This presentation is an attempt to present the complex Subject of Cybersecurity in a concise format with main focus to present the core of Cybersecurity and best practises and standards to protect an enterprise Network.Comments of readers welcomed.Thank You (Wajahat Iqbal)
Email: Wajahat_Iqbal@yahoo.com
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Cybersecurity Fundamentals" will introduce you to the world of cybersecurity and talks about its basic concepts. Below is the list of topics covered in this session:
Need for cybersecurity
What is cybersecurity
Fundamentals of cybersecurity
Cyberattack Incident
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Cybersecurity Fundamentals" will introduce you to the world of cybersecurity and talks about its basic concepts. Below is the list of topics covered in this session:
Need for cybersecurity
What is cybersecurity
Fundamentals of cybersecurity
Cyberattack Incident
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
While some argue that cyber resilience is foundational for managing risk holistically in an increasingly complex world, others deride the concept as little more than the latest buzzword. This presentation provides an overview of what cyber resilience means and how it is being used by governments and corporations across different industries.
When identifying the most useful best-practice standards and guidance for implementing effective cyber security, it is important to establish the role that each fulfils, its scope and how it interacts (or will interact) with other standards and guidance.
Cybersecurity standards are generally applicable to all organisations regardless of their size or the industry and sector in which they operate. This page provides generic information on each of the standards that is usually recognised as an essential component of any cyber security strategy.
In today’s connected world, cyber security is a topic that nobody can afford to ignore. In recent years the number and frequency of attacks on industrial devices and other critical infrastructure has risen dramatically. Recent news stories about hackers shutting down critical infrastructure have left many companies wondering if they are vulnerable to similar attacks. In this webinar we will discuss the most common security threats and unique challenges in securing industrial networks. We will introduce the current standards and share some useful resources and best practices for addressing industrial cyber security.
Key Takeaways:
1. Gain perspective regarding common security threats facing industrial networks.
2. Learn about the relevant standards governing industrial cyber security.
3. Increase understanding of some best practices for securing industrial networks.
In this presentation Daniel Michaud-Soucy, Principal Threat Analyst at Dragos, will demonstrate three separate models in order to identify gaps in ICS security posture. First, threat modeling serves as an inward look as an ICS network defender in order to properly understand the environment, the threat actors, the impacts, the risks and the crown jewels pertaining to an industrial process. Second, the ICS cyber kill chain serves as an outward look at the steps an adversary needs to take in order to achieve their objectives. Third, the bowtie model allows a graphical representation of the threats to the environment as well as the protection, detection, and response controls that help secure it. In the end, the asset owner creates a holistic picture of the security controls in their network, pertaining to the threat actors they care about and allows identification of gaps in their strategy.
Visit www.dragos.com to learn more about the Dragos industrial cybersecurity platform for increased visibility of assets, threats and guided responses.
This is a working document for presentation to Cyber Security Professionals concerning a tactical mindset in securing cyberspace within organizations. High level, can add in case studies, more content to come Dec 2010 for the European, UK and German presentation. Feel free to respond to add to brief. Requires Notes
WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW
BEFORE, DURING AND AFTER AN ATTACK
View the webinar:
https://www2.fireeye.com/The_Board_and_CyberSecurity_webinar_EMEA.html?utm_source=SS
Download the full report:
https://www2.fireeye.com/WEB-2015-The-Cyber-Security-Playbook.html?utm_source=SS
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
With every Security & Privacy Breach survey pointing towards insiders as a potential threat and incidents leading to data loss and violation of the corporate information security policy, it is imperative that we answer the following questions:
Who are these insiders?
What activities do they carry out to breach security?
Why an insider seeks to cause harm?
How do we mitigate this threat?
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
Cybersecurity for Small Business - Incident Response.pptxArt Ocain
Art Ocain discusses approaches to ransomware incident response for small businesses. From the NIST 800-61 or SANS incident response framework, Art walks small business owners through the stages of response and recovery.
Cyber Security Professionals Viewed via Supply Chainaletarw
This research examines the issue of supply and demand for cybersecurity professionals to determine how to optimize the output of cybersecurity professionals through a supply chain. It was found that progress is impeded by the lack of a clearly defined and standardized definition of a cybersecurity worker and their associated knowledge, skills, and abilities. There is a known shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of President Obama who declared that the protection of our digital infrastructure is a national security priority. The problem with this declaration is that a literature review confirms there is no standard definition of a cybersecurity worker, associated skills, or educational requirements. The cybersecurity workforce to which we speak in this report consists of those who self-identify as cyber or security specialists as well as those who build and maintain the nation’s critical infrastructure. Considering the criticality of the national infrastructure, it is time for the US to take immediate steps to coordinate the development of the cybersecurity field and its associated workforce supply chain.
Clearance barriers to Cyber Security Professionaletarw
There is a shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of the Comprehensive National Cybersecurity Initiative. The purpose of this research is to find solutions to remove the barriers related to security clearance regulations that affect the cybersecurity professional. A fully qualified cybersecurity professional with the ability to obtain a clearance, may be unable to obtain a cybersecurity job because they lack the necessary clearance to apply for a job. A review of several studies and government reports confirmed the shortage of workers and security clearance processing, but none of those studies addressed the problem of the security clearance barriers. It would behoove the federal government to 1) allow students in the final semester of their cybersecurity degree program to begin the clearance investigation for a secret clearance; and/or 2) partner with industry to establish a scholarship program for students designed to develop cybersecurity professionals for government contractors. Each of these options represent a win-win for all parties and is a major step towards accomplishing what President Obama has declared as a national security priority.
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
While some argue that cyber resilience is foundational for managing risk holistically in an increasingly complex world, others deride the concept as little more than the latest buzzword. This presentation provides an overview of what cyber resilience means and how it is being used by governments and corporations across different industries.
When identifying the most useful best-practice standards and guidance for implementing effective cyber security, it is important to establish the role that each fulfils, its scope and how it interacts (or will interact) with other standards and guidance.
Cybersecurity standards are generally applicable to all organisations regardless of their size or the industry and sector in which they operate. This page provides generic information on each of the standards that is usually recognised as an essential component of any cyber security strategy.
In today’s connected world, cyber security is a topic that nobody can afford to ignore. In recent years the number and frequency of attacks on industrial devices and other critical infrastructure has risen dramatically. Recent news stories about hackers shutting down critical infrastructure have left many companies wondering if they are vulnerable to similar attacks. In this webinar we will discuss the most common security threats and unique challenges in securing industrial networks. We will introduce the current standards and share some useful resources and best practices for addressing industrial cyber security.
Key Takeaways:
1. Gain perspective regarding common security threats facing industrial networks.
2. Learn about the relevant standards governing industrial cyber security.
3. Increase understanding of some best practices for securing industrial networks.
In this presentation Daniel Michaud-Soucy, Principal Threat Analyst at Dragos, will demonstrate three separate models in order to identify gaps in ICS security posture. First, threat modeling serves as an inward look as an ICS network defender in order to properly understand the environment, the threat actors, the impacts, the risks and the crown jewels pertaining to an industrial process. Second, the ICS cyber kill chain serves as an outward look at the steps an adversary needs to take in order to achieve their objectives. Third, the bowtie model allows a graphical representation of the threats to the environment as well as the protection, detection, and response controls that help secure it. In the end, the asset owner creates a holistic picture of the security controls in their network, pertaining to the threat actors they care about and allows identification of gaps in their strategy.
Visit www.dragos.com to learn more about the Dragos industrial cybersecurity platform for increased visibility of assets, threats and guided responses.
This is a working document for presentation to Cyber Security Professionals concerning a tactical mindset in securing cyberspace within organizations. High level, can add in case studies, more content to come Dec 2010 for the European, UK and German presentation. Feel free to respond to add to brief. Requires Notes
WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW
BEFORE, DURING AND AFTER AN ATTACK
View the webinar:
https://www2.fireeye.com/The_Board_and_CyberSecurity_webinar_EMEA.html?utm_source=SS
Download the full report:
https://www2.fireeye.com/WEB-2015-The-Cyber-Security-Playbook.html?utm_source=SS
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
With every Security & Privacy Breach survey pointing towards insiders as a potential threat and incidents leading to data loss and violation of the corporate information security policy, it is imperative that we answer the following questions:
Who are these insiders?
What activities do they carry out to breach security?
Why an insider seeks to cause harm?
How do we mitigate this threat?
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
Cybersecurity for Small Business - Incident Response.pptxArt Ocain
Art Ocain discusses approaches to ransomware incident response for small businesses. From the NIST 800-61 or SANS incident response framework, Art walks small business owners through the stages of response and recovery.
Cyber Security Professionals Viewed via Supply Chainaletarw
This research examines the issue of supply and demand for cybersecurity professionals to determine how to optimize the output of cybersecurity professionals through a supply chain. It was found that progress is impeded by the lack of a clearly defined and standardized definition of a cybersecurity worker and their associated knowledge, skills, and abilities. There is a known shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of President Obama who declared that the protection of our digital infrastructure is a national security priority. The problem with this declaration is that a literature review confirms there is no standard definition of a cybersecurity worker, associated skills, or educational requirements. The cybersecurity workforce to which we speak in this report consists of those who self-identify as cyber or security specialists as well as those who build and maintain the nation’s critical infrastructure. Considering the criticality of the national infrastructure, it is time for the US to take immediate steps to coordinate the development of the cybersecurity field and its associated workforce supply chain.
Clearance barriers to Cyber Security Professionaletarw
There is a shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of the Comprehensive National Cybersecurity Initiative. The purpose of this research is to find solutions to remove the barriers related to security clearance regulations that affect the cybersecurity professional. A fully qualified cybersecurity professional with the ability to obtain a clearance, may be unable to obtain a cybersecurity job because they lack the necessary clearance to apply for a job. A review of several studies and government reports confirmed the shortage of workers and security clearance processing, but none of those studies addressed the problem of the security clearance barriers. It would behoove the federal government to 1) allow students in the final semester of their cybersecurity degree program to begin the clearance investigation for a secret clearance; and/or 2) partner with industry to establish a scholarship program for students designed to develop cybersecurity professionals for government contractors. Each of these options represent a win-win for all parties and is a major step towards accomplishing what President Obama has declared as a national security priority.
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai
What is CyberSecurity? Who are the threats? Why is cyber attack happening? How bad is it? How do attackers do it? What can we learn from Star Wars?
This presentations Cyber Attacks, State of CyberSecurity, some guidance for the students interested in getting into the field, and some great resources.
Presentations from CDE themed call launch event on 14 May 2013 - for full details of this call for proposals see: http://www.science.mod.uk/events/event_detail.aspx?eventid=264
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
National Cybersecurity - Roadmap and Action PlanDr David Probert
Analysis, strategies and practical action plans for National Government Cybersecurity based upon the United Nations - International Telecommunications Union - UN/ITU Cybersecurity Framework and their Global Cybersecurity Agenda - GCA.
Systems of Engagement offer much value to industry & government alike but care needs to be taken in how they are protected against cyber attack. In this presentation I explain Systems of Engagement & illustrate the benefits using government case studies. I then discuss the security challenges Systems of Engagement pose and how to address them with commercial software technologies. Finally I look ahead to how to defend Systems of Insight hosted on future generations of cloud technology.
Cyber & Process Attack Scenarios for ICSJim Gilsinn
Presented at the OPC Foundation's "The Information Revolution 2014" in Redmond, WA August 5-6, 2014
This presentation discusses the modes and methodologies an attacker may use against an industrial control system in order to create a complex process attack. The presentation then discusses some specific examples, both real and hypothetical. The presentation finishes with a description of some common ways in which an organization could defend itself against these types of attacks.
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
This post contains detailed Mindmap related to Complex subject of Cyber security and address critical components summarized as below:
- Cyber Security standards
- SOC (Security Operation Center)
- Cybersecurity Lifecycle
- Hacker Kill Chain
- Malware (Types,Protection Mechanism)
- Cyber Architecture
- CSC (Critical Security Standards)
- Incident Management
- Network Perimeter best security practices
- Final Case Study
I hope the Technical post is appreciated and liked by Security Consultants and Subject Matter experts on Cybersecurity.Your criticals Inputs are appreciated.Thank you
- Wajahat Iqbal
(Wajahat_Iqbal@Yahoo.com)
Developing a Multi-Layered Defense for Your Systems and Data
Confidence in the security of your IBM i systems and data requires a solid understanding of potential vulnerabilities, the most effective best practices, and technologies that minimize the possibility of a data breach. We’ve grouped important security best practices and technologies into overlapping layers that provide multiple lines of defense. The ultimate goal is to always have another layer of security to thwart a would-be intruder.
Whether you are a systems security officer or an IBM i system administrator, you don’t want to miss this opportunity to learn about IBM i security best practices.
We’ll discuss:
• Common IBM i security vulnerabilities
• Configuring the security capabilities of the IBM i
• Implementing network security, access control, cryptography and more
Another day, another CVE exploited by our favorite cyber adversaries. This time, the spotlight is on CVE-2023-42793, and let's just say, it's not getting rave reviews from the cybersecurity community.
TeamCity, for those not in the loop, is the Swiss Army knife for software developers, handling everything from compiling code to tying it up with a pretty bow. But, plot twist, it turns out to be the perfect backdoor for our cyber villains to waltz right in.
With all seriousness, the document aims to shed light on the critical cybersecurity threats posed by the exploitation of JetBrains TeamCity software. The ultimate goal is to enhance organizational cybersecurity postures, safeguarding against similar threats and contributing effectively to the collective defense against sophisticated cyber espionage activities.
-------
This document provides aт analysis of the Exploiting JetBrains TeamCity CVE advisory, as detailed in the Defense.gov publication. The analysis delves into various critical aspects of cybersecurity, focusing on the exploitation of CVEs to gain initial access to networks, deployment of custom malware.
This analysis serves as a valuable resource for cybersecurity professionals, software developers, and stakeholders in various industries, offering a detailed understanding of the tactics, techniques, and procedures (TTPs) employed by cyber actors. By providing a qualitative summary of the advisory, this document aims to enhance the cybersecurity posture of organizations, enabling them to better protect against similar threats and contribute to the collective defense against state-sponsored cyber espionage activities.
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...Area41
The talk will show you the techical details of Stuxnet in their full glory and make you appreciate this work of engineering more. Based on a code-level analysis of the Stuxnet PLC payload, the presentation will explain techniques therein that can be used for industrial espionage and sabotage by copycat attackers against competitor's production facilities. Currently recommended defenses, their shortcomings and alternative approaches will also be discussed.
Bio: Felix 'FX' Lindner is founder and technical lead of the Recurity Labs GmbH consulting and research team. He is also the leader of the Phenoelit group and loves to hack pretty much everything with a CPU and some communication, preferably networked. He looks back at 15+ years of (legal) hacking with only a couple Cisco IOS and SAP remote exploits, tools for hacking HP printers and protocol attacks lining the road.
Quick set of commonly asked Cybersecurity interview questions.
Questions are categorized into three main area in the order of level of difficulty (Beginner, Intermediate and Advanced).
Hyper links are given at the top of the page to quick jump to the desired level, you would have to download the document to access the hyperlinks.
Similar to Cybersecurity concepts & Defense best practises (20)
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
3. Definition
Cybersecurity Domain is a collection of best
practices,Technologies,Frameworks & Standards to
protect an enterprise,organization ,Govt
entities,Military establishment,Individual user from
global cyber threats(Theft Identity,Cybertheft,Cyber-
ransom,Infrastructure damage) resulting in either
Financial,Economical,Copyright Information,Personal
identity,Infrastructure loss.
3
4. Major Cybersecurity standards
NIST Cybersecurity Framework (De-facto standard)
ISO 27001 (Information Security Management
Framework)
ISACA COBIT5
NIST SP800-53
NIST SP800-30
ISA 62443
ISO 27005
The Cybersecurity standards were first adopted in the Seoul (South Korea) Conference on
Global Cybersecurity in 2013
4
5. Cybersecurity holistic view
Manage physical access to IT Infrastructure
Manage sensitive documents and output Devices
Monitor the Infrastructure for security related Events
Protect against Malware (*** Most challenging )
Manage Network and Connectivity security
Manage User Identity and logical access
Protect critical and vital Infrastructure (Banks,Vital
Industrial installations,IT,Nuclear power,Dams,Defense)
5
6. Cybersecurity Lifecycle
The Cybersecurity Lifecycle can be described aptly by the
below (Figure-1) which decomposes the various stages .
6
(1) Identify
Business
outcomes
(2)Understand
Vulnerabilities
Threats
(3)Create
current profile
(4)Conduct Risk
assessments
(5)Apply
Controls
(6)Create
Target profile
(7)Determine/
prioritize gaps
(8)Implement
plan
(9)Report to
stakeholders
(10)Continuous
monitoring
Cyber security Lifecycle
7. Risk actions
7
Risk Actions: The most generally accepted Actions on
Risk Management Cycle are:
(1) Risk Acceptance
(2) Risk Transfer
(3) Risk Avoidance
(4) Risk Mitigation – Most practised action
Depending on Risk Appetite/Risk Tolerance threshold
of an Organisation
These are drawn from the ISO 27001 Standard for ISMS
which is the most widely used and accepted standard
on IT Security involving Risk Management processes
9. Threat to Cyberdefense
9
The damage caused by threats to Cyberdefense can be
characterized by loss of “Confidentiality, Integrity or
availability (CIA)”, the basic model of Data Security as
practiced in ISO27001/27002 and other globally accepted
standards
10. Hackers profile
The different type of Hackers are:
Individual Hacker
State Sponsored (With Political & Military Agenda)
Cyber Criminals (Organised Mafia)
10
11. Hacker Kill Chain
The USA Aeronautics Major Lockheed Martin – Kill Chain
methodology describes seven steps from reconnaissance
through actions on the objectives and recommends defenses
be designed to align with each of the seven steps in the process
below:
11
12. Summary of Kill Chain
Reconnaissance:
Finding the Host,Internet Website,Domain
Do IP Address Scan of the Business Domain
Do Port Scan of the Active hosts
Automated scanning by Botnets (Compromised
Systems)
Locate Network Topology and identify potential
access control Devices
12
13. Summary of Kill Chain(Cont’d)
Weaponization:
Identify the Vulnerability
Initiate the Attack
Coupling a remote access Trojan(RAT) with an
Exploit into a deliverable payload,typically by means
of an automated tool (The commonly used
weaponizer are Adobe PDF and Microsoft Office
documents)
Delivery:
Transmission of Weapon to the targeted environment
Three most prevalent delivery vectors for weaponzied
payloads are – Emails,Compromised Web Sites & USB
removal media
13
14. Summary of Kill Chain (Cont’d)
Exploitation:
Email,Website &USB explore a Vulnerability on
launch and Hacket gets remote access to admin Shell
Exploitation targets Operating System or Application
vulnerability
Installation:
Install Malware(Malicious Code) into Memory,Disk
or Operating System Kernel,modify windows
registry,modify Unix Kernel
Allow installation of remote access Trojan or
backdoor on the victim system
14
15. Summary of Kill Chain (Cont’d)
Command & Control (C2):
Compromised system/hosts beacon back to the Master
Controller to establish C2 Channel
Hacker gains complete control of the compromised system
Intruders have “hands on the keyboard” access to the
targeted environment
Action:
This Activity is data exfiltration that involves
collecting,encrypting and extraction information (e,g
Deface Website,Steal Credit Card Information,Steal
Copyright Information,Steal IE passwords,Modify Banking
websites,Steal medical records) etc
15
16. BOTNET Attack(Automated)
These days professional Hackers,Malware developers,Cyber
Criminals work in tandem to develop automated Tools to
initiate a Cyber Attack against the intended victim/host.The
mechanism is to install remote access Trojan(RAT) on
compromised system(BOTNETS) which could number in
thousands and then initiate the attack in phases as shown in
Figure- 2 (next page)
Key Components of a BOTNET Attack:
BOTNET Construction Kit
Command & Control Capability
Remote Access Trojan(RAT)
Custom developed Malware(Malicious Code) for the
intended Victim/Host
(Example BOTNET Attacks - ZEUS,CITADEL,GO ZEUS) 16
23. SOC Components
Lately SOC has become an integral part of any
Organisation to protect itself from Cyber attacks and
detect/correct/recover from a Cyber Incident in the
quickest span of time without further damage to its
reputation. The critical components of a SOC are:
IDS/IPS Infrastructure
Firewall Infrastructure
SIEM (Security Information and Event Monitoring
System)
Logging and Alerting mechanism
Security Incident Processes
Forensics capability
User Training & Retention
Managing Evidence 23
25. Cybersecurity Architecture
25
• Network Security
• Identity,Authentication and Access Management
• Data Protection and Cryptography
• Monitoring Vulnerability & Patch Management
• High Availablity,Disaster Recovery & Physical
protection
• Asset Management & Supply Chain
• Policy,Audit,E-Discover & Training
• Systems Adminstration
• Application Security
• Endpoint,Server & Device Security
Cybersecurity
Architecture
The Cyber Architecture consists of the following components:
26. Defense in Depth(DOD)
This is the most common practice employed by
Organisation to create and implement a multilayered
approach to Cybersecurity.It is described by the following
process (Figure-3) and can be implemented at various
layers of the Network Infrastructure
26
.
27. 9 Basic steps of Cybersecurity
These are the guidelines to follow while drawing up a
comprehensive Cybersecurity program in an Organisation
#1 : Explore the Legislation and other requirements
#2: Define the Business benefits and get top Management
support (Very Important)
#3: Setting the Cybersecurity requirements
#4: Choosing the framework for Cybersecurity Implementation
#5:Organizing the Implementation(Setting up Teams,PM
Resources,Project Charter,Budget etc)
#6: Risk Assessment & Mitigation (Applying Controls)
#7: Implementation of Controls
#8: Training & Awareness
#9: Continuous Monitoring and Checks
and Reporting to Senior Management (C Level Executives)
27
28. Cybersecurity operational processes
To maintain an effective Cybersecurity posture,the CISO
should maintain a number of enterprise operational
processes to include the following:
Policies and Policies Exception Management
Project and Change Security Reviews
Risk Management
Control Management
Auditing and Deficiency Tracking
Asset Inventory and audit
Change Control
Configuration Management Database Re-Certification
Supplier reviews and Risk assessments
28
35. Network perimeter best security practises
Restrict use of administrative utilities(e,g Microsoft Management
Console)
Use secure File permission system i.e NTFS & UFS File System
Manage Users properly especially the Admin Accounts on Unix &
Windows machines
Perform Effective Group Management for – Admin,Print,Power,Server
operator & Normal Users in Windows 2000 O.S
Enforce strong password policy,password aging for Users
Enable Windows O.S and Unix O.S logging facility
Eliminate unnecessary Accounts (especially the Employee’s who
have left the Organisation)
Disable Resource sharing service and remove hidden administrative
shares – C$,ADMIN$,WIN NT$ in older version of Windows O.S
Disable unneeded Service in Unix – Telnet,Finger ,tftp,NTP(Network
Time protocol)
Applications should use the latest Security patches in Production
Environment
35
36. Network perimeter best security practises
Enforce using NAT(Network Address Translation) & PAT(Port Address
Translation) in internal Network (Firewalls & Routers)
Enable DNS Spoofing,DOS Attacks (Smurf & Direct Broadcast
Attacks) mitigation policies on Gateway Routers via ACL and Cisco IOS
Enforce Best Industry practice of secure Application Coding to
mitigate “Buffer Overflow” Vulnerability in the Memory
Enforce strong password policy,password aging,lockout policy for
Application Databases (Oracle,Sybase)
Install latest O.S and Application patches as soon they are available
from Vendors
Install latest Security patches for Browsers,Flash Players,Microsoft
Applications
Update the Anti-Virus & IDS/IPS /HIDS Signatures on frequent basis
Update the Business Continuity/DR Plan and keep latest backup of all
critical Servers
36
37. Network perimeter best security practises
Update and Install latest Security patches for Application
Gateways(Proxies),Web Filltering Devices,Firewalls
Check the Logs daily on Firewalls,IPS/IDS,HIDS for any Security
Incident triggered by any malicious Activity
Implement Industry Best practices to secure the Network (NIST
Guidelines,SANS 20 Critical Security Controls,NSA Guidelines etc)
Place the Mission Critical Web Servers (User Interface) on a Screened
Subnet,DMZ and the backend Application Server & Oracle Database
Server in the internal Network
Change the Default Password of SNMP Community string on Network
Devices
37
40. CASE STUDY – Cyber attack secure design
Design Features:
Border Router:A Gateway Router connects the network to the
Internet and provides basic Filtering through ACL(Access
Control Lists) on Ingress & Egress Interfaces
Just behind the Gateway Router is Stateful Inspection Firewall
that enforces the majority of access control of the network
Public services and private services have been separated by
putting them on different network segments (DMZ,Corporate &
Screened Subnet)
Split DNS is being used on public DNS Server and it provides
Name resolution for public services only
Intrusion Detection Systems(IDS) are located on the
public,private,network perimeter end points to watch for
unusual activity
The Front end Application Web server is on the Screened Subnet
and the backed Oracle DB Server is behind the Internal Firewall
40
41. CASE STUDY – Cyber attack secure design
Host based IDS(HIDS) complement the Network by adding
additional layer of security and are placed on the individual
mission critical servers(Anti-Virus,Email Proxy,Web
Proxy,Internal Email Server,Oracle DB Server) to monitor the
systems network activity,log files,Files Systems Integrity and
User actions.A host based IDS will also detect and generate an
alarm when it detects escalation of privileges for a Guest user to
Admin Account
Host based IDS can help detect attacks that network IDS evasion
techniques
Host based IDS is also useful for correlating attacks picked up by
Network sensors
All security log entries are sent to the SIEM(Security Information
and Event Monitoring System) for Data Analysis and
Forensics.The SIEM generates an Alert when suspicious activity
is detected
For the Remote Office users all their Laptops are installed with
Personal Firewalls to mitigate/detect Hacker entry through
backdoor channels
41
42. CASE STUDY – Cyber attack secure design
All configuration of security devices is performed from the
management console
Additionally one can install TACACS,RADIUS Servers to monitor
Users access on the Gateway Router and other mission critical
Servers
The sample Rule base configured for the above Network
Design on the Stateful Inspection Firewall can be as follows
(Illustrative purpose only): Next page
42
44. CONCLUSION
Conclusion Note:
The process to securing and making a perfect “Digital
World” is a ongoing continuous Journey ,and with ever
changing Modus operandi of the Hackers and the Cyber
Criminals globally,we always have to be one step forward in
the race to protect our Digital Assets,Intellectual
property,Identity,Infrastructure.
Thank You
(Wajahat Iqbal)
44