SlideShare a Scribd company logo

Preventing zero day cyber attacks

Paresh Thakkar
Paresh Thakkar

Tricks to remain immune from new and upcoming virus, even before your anti-virus is updated

Technology
1 of 13
Download to read offline
Tricks to remain immune from newTricks to remain immune from new and upcoming virus, even before your anti-virus is updated Expect the Unexpected: Heraclitus [Greek Philosopher] 1© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
DEFINE THE PROBLEM : Accessing your organisation’s security posture is critical to understand steps to take for adequate security to information data, identity data and DEFINE THE WORKSPACE: IDENTIFY THE DOORS: DEPLOYING SPECIALIST S/W: identity data and operations. MAP YOUR OFFICE: ACCESS CONTROL: KEEPING SYSTEMS UPDATED: 2© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
• Despite having an Anti-virus, your computer users complain of slow system performance, or internet access, or computer users complain of slow system performance, or internet access, or printing taking more than usual time. • You suspect, some virus at work, but believe that your anti-virus software might be working, so ignore the suspect, and try troubleshooting the problem, usually ending up formating the system, PROBLEM DEFINED: and try troubleshooting the problem, usually ending up formating the system, and in effect reducing productivity of that user for the time you are busy formating, and installing relevant new software. 3© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
• Talking to the antivirus vendor, might result in them giving amight result in them giving a new tool for solving the problem at hand. • However, such problems can be prevented if you follow some simple procedures. USUAL FIRST STEPS: simple procedures. • Know what you are managing… 4© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
• List down all applications in use in your organisation, and selectively, whitelist them in your Antivirus software. This can APPLICATION WHITELISTING them in your Antivirus software. This can easily be achieved by keeping the administrator account password within IT, and letting users run known programs. Any new entrant, patch to existing program should be tested in a sandbox computer before installing on production systems. DEFINED WORKSPACE: systems. • Whenever the antivirus detects a malware/trojan, update your application blacklist, and get the end clients to update themselves of the changes 5© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
• Enlist all entry points into your IT systems…they can be mail KNOW WHAT TO PROTECT systems…they can be mail servers, webservers, FTP servers, SQl databases, firewalls, fileservers etc • An anti virus at all entry points IDENTIFY THE DOORS: • An anti virus at all entry points into your IT infrastructure helps prevent known virus and malware/trojans entering. 6© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
• Pick appropriate type of antivirus, say, a mailserver, cannot be fully protected, if you install desktop antivirus on that APPLICATION WHITELISTING mailserver, cannot be fully protected, if you install desktop antivirus on that computer. You need to have an antivirus in-line with the server process, say SMTP Anti-virus server, POP/IMAP Antivirus server. • Usually these antivirus are specialised SPECIALIST S/W: • Usually these antivirus are specialised apps, sold by the mailserver vendor, or system integrator. Take their help in identifying right selection. 7© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
• Know the architecture of the network at your office, if required, redesign that to make small segments. Small segments NETWORK SEGMENTATION make small segments. Small segments help control broadcasts, and virus self- propogation. The trojan/malware will get limited within that segment. • Usually these segmentation is achieved by VLANs, or simple TCP IP addresses of different subnets. • The idea is to separate networks of MAP YOUR OFFICE: • The idea is to separate networks of computers of different risk profile users, such as finance, sales, marketing and management; Internet facing computers, DMZ devices etc. 8© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
• Give users access to only those folders they need to access. DO not LIMIT USERS NETWORK RIGHTS folders they need to access. DO not give them full access to folders ever. By default, all folders should be NOT SHARED. • Give sharing on a need-to-know basis. • Do not allow users to use administrator accounts. Change ACCESS CONTROL: administrator accounts. Change passwords of all administrator users, and give them standard users privileges. 9© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
• Keep all the entry point servers/routers/firewalls/ KEEP YOUR ENTRY POINTS UPDATED servers/routers/firewalls/ gateways patched to recent updates sent by the manufacturer. • Most hackers have access to known vulnerabilities, and keep UPDATES: Most hackers have access to known vulnerabilities, and keep seeking unpatched systems to attack. 10© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
• If at all you are in the middle of an attack, identify infected systems, isolate them from network, limit the damage, keep communicating with the stakeholders involved, such KEEP YOUR COMMUNICATIONS HANDY keep communicating with the stakeholders involved, such as end-users, managers, data owners and management. • Your management does not want to hear the technical details of what exactly happened, keep an executive summary ready, which would have key elements answered: how long would it take to kick back to service, how much cost [if any] and if standby systems are ready, RESPONSE: how much cost [if any] and if standby systems are ready, their status, and system availability. • Communicate with all levels, if any Dos or DON’ts have to be followed immediately, verbally, or via available communication means. 11© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
Today’s IT professionals must equip themselves for not onlyToday’s IT professionals must equip themselves for not only known threats, but the new reality of unknown threats. Troubleshooting, prevention of recurrence and communication are key skills you should have. Finally, be ready for any eventuality, anytime, as rightly phrased by the ancient Greek philosopher Heraclitus “Expect the Unexpected”“Expect the Unexpected” 12© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
I AM REACHABLE ON PCTHAKKAR @ GMAIL . COM 13 @pcthakkar/pcthakkar © Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com

Recommended

Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Symantec
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
rbrockway
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
Burak DAYIOGLU
 
Vulnerability Management V0.1
Vulnerability Management V0.1Vulnerability Management V0.1
Vulnerability Management V0.1
TECHNOLOGY CONTROL CO.
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability Management
Vicky Ames
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
Marcelo Martins
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
Damon Small
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
primeteacher32
 

Recommended

Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Symantec
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
rbrockway
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
Burak DAYIOGLU
 
Vulnerability Management V0.1
Vulnerability Management V0.1Vulnerability Management V0.1
Vulnerability Management V0.1
TECHNOLOGY CONTROL CO.
 
Effective Vulnerability Management
Effective Vulnerability ManagementEffective Vulnerability Management
Effective Vulnerability Management
Vicky Ames
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
Marcelo Martins
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
Damon Small
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
primeteacher32
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
Sasha Nunke
 
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskVulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
BeyondTrust
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault
 
Why Do We Need to Third-Party Security Solution?
Why Do We Need to Third-Party Security Solution?Why Do We Need to Third-Party Security Solution?
Why Do We Need to Third-Party Security Solution?
Davoud Teimouri
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3
Eoin Keary
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?
Skybox Security
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM Success
AlienVault
 
Vulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) OverviewVulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) Overview
Susan Rantall
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Framework
jpubal
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
Argyle Executive Forum
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
Alisha Henderson
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
Ivanti
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Qualys
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?
Skybox Security
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurity
Venkat Alagarsamy
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability Management
Jim Piechocki
 
Web Application Vulnerability Management
Web Application Vulnerability ManagementWeb Application Vulnerability Management
Web Application Vulnerability Management
jpubal
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 
Top 10 steps towards eliminating inside threats by paresh thakkar
Top 10 steps towards eliminating inside threats by paresh thakkarTop 10 steps towards eliminating inside threats by paresh thakkar
Top 10 steps towards eliminating inside threats by paresh thakkar
Paresh Thakkar
 
Information security
Information securityInformation security
Information security
Shanthamallachar D B
 

More Related Content

What's hot

Vulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskVulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
BeyondTrust
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
AlienVault
 
Vulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) OverviewVulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) Overview
Susan Rantall
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
Argyle Executive Forum
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Qualys
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?
Skybox Security
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurity
Venkat Alagarsamy
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
AlienVault
 

What's hot (20)

Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce RiskVulnerability Management: How to Think Like a Hacker to Reduce Risk
Vulnerability Management: How to Think Like a Hacker to Reduce Risk
 
Vulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize RiskVulnerability Management: What You Need to Know to Prioritize Risk
Vulnerability Management: What You Need to Know to Prioritize Risk
 
Why Do We Need to Third-Party Security Solution?
Why Do We Need to Third-Party Security Solution?Why Do We Need to Third-Party Security Solution?
Why Do We Need to Third-Party Security Solution?
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM Success
 
Vulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) OverviewVulnerability Assessment & Analysis (VAA) Overview
Vulnerability Assessment & Analysis (VAA) Overview
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Framework
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?Is Your Vulnerability Management Program Keeping Pace With Risks?
Is Your Vulnerability Management Program Keeping Pace With Risks?
 
Enterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurityEnterprise mobileapplicationsecurity
Enterprise mobileapplicationsecurity
 
USPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability ManagementUSPS CISO Academy - Vulnerability Management
USPS CISO Academy - Vulnerability Management
 
Web Application Vulnerability Management
Web Application Vulnerability ManagementWeb Application Vulnerability Management
Web Application Vulnerability Management
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 

Similar to Preventing zero day cyber attacks

Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklist
backdoor
 
Injection techniques conversys
Injection techniques conversysInjection techniques conversys
Injection techniques conversys
Krishnendu Paul
 
Breakingpoint Application Threat and Intelligence (ATI) Program
Breakingpoint Application Threat and Intelligence (ATI) ProgramBreakingpoint Application Threat and Intelligence (ATI) Program
Breakingpoint Application Threat and Intelligence (ATI) Program
Ixia
 
CTECH StackedDefense™
CTECH StackedDefense™CTECH StackedDefense™
CTECH StackedDefense™
Alex Body
 
OWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls PresentationOWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls Presentation
OWASP Atlanta
 

Similar to Preventing zero day cyber attacks (20)

Top 10 steps towards eliminating inside threats by paresh thakkar
Top 10 steps towards eliminating inside threats by paresh thakkarTop 10 steps towards eliminating inside threats by paresh thakkar
Top 10 steps towards eliminating inside threats by paresh thakkar
 
Information security
Information securityInformation security
Information security
 
Corona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementCorona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat Management
 
Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6Cyber Security Awareness Month 2017-Nugget 6
Cyber Security Awareness Month 2017-Nugget 6
 
What is dr and bc 12-2017
What is dr and bc 12-2017What is dr and bc 12-2017
What is dr and bc 12-2017
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklist
 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from Ransomware
 
Cybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptxCybersecurity for Small Business - Incident Response.pptx
Cybersecurity for Small Business - Incident Response.pptx
 
Injection techniques conversys
Injection techniques conversysInjection techniques conversys
Injection techniques conversys
 
Newsletter connect - June 2016
Newsletter connect - June 2016Newsletter connect - June 2016
Newsletter connect - June 2016
 
Breakingpoint Application Threat and Intelligence (ATI) Program
Breakingpoint Application Threat and Intelligence (ATI) ProgramBreakingpoint Application Threat and Intelligence (ATI) Program
Breakingpoint Application Threat and Intelligence (ATI) Program
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
CTECH StackedDefense™
CTECH StackedDefense™CTECH StackedDefense™
CTECH StackedDefense™
 
Train Employees to Avoid Cybercrime
Train Employees to Avoid CybercrimeTrain Employees to Avoid Cybercrime
Train Employees to Avoid Cybercrime
 
The New Rules For IT Security - SME's
The New Rules For IT Security - SME'sThe New Rules For IT Security - SME's
The New Rules For IT Security - SME's
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
 
OWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls PresentationOWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls Presentation
 
Spamtitan_brochure_V3
Spamtitan_brochure_V3Spamtitan_brochure_V3
Spamtitan_brochure_V3
 
ISS CAPSTONE TEAM
ISS CAPSTONE TEAMISS CAPSTONE TEAM
ISS CAPSTONE TEAM
 
Practical Defense
Practical DefensePractical Defense
Practical Defense
 

Recently uploaded

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 

Preventing zero day cyber attacks

  • 1. Tricks to remain immune from newTricks to remain immune from new and upcoming virus, even before your anti-virus is updated Expect the Unexpected: Heraclitus [Greek Philosopher] 1© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
  • 2. DEFINE THE PROBLEM : Accessing your organisation’s security posture is critical to understand steps to take for adequate security to information data, identity data and DEFINE THE WORKSPACE: IDENTIFY THE DOORS: DEPLOYING SPECIALIST S/W: identity data and operations. MAP YOUR OFFICE: ACCESS CONTROL: KEEPING SYSTEMS UPDATED: 2© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
  • 3. • Despite having an Anti-virus, your computer users complain of slow system performance, or internet access, or computer users complain of slow system performance, or internet access, or printing taking more than usual time. • You suspect, some virus at work, but believe that your anti-virus software might be working, so ignore the suspect, and try troubleshooting the problem, usually ending up formating the system, PROBLEM DEFINED: and try troubleshooting the problem, usually ending up formating the system, and in effect reducing productivity of that user for the time you are busy formating, and installing relevant new software. 3© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
  • 4. • Talking to the antivirus vendor, might result in them giving amight result in them giving a new tool for solving the problem at hand. • However, such problems can be prevented if you follow some simple procedures. USUAL FIRST STEPS: simple procedures. • Know what you are managing… 4© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
  • 5. • List down all applications in use in your organisation, and selectively, whitelist them in your Antivirus software. This can APPLICATION WHITELISTING them in your Antivirus software. This can easily be achieved by keeping the administrator account password within IT, and letting users run known programs. Any new entrant, patch to existing program should be tested in a sandbox computer before installing on production systems. DEFINED WORKSPACE: systems. • Whenever the antivirus detects a malware/trojan, update your application blacklist, and get the end clients to update themselves of the changes 5© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
  • 6. • Enlist all entry points into your IT systems…they can be mail KNOW WHAT TO PROTECT systems…they can be mail servers, webservers, FTP servers, SQl databases, firewalls, fileservers etc • An anti virus at all entry points IDENTIFY THE DOORS: • An anti virus at all entry points into your IT infrastructure helps prevent known virus and malware/trojans entering. 6© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
  • 7. • Pick appropriate type of antivirus, say, a mailserver, cannot be fully protected, if you install desktop antivirus on that APPLICATION WHITELISTING mailserver, cannot be fully protected, if you install desktop antivirus on that computer. You need to have an antivirus in-line with the server process, say SMTP Anti-virus server, POP/IMAP Antivirus server. • Usually these antivirus are specialised SPECIALIST S/W: • Usually these antivirus are specialised apps, sold by the mailserver vendor, or system integrator. Take their help in identifying right selection. 7© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
  • 8. • Know the architecture of the network at your office, if required, redesign that to make small segments. Small segments NETWORK SEGMENTATION make small segments. Small segments help control broadcasts, and virus self- propogation. The trojan/malware will get limited within that segment. • Usually these segmentation is achieved by VLANs, or simple TCP IP addresses of different subnets. • The idea is to separate networks of MAP YOUR OFFICE: • The idea is to separate networks of computers of different risk profile users, such as finance, sales, marketing and management; Internet facing computers, DMZ devices etc. 8© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
  • 9. • Give users access to only those folders they need to access. DO not LIMIT USERS NETWORK RIGHTS folders they need to access. DO not give them full access to folders ever. By default, all folders should be NOT SHARED. • Give sharing on a need-to-know basis. • Do not allow users to use administrator accounts. Change ACCESS CONTROL: administrator accounts. Change passwords of all administrator users, and give them standard users privileges. 9© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
  • 10. • Keep all the entry point servers/routers/firewalls/ KEEP YOUR ENTRY POINTS UPDATED servers/routers/firewalls/ gateways patched to recent updates sent by the manufacturer. • Most hackers have access to known vulnerabilities, and keep UPDATES: Most hackers have access to known vulnerabilities, and keep seeking unpatched systems to attack. 10© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
  • 11. • If at all you are in the middle of an attack, identify infected systems, isolate them from network, limit the damage, keep communicating with the stakeholders involved, such KEEP YOUR COMMUNICATIONS HANDY keep communicating with the stakeholders involved, such as end-users, managers, data owners and management. • Your management does not want to hear the technical details of what exactly happened, keep an executive summary ready, which would have key elements answered: how long would it take to kick back to service, how much cost [if any] and if standby systems are ready, RESPONSE: how much cost [if any] and if standby systems are ready, their status, and system availability. • Communicate with all levels, if any Dos or DON’ts have to be followed immediately, verbally, or via available communication means. 11© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
  • 12. Today’s IT professionals must equip themselves for not onlyToday’s IT professionals must equip themselves for not only known threats, but the new reality of unknown threats. Troubleshooting, prevention of recurrence and communication are key skills you should have. Finally, be ready for any eventuality, anytime, as rightly phrased by the ancient Greek philosopher Heraclitus “Expect the Unexpected”“Expect the Unexpected” 12© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
  • 13. I AM REACHABLE ON PCTHAKKAR @ GMAIL . COM 13 @pcthakkar/pcthakkar © Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com