale delle loro strutture.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Social Engineering and other Foes in the GDPR Year

  1. 1. SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  2. 2. •AIPSI, ASSOCIAZIONE ITALIANA PROFESSIONISTI SICUREZZA INFORMATICA, CAPITOLO ITALIANO DI ISSA, INFORMATION SYSTEMS SECURITY ASSOCIATION, (WWW.ISSA.ORG) CHE CONTA >>10.000 SOCI, LA PIÙ GRANDE ASSOCIAZIONE NON-PROFIT DI PROFESSIONISTI DELLA SICUREZZA ICT NEL MONDO •AIPSI È IL PUNTO DI AGGREGAZIONE SUL TERRITORIO E DI TRASFERIMENTO DI KNOW-HOW PER I PROFESSIONISTI DELLA SICUREZZA DIGITALE, SIA DIPENDENTI SIA LIBERI PROFESSIONISTI ED IMPRENDITORI DEL SETTORE •SEDE CENTRALE: MILANO •SEDI TERRITORIALI : ANCONA-MACERATA, LECCE, TORINO, VERONA- VENEZIA •CONTATTI: AIPSI@AIPSI.ORG, SEGRETERIA@AIPSI.ORG Siamo presenti per tutti i 3 giorni di SMAU nella Area Community ICT VIENI A TROVARCI ! 2
  3. 3. • AIUTARE I PROPRI SOCI NELLA CRESCITA PROFESSIONALE E QUINDI NELLA CRESCITA DEL LORO BUSINESS • OFFRIRE AI PROPRI SOCI SERVIZI QUALIFICATI PER TALE CRESCITA, CHE INCLUDONO • CONVEGNI, WORKSHOP, WEBINAR SIA A LIVELLO NAZIONALE CHE INTERNAZIONALE VIA ISSA • RAPPORTI ANNUALI E SPECIFICI OAD, OSSERVATORIO ATTACCHI DIGITALI IN ITALIA NEL NUOVO SITO HTTPS://WWW.OADWEB.IT • SUPPORTO NELL’INTERO CICLO DI VITA PROFESSIONALE • FORMAZIONE SPECIALIZZATA E SUPPORTO ALLE CERTIFICAZIONI, IN PARTICOLARE ECF PLUS (EN 16234-1:2016, IN ITALIA UNI 11506) • RAPPORTI CON ALTRI SOCI A LIVELLO NAZIONALE (AIPSI) ED INTERNAZIONALI (ISSA) • CONTRIBUIRE ALLA DIFFUSIONE DELLA CULTURA E ALLA SENSIBILIZZAZIONE PER LA SICUREZZA DIGITALE • COLLABORAZIONE CON VARIE ASSOCIAZIONI ED ENTI PER EVENTI ED INIZIATIVE CONGIUNTE Creazione del Gruppo di lavoro CSWI, Cyber Security Women’s Italy, aperto anche alle Signore non Socie AIPSI 3 A breve disponibile il nuovo Rapporto 2018 OAD
  4. 4. UTM SECURITY APPLIANCES Unified Threat Management Next Generation Firewall (NGFW) SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  5. 5. NGFW / UTM • • • • SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  6. 6. authentication systems or methods are based on one or more of these five factors: • • • • • SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  7. 7. Another method that is becoming popular is out-of-band authentication. This is a process whereby the system you are authenticating gets information from public records and asks you questions to help authenticate you. For example, the system might retrieve your credit report and then query you about specific entries in it. SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  8. 8. YOU START REDUCING SECURITY SETTINGS TO INCREASE INTEROPERABILITY WITH OTHER OPERATING SYSTEMS OR APPLICATIONS, YOU INTRODUCE WEAKNESSES THAT MAY BE EXPLOITED SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  9. 9. THREATCROWD.ORG SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  10. 10. https://pipl.com/ SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  11. 11. HTTPS://OPENPHISH.COM SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  12. 12. HTTPS://OPENPHISH.COM SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  13. 13. HTTPS://OSINTFRAMEWORK.COM/ SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  14. 14. SHODAN.IO SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  15. 15. HTTPS://WPVULNDB.COM/ SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  16. 16. HTTPS://HAVEIBEENPWNED.COM/ SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  17. 17. HTTPS://PASTEBIN.COM/ SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  18. 18. HTTPS://WWW.EXPLOIT-DB.COM/GOOGLE-HACKING-DATABASE/ SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  19. 19. HTTPS://WWW.EXPLOIT-DB.COM/GOOGLE-HACKING-DATABASE/ GOOGLE DORK SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  20. 20. • • User Issues • This issue is best addressed by training and education. An untrained user cannot possibly adhere to good security practices because he or she is not aware of them. Security training is just as important as any technology that you can purchase or policy that you can implement. SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  21. 21. ZERO-DAY EXPLOITS • Secure Protocols • HTTP – HTTPS • SMTP – SMTPS • POP3 – POP3S • SMTP – SMTPS • IMAP - IMAPS • FTP – SFTP • SSH • DNS – DNSSEC • LDAP – LDAPS • RTP - sRTP SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  22. 22. • • • • • SECURITY BY DESIGN SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  23. 23. • • • • • • • • • • SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  24. 24. SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  25. 25. • • A SOCIAL ENGINEERING ATTACK MAY COME FROM SOMEONE POSING AS A VENDOR, OR IT COULD TAKE THE FORM OF AN EMAIL FROM A (SUPPOSEDLY) TRAVELING EXECUTIVE WHO INDICATES THAT THEY HAVE FORGOTTEN HOW TO LOG ON TO THE NETWORK OR HOW TO GET INTO THE BUILDING OVER THE WEEKEND. OCCASIONALLY, SOCIAL ENGINEERING IS ALSO REFERRED TO AS WETWARE. THIS TERM IS USED BECAUSE IT IS A FORM OF HACKING THAT DOES NOT REQUIRE SOFTWARE OR HARDWARE BUT RATHER THE GRAY MATTER OF THE BRAIN SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  26. 26. • SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  27. 27. SOCIAL ENGINEERING • • • • • • • • • • SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  28. 28. GREED SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  29. 29. • • • • • • • SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  30. 30. • • • SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG
  31. 31. SMAU MILANO – 23/10/2018 - Social Engineering and other Foes in the GDPR Year – Massimo Chirivì – www.massimochirivi.net – AIPSI – WWW.AIPSI.ORG

×