SlideShare a Scribd company logo

Mash f03-five infosec-lessons_from_the_great_generals_of_the_ancient_world

João Rufino de Sales
João Rufino de Sales

Liçoes dos grandes generais para seginfo

Business
1 of 53
Download to read offline
SESSION ID: #RSAC Kenneth Geers Five InfoSec Lessons from the Great Generals of the Ancient World MASH-F03 Ambassador NATO Cooperative Cyber Defence Centre of Excellence @kennethgeers Spencer Wolfe Head Security Research Writer ZeroFOX @wolfesp18
#RSAC Introduction “The bravest among us are surely those who have the clearest vision of what is before them, danger and glory alike, and yet notwithstanding, go out to meet it.” -Thucydides, The History of the Peloponnesian War
#RSAC What’s This Talk About, Again? 3 “Come then and let us pass a leisure hour in storytelling, and our stories shall become the education of our heroes.” --Plato, The Republic
#RSAC Mappetizer 4 Phase 1: Greece Phase 2: Alexander the Great Phase 3: Roman Empire
#RSAC Close Up: Greece 5 P E R S I A SPARTA ATHENS THEBES MACEDON
#RSAC The History of Greece in a Single Slide ROME?? POWER YEAR (BC) Athenian Golden Age (Periclean Athens) Spartan Hegemony Battle of Salamis (479) Theban Hegemony Battle of Aegospotami (405) Battle of Leuctra (371) Battle of Chaeronea (338) Battle of Gaugamela (331) Conquests of Alexander the Great Persia = Athens = Sparta = Thebes = Macedon = Key Rise of Macedon
#RSAC Lesson 1: Choose Your Battlefield Thermopylae, Salamis and the Greeks Fighting on Their Own Turf
#RSAC Leonidas & Themistocles 8 Warner Brothers Pictures, 2006 Warner Brothers Pictures, 2014
#RSAC The Greco-Persian Wars: 480-479 9 • Persia, under Xerxes, invades in Greece in 480 • Leonidas & the Spartans defend Thermopylae to the last man • In 479, the Persian navy is decisively defeated at Salamis by a Greek fleet led by Themistocles • Xerxes leaves, the rest of his army is destroyed at Plataea mapbox.com
#RSAC Thermopylae: The Bottleneck 10 “The Persians were roughly handled by the Spartans, since they used shorter spears than the Greeks and could not use their numbers fighting in a narrow space. The Spartans fought memorably, showing themselves skilled fighters amidst unskilled.” -Herodotus, Histories (VII, 211) Brian Martens – 11/8/2012 livius.org
#RSAC Salamis: Same Tactic, Different Element 11 “By engaging many ships with our few ships in the strait, we shall win a great victory. If the war turns out reasonably, it is to our advantage to fight in the strait and to their advantage to fight in the open ocean.” - Themistocles, from: Herodotus, Histories (VII, 60) www.arsbellica.it
#RSAC Who cares? You do.POWER YEAR (BC) Battle of Salamis (479) Persia = Athens = Sparta = Thebes = KeyThings that might not have happened: • Democracy • Greek philosophy (Socrates, Plato, Aristotle) • Greek literature (The Iliad, The Odyssey) • Greek theater (Aeschylus, Sophocles, Euripides, Aristophanes) • Greek history (Herodotus, Thucydides, Xenophon) • Greek art • Greek medicine • The Rise of Rome • Christianity • Western Civilization….? Athenian Golden Age (Periclean Athens)
#RSAC What this means for you 13 You know your system better than anyone, so… Where is your Thermopylae? Where is your Salamis? Where do you choose to fight?
#RSAC Lesson #1: Choose your battlefield • Cyber terrain • USG: decrease # of nets, homogenize • Risk: all eggs in one basket • Utopia vs. Big Brother • Elections and surveillance • Belarus, China, Russia, Zimbabwe • Creativity on cyber defense • Code Red worm vs. MS IIS web server (2001) • Bot army: 359,000 infected servers • DoS Target: White House website • Techies “blackholed” the attack
#RSAC Lesson #1: Choose your battlefield • Strategy before tactics • Crown jewels • Traffic analysis • Alice, Bob, Charlie • Old paradigm • Defined perimeter • New paradigm • Undefined perimeter, social media • Compartmentalization • Assume insider / penetration
#RSAC Lesson 2: Be Original Epaminondas Beats the “Unbeatable” Spartans
#RSAC Greece divided (again) 17 Greece after 479 • 479-431: Athenian Golden Age • 431-405: Peloponnesian War, fought between Athens and Sparta • Sparta defeats Athens • 405-371: Spartan Hegemony • 371: Thebes defeats Sparta at the Battle of Leuctra
#RSAC The Greek Phalanx 18 • Rounds shields called hoplons • Overhand spear • Short sword called a xiphos • Shields overlap one another, forming a solid block • Opposing forces clash and try to push one another off the field • 8-12 men deep Ancientgreekbattles.net
#RSAC Oblique Formation: Leuctra, 371BC 19 “The Spartans led each half-company three files abreast, and this resulted in the phalanx being not more than twelve men deep. The Thebans, however, were massed not less than fifty shields deep, calculating that if they conquered that part of the army around the king, all the rest of it would be easy to overcome.” - Xenophon, Hellenica Wikimedia commons
#RSAC What this means for you 20 Pitched battles and cybersecurity are games of wit. Originality is your ace in the hole.
#RSAC Lesson #2: Be original • ZeroDay philosophy • Element of surprise • Home field advantage • Unique defense • SEC vs. Pac-12 • Best players on defense • Art of War chapter 13 • Collect evidence • The “Moscow Rules” • Muhammed Ali
#RSAC Lesson #2: Be original • What is malware? • Characteristics, signatures, behavior • Known vs. novel • Analysis • AV, sandboxing, white/blacklisting • OK to reject safe programs • Limitations • Complexity, obfuscation, time • Simplistic: malicious / non-malicious • Education • Awareness, policy, enforcement
#RSAC Lesson 3: Know Thy Enemy The Brilliant Statesmanship of Phillip II
#RSAC Humble Beginnings, 359BC 24
#RSAC Philip of Macedon 25 Historyofmacedonia.org Warner Brothers Pictures, 2004
#RSAC Quadruple Threat 26 Dardanians Paionians Thracians Athenians Noun Project credits: Francielly Costantin Senra Joshua McMahan Creative Stall Divya Kulshreshtha
#RSAC Macedon from 359-338 BC 27 359BC 338BC
#RSAC Lesson: know thy enemy 28 “If you know your enemies and yourself, you will not be imperiled in a hundred battles ... if you neither know your enemies nor yourself, you will be imperiled in every single battle.” - Sun Tzu, The Art of War
#RSAC Lesson #3: Know Thy Enemy • 1980s: Cuckoo’s Egg • 1990s: Moonlight Maze • 1990s: Chechnya • 1999: Kosovo • 2007: Estonia • 2008: Georgia • 2009: Kyrgyzstan • 2010: Microsoft • 2011: Azerbaijan • 2012: Red October • 2013: Lithuania • 2014: Ukraine • 2015: Turkey
#RSAC Lesson #3: Know Thy Enemy • Analysis • Data -> information -> intelligence • Geopolitical insight • Technical + non-technical • Modelling • Physics, analogies, napkins • The “attribution” problem • APT vs. APT • Logic • Think horses, then zebras
#RSAC Lesson 4: Lead from the Front The Conquests of Alexander the Great
#RSAC Alexander the Great 32 Artcreationforver.com Warner Brothers Pictures, 2004
#RSAC The Conquests of Alexander 33 334BC 323BC
#RSAC Follow the Leader 34 • 334: Alexander crosses into Asia • 334-332: Wins a streak of major victories • Founds Alexandria in Egypt • 331: Defeats Darius, king of the Persians at the Battle of Gaugamela • Enters Babylon • Travels as far east as the Hindu Kush and the Indus River • 326: Troops beg Alexander to turn back • Returns to Babylon via the Persian Gulf • 323: Dies at age 32 Pbase.com
#RSAC Follow the Leader 35 Wikipedia commons
#RSAC Lesson #4: Lead from the Front • Alexander the GEEK • DIRNSA / CYBERCOM 2005-2014 • Education • 4 Masters: EW, physics, strategy, business • USMA ‘74: Petraeus (CIA), Dempsey (JCS) • Dominant personality • Like Hoover • 10th Fleet, 24th Air Force, 2nd Army • 40,000+ geek soldiers • SIGINT today • Proactive deterrence • Massive mission expansion • Cyber “fire support”
#RSAC Lesson #4: Lead from the Front • Cyber weapons • Nukes of 21st century? • Rated ahead of terrorism • NSA / CYBERCOM • Line blurring between traditional, digital • Defend private sector? • Alexander controversy • Collection on US citizens • US Congressman: “mockery of oversight” • Militant on secrecy, leaks • Iran counterattack post-Stuxnet • Saudi Aramco, RasGas, Wall Street • DHS: US energy should be on alert
#RSAC Lesson 5: Fight Fire With Fire Rome Reverse Engineers Carthage’s Tactics
#RSAC Fast forward 100 years 39
#RSAC Hannibal Barca 40 Ancienthistorylist.com
#RSAC Act I: Elephants don’t belong in snow 41 The Punic Wars • Carthage enters Spain, Rome declares war under false pretenses • 218: Hannibal takes his army, with elephants, over the Alps & invades Italy • 216: Rome and Carthage fight the Battle of Cannae
#RSAC The Battle of Cannae, 218BC 42 “As the outer ranks fell, and the rest were gradually huddled in and surrounded, they were all killed where they stood. While this murderous combat was going on, the Carthaginians killed most of the cavalry and unseated others. Some 70,000 died bravely.” - Polybius, The Histories dcc.dickinson.edu
#RSAC Scipio Africanus 43 Peoplecheck.deLeopard.booklikes.com
#RSAC Act II: Return of the Romans 44
#RSAC The Battle of Ilipa, 206BC 45 1: Crying wolf 3: The battle2: The wolf Wikipedia commons
#RSAC What this means for you 46 Don’t just know thy enemy. Act like them.
#RSAC Lesson #5: Think like a hacker • Cliff Stoll, SysAdmin vs. KGB (1986) • Astronomer, inventor, physics teacher • Followed $0.75 around the world • Stoll gaffes • Doubted e-commerce, e-media • Pioneer in digital forensics • Honeypot: “SDInet” • Teleprinter recorded everything • GNU Emacs vuln gave root access • Capture of hacker Markus Hess • Breached US military
#RSAC Lesson #5: Think like a hacker • What is this thing? • How does it work? • What else does it do? • Is it secure? • Can I break it? • Can I improve it? • Can I own it?
#RSAC Conclusion: The Modern Perimeter The Fall of the Roman Empire
#RSAC Height of the Roman Empire: 200AD 50
#RSAC Advance Persistent Threat: Barbarians 51 The Fall of Rome • The borders are immense and incredibly difficult to police • Threats from the East & North • When one army is in trouble, others can’t come to their aid • Political infighting divides the empire – split in two • Rome sacked twice • Last Roman emperor killed in 476 Wikipedia commons
#RSAC Parallel Lives 52 Classical Greece Phillip & Alexander Fragmentation The Rise of Rome The Fall of Rome Early InfoSec Dot Com Era InfoSec Start-ups InfoSec Expands Modern Landscape
#RSAC Drop us a line 53 zerofox.com @zerofox Spencer Wolfe @wolfesp18 spencer@zerofox.com Dr. Kenneth Geers @kgeers kgeers@zerofox.com

Recommended

Hum2220 1800 roman gladiators
Hum2220 1800 roman gladiatorsHum2220 1800 roman gladiators
Hum2220 1800 roman gladiatorsProfWillAdams
 
Lean Security - RSA 2016
Lean Security - RSA 2016Lean Security - RSA 2016
Lean Security - RSA 2016Ernest Mueller
 
The InfoSec Avengers
The InfoSec AvengersThe InfoSec Avengers
The InfoSec AvengersTripwire
 
Laplacian Probability Models for InfoSec Likelihood Calculations
Laplacian Probability Models for InfoSec Likelihood CalculationsLaplacian Probability Models for InfoSec Likelihood Calculations
Laplacian Probability Models for InfoSec Likelihood CalculationsJordan Schroeder
 
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...North Texas Chapter of the ISSA
 
Law w04-global cybersecurity-laws_regulations_and_liability
Law w04-global cybersecurity-laws_regulations_and_liabilityLaw w04-global cybersecurity-laws_regulations_and_liability
Law w04-global cybersecurity-laws_regulations_and_liabilityJoão Rufino de Sales
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
 
Keith Fricke - CISO for an Hour
Keith Fricke - CISO for an HourKeith Fricke - CISO for an Hour
Keith Fricke - CISO for an Hourcentralohioissa
 

Recommended

Hum2220 1800 roman gladiators
Hum2220 1800 roman gladiatorsHum2220 1800 roman gladiators
Hum2220 1800 roman gladiatorsProfWillAdams
 
Lean Security - RSA 2016
Lean Security - RSA 2016Lean Security - RSA 2016
Lean Security - RSA 2016Ernest Mueller
 
The InfoSec Avengers
The InfoSec AvengersThe InfoSec Avengers
The InfoSec AvengersTripwire
 
Laplacian Probability Models for InfoSec Likelihood Calculations
Laplacian Probability Models for InfoSec Likelihood CalculationsLaplacian Probability Models for InfoSec Likelihood Calculations
Laplacian Probability Models for InfoSec Likelihood CalculationsJordan Schroeder
 
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...
NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...North Texas Chapter of the ISSA
 
Law w04-global cybersecurity-laws_regulations_and_liability
Law w04-global cybersecurity-laws_regulations_and_liabilityLaw w04-global cybersecurity-laws_regulations_and_liability
Law w04-global cybersecurity-laws_regulations_and_liabilityJoão Rufino de Sales
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
 
Keith Fricke - CISO for an Hour
Keith Fricke - CISO for an HourKeith Fricke - CISO for an Hour
Keith Fricke - CISO for an Hourcentralohioissa
 
Ancient Greece. Its political and military system
Ancient Greece. Its political and military systemAncient Greece. Its political and military system
Ancient Greece. Its political and military systemFrasatToufique2
 
Gnhu282romanspectacles
Gnhu282romanspectaclesGnhu282romanspectacles
Gnhu282romanspectaclesPrudence Jones
 
Early Greeks
Early GreeksEarly Greeks
Early GreeksPinecrest Academy Nevada
 
Week 5 (Early Greece)
Week 5 (Early Greece)Week 5 (Early Greece)
Week 5 (Early Greece)Steve Santelli
 
Role play
Role playRole play
Role playiteclearners
 
Area 51 and the Legend of Excalibur
Area 51 and the Legend of ExcaliburArea 51 and the Legend of Excalibur
Area 51 and the Legend of ExcaliburBob Mayer
 
The 7 wonders.lesson
The 7 wonders.lessonThe 7 wonders.lesson
The 7 wonders.lessonSergey70
 
History of cryptography
History of cryptographyHistory of cryptography
History of cryptographyFarah Shaikh
 
General Quiz Finals at Eclectiza, Thapar University 2016
General Quiz Finals at Eclectiza, Thapar University 2016General Quiz Finals at Eclectiza, Thapar University 2016
General Quiz Finals at Eclectiza, Thapar University 2016RisHi Raj
 
Ms. McInnes- Persepolis Powerpoint
Ms. McInnes- Persepolis PowerpointMs. McInnes- Persepolis Powerpoint
Ms. McInnes- Persepolis PowerpointMissMcInnes
 
World / European History Unit 2 -- Ancient Greece
World / European History Unit 2 -- Ancient GreeceWorld / European History Unit 2 -- Ancient Greece
World / European History Unit 2 -- Ancient GreeceJoseph Florencio
 
Introduction to the ancient Greek civilization
Introduction to the ancient Greek civilizationIntroduction to the ancient Greek civilization
Introduction to the ancient Greek civilizationAurora Computer Studies
 
Red Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityRed Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityEnergySec
 
6.6 - Bread And Circuses (chariot racing and gladiators)
6.6 - Bread And Circuses (chariot racing and gladiators)6.6 - Bread And Circuses (chariot racing and gladiators)
6.6 - Bread And Circuses (chariot racing and gladiators)Dan Ewert
 
The seven wonders of the world1
The seven wonders of the world1The seven wonders of the world1
The seven wonders of the world1Сергей Лосинский
 
The seven wonders of the world1
The seven wonders of the world1The seven wonders of the world1
The seven wonders of the world1Sergey70
 
CQC Open2013 Finals
CQC Open2013 FinalsCQC Open2013 Finals
CQC Open2013 FinalsAshwin Balasubramaniam
 
thesis.pdf
thesis.pdfthesis.pdf
thesis.pdfccrabbit1999
 
Ancient Greece.ppt
Ancient Greece.pptAncient Greece.ppt
Ancient Greece.pptCyrilleGustilo
 
Ancient Greece.ppt
Ancient Greece.pptAncient Greece.ppt
Ancient Greece.pptCyrilleGustilo
 
Gartners top-10-strategic-technology-trends-for-2018-brazil-v2
Gartners top-10-strategic-technology-trends-for-2018-brazil-v2Gartners top-10-strategic-technology-trends-for-2018-brazil-v2
Gartners top-10-strategic-technology-trends-for-2018-brazil-v2João Rufino de Sales
 
Relatorio de auditoria n 201602722 Ministerio do trabalho e emprego
Relatorio de auditoria n 201602722 Ministerio do trabalho e empregoRelatorio de auditoria n 201602722 Ministerio do trabalho e emprego
Relatorio de auditoria n 201602722 Ministerio do trabalho e empregoJoão Rufino de Sales
 

More Related Content

Similar to Mash f03-five infosec-lessons_from_the_great_generals_of_the_ancient_world

Ancient Greece. Its political and military system
Ancient Greece. Its political and military systemAncient Greece. Its political and military system
Ancient Greece. Its political and military systemFrasatToufique2
 
Gnhu282romanspectacles
Gnhu282romanspectaclesGnhu282romanspectacles
Gnhu282romanspectaclesPrudence Jones
 
Area 51 and the Legend of Excalibur
Area 51 and the Legend of ExcaliburArea 51 and the Legend of Excalibur
Area 51 and the Legend of ExcaliburBob Mayer
 
The 7 wonders.lesson
The 7 wonders.lessonThe 7 wonders.lesson
The 7 wonders.lessonSergey70
 
History of cryptography
History of cryptographyHistory of cryptography
History of cryptographyFarah Shaikh
 
General Quiz Finals at Eclectiza, Thapar University 2016
General Quiz Finals at Eclectiza, Thapar University 2016General Quiz Finals at Eclectiza, Thapar University 2016
General Quiz Finals at Eclectiza, Thapar University 2016RisHi Raj
 
Ms. McInnes- Persepolis Powerpoint
Ms. McInnes- Persepolis PowerpointMs. McInnes- Persepolis Powerpoint
Ms. McInnes- Persepolis PowerpointMissMcInnes
 
World / European History Unit 2 -- Ancient Greece
World / European History Unit 2 -- Ancient GreeceWorld / European History Unit 2 -- Ancient Greece
World / European History Unit 2 -- Ancient GreeceJoseph Florencio
 
Introduction to the ancient Greek civilization
Introduction to the ancient Greek civilizationIntroduction to the ancient Greek civilization
Introduction to the ancient Greek civilizationAurora Computer Studies
 
Red Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityRed Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityEnergySec
 
6.6 - Bread And Circuses (chariot racing and gladiators)
6.6 - Bread And Circuses (chariot racing and gladiators)6.6 - Bread And Circuses (chariot racing and gladiators)
6.6 - Bread And Circuses (chariot racing and gladiators)Dan Ewert
 
The seven wonders of the world1
The seven wonders of the world1The seven wonders of the world1
The seven wonders of the world1Sergey70
 

Similar to Mash f03-five infosec-lessons_from_the_great_generals_of_the_ancient_world (20)

Ancient Greece. Its political and military system
Ancient Greece. Its political and military systemAncient Greece. Its political and military system
Ancient Greece. Its political and military system
 
Gnhu282romanspectacles
Gnhu282romanspectaclesGnhu282romanspectacles
Gnhu282romanspectacles
 
Early Greeks
Early GreeksEarly Greeks
Early Greeks
 
Week 5 (Early Greece)
Week 5 (Early Greece)Week 5 (Early Greece)
Week 5 (Early Greece)
 
Role play
Role playRole play
Role play
 
Area 51 and the Legend of Excalibur
Area 51 and the Legend of ExcaliburArea 51 and the Legend of Excalibur
Area 51 and the Legend of Excalibur
 
The 7 wonders.lesson
The 7 wonders.lessonThe 7 wonders.lesson
The 7 wonders.lesson
 
History of cryptography
History of cryptographyHistory of cryptography
History of cryptography
 
General Quiz Finals at Eclectiza, Thapar University 2016
General Quiz Finals at Eclectiza, Thapar University 2016General Quiz Finals at Eclectiza, Thapar University 2016
General Quiz Finals at Eclectiza, Thapar University 2016
 
Ms. McInnes- Persepolis Powerpoint
Ms. McInnes- Persepolis PowerpointMs. McInnes- Persepolis Powerpoint
Ms. McInnes- Persepolis Powerpoint
 
World / European History Unit 2 -- Ancient Greece
World / European History Unit 2 -- Ancient GreeceWorld / European History Unit 2 -- Ancient Greece
World / European History Unit 2 -- Ancient Greece
 
Introduction to the ancient Greek civilization
Introduction to the ancient Greek civilizationIntroduction to the ancient Greek civilization
Introduction to the ancient Greek civilization
 
Red Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityRed Teaming and Energy Grid Security
Red Teaming and Energy Grid Security
 
6.6 - Bread And Circuses (chariot racing and gladiators)
6.6 - Bread And Circuses (chariot racing and gladiators)6.6 - Bread And Circuses (chariot racing and gladiators)
6.6 - Bread And Circuses (chariot racing and gladiators)
 
The seven wonders of the world1
The seven wonders of the world1The seven wonders of the world1
The seven wonders of the world1
 
The seven wonders of the world1
The seven wonders of the world1The seven wonders of the world1
The seven wonders of the world1
 
CQC Open2013 Finals
CQC Open2013 FinalsCQC Open2013 Finals
CQC Open2013 Finals
 
thesis.pdf
thesis.pdfthesis.pdf
thesis.pdf
 
Ancient Greece.ppt
Ancient Greece.pptAncient Greece.ppt
Ancient Greece.ppt
 
Ancient Greece.ppt
Ancient Greece.pptAncient Greece.ppt
Ancient Greece.ppt
 

More from João Rufino de Sales

Gartners top-10-strategic-technology-trends-for-2018-brazil-v2
Gartners top-10-strategic-technology-trends-for-2018-brazil-v2Gartners top-10-strategic-technology-trends-for-2018-brazil-v2
Gartners top-10-strategic-technology-trends-for-2018-brazil-v2João Rufino de Sales
 
Relatorio de auditoria n 201602722 Ministerio do trabalho e emprego
Relatorio de auditoria n 201602722 Ministerio do trabalho e empregoRelatorio de auditoria n 201602722 Ministerio do trabalho e emprego
Relatorio de auditoria n 201602722 Ministerio do trabalho e empregoJoão Rufino de Sales
 
Revista verde oliva nº 236 previdencia
Revista verde oliva nº 236 previdenciaRevista verde oliva nº 236 previdencia
Revista verde oliva nº 236 previdenciaJoão Rufino de Sales
 
Claudio melo-filho- sem-marca-de-revisa-o_
Claudio melo-filho- sem-marca-de-revisa-o_Claudio melo-filho- sem-marca-de-revisa-o_
Claudio melo-filho- sem-marca-de-revisa-o_João Rufino de Sales
 
2016 cost of data breach study brasil
2016 cost of data breach study brasil2016 cost of data breach study brasil
2016 cost of data breach study brasilJoão Rufino de Sales
 
Gestão integrada gsidsicabin 24jun2016
Gestão integrada gsidsicabin 24jun2016Gestão integrada gsidsicabin 24jun2016
Gestão integrada gsidsicabin 24jun2016João Rufino de Sales
 
Requisitos sistema GED informações classificadas
Requisitos sistema GED informações classificadasRequisitos sistema GED informações classificadas
Requisitos sistema GED informações classificadasJoão Rufino de Sales
 
Mensagem alusiva 77 anos da Casa Militar de Presidência da República
Mensagem alusiva 77 anos da Casa Militar de Presidência da RepúblicaMensagem alusiva 77 anos da Casa Militar de Presidência da República
Mensagem alusiva 77 anos da Casa Militar de Presidência da RepúblicaJoão Rufino de Sales
 
Credenciamento de Segurança e Tratamento da Informação Classificada na Admini...
Credenciamento de Segurança e Tratamento da Informação Classificada na Admini...Credenciamento de Segurança e Tratamento da Informação Classificada na Admini...
Credenciamento de Segurança e Tratamento da Informação Classificada na Admini...João Rufino de Sales
 
Cartilha Seguranca Cibernetica - FIESP
Cartilha Seguranca Cibernetica - FIESPCartilha Seguranca Cibernetica - FIESP
Cartilha Seguranca Cibernetica - FIESPJoão Rufino de Sales
 
A Tecnologia da Informação e a Segurança Pública
A Tecnologia da Informação e a Segurança PúblicaA Tecnologia da Informação e a Segurança Pública
A Tecnologia da Informação e a Segurança PúblicaJoão Rufino de Sales
 

More from João Rufino de Sales (20)

Gartners top-10-strategic-technology-trends-for-2018-brazil-v2
Gartners top-10-strategic-technology-trends-for-2018-brazil-v2Gartners top-10-strategic-technology-trends-for-2018-brazil-v2
Gartners top-10-strategic-technology-trends-for-2018-brazil-v2
 
Relatorio de auditoria n 201602722 Ministerio do trabalho e emprego
Relatorio de auditoria n 201602722 Ministerio do trabalho e empregoRelatorio de auditoria n 201602722 Ministerio do trabalho e emprego
Relatorio de auditoria n 201602722 Ministerio do trabalho e emprego
 
Revista verde oliva nº 236 previdencia
Revista verde oliva nº 236 previdenciaRevista verde oliva nº 236 previdencia
Revista verde oliva nº 236 previdencia
 
Claudio melo-filho- sem-marca-de-revisa-o_
Claudio melo-filho- sem-marca-de-revisa-o_Claudio melo-filho- sem-marca-de-revisa-o_
Claudio melo-filho- sem-marca-de-revisa-o_
 
Olimpiadas
OlimpiadasOlimpiadas
Olimpiadas
 
Apresentação gas e every ti
Apresentação gas e every tiApresentação gas e every ti
Apresentação gas e every ti
 
2016 cost of data breach study brasil
2016 cost of data breach study brasil2016 cost of data breach study brasil
2016 cost of data breach study brasil
 
Pesquisa 1 WTPIS
Pesquisa 1 WTPISPesquisa 1 WTPIS
Pesquisa 1 WTPIS
 
Evento gsi -ACECO
Evento gsi -ACECOEvento gsi -ACECO
Evento gsi -ACECO
 
Gestão integrada gsidsicabin 24jun2016
Gestão integrada gsidsicabin 24jun2016Gestão integrada gsidsicabin 24jun2016
Gestão integrada gsidsicabin 24jun2016
 
Raimundo ztec
Raimundo ztecRaimundo ztec
Raimundo ztec
 
Kryptus 1o wtpis v1
Kryptus 1o wtpis v1Kryptus 1o wtpis v1
Kryptus 1o wtpis v1
 
Nsc work
Nsc workNsc work
Nsc work
 
Requisitos sistema GED informações classificadas
Requisitos sistema GED informações classificadasRequisitos sistema GED informações classificadas
Requisitos sistema GED informações classificadas
 
Mensagem alusiva 77 anos da Casa Militar de Presidência da República
Mensagem alusiva 77 anos da Casa Militar de Presidência da RepúblicaMensagem alusiva 77 anos da Casa Militar de Presidência da República
Mensagem alusiva 77 anos da Casa Militar de Presidência da República
 
Relatório de levantamento 2015
Relatório de levantamento 2015Relatório de levantamento 2015
Relatório de levantamento 2015
 
Credenciamento de Segurança e Tratamento da Informação Classificada na Admini...
Credenciamento de Segurança e Tratamento da Informação Classificada na Admini...Credenciamento de Segurança e Tratamento da Informação Classificada na Admini...
Credenciamento de Segurança e Tratamento da Informação Classificada na Admini...
 
Cartilha Seguranca Cibernetica - FIESP
Cartilha Seguranca Cibernetica - FIESPCartilha Seguranca Cibernetica - FIESP
Cartilha Seguranca Cibernetica - FIESP
 
A Tecnologia da Informação e a Segurança Pública
A Tecnologia da Informação e a Segurança PúblicaA Tecnologia da Informação e a Segurança Pública
A Tecnologia da Informação e a Segurança Pública
 
III Seminário Internacional
III Seminário Internacional III Seminário Internacional
III Seminário Internacional
 

Recently uploaded

Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creationsnakalysalcedo61
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadAyesha Khan
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 

Recently uploaded (20)

Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creations
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 

Mash f03-five infosec-lessons_from_the_great_generals_of_the_ancient_world

  • 1. SESSION ID: #RSAC Kenneth Geers Five InfoSec Lessons from the Great Generals of the Ancient World MASH-F03 Ambassador NATO Cooperative Cyber Defence Centre of Excellence @kennethgeers Spencer Wolfe Head Security Research Writer ZeroFOX @wolfesp18
  • 2. #RSAC Introduction “The bravest among us are surely those who have the clearest vision of what is before them, danger and glory alike, and yet notwithstanding, go out to meet it.” -Thucydides, The History of the Peloponnesian War
  • 3. #RSAC What’s This Talk About, Again? 3 “Come then and let us pass a leisure hour in storytelling, and our stories shall become the education of our heroes.” --Plato, The Republic
  • 4. #RSAC Mappetizer 4 Phase 1: Greece Phase 2: Alexander the Great Phase 3: Roman Empire
  • 5. #RSAC Close Up: Greece 5 P E R S I A SPARTA ATHENS THEBES MACEDON
  • 6. #RSAC The History of Greece in a Single Slide ROME?? POWER YEAR (BC) Athenian Golden Age (Periclean Athens) Spartan Hegemony Battle of Salamis (479) Theban Hegemony Battle of Aegospotami (405) Battle of Leuctra (371) Battle of Chaeronea (338) Battle of Gaugamela (331) Conquests of Alexander the Great Persia = Athens = Sparta = Thebes = Macedon = Key Rise of Macedon
  • 7. #RSAC Lesson 1: Choose Your Battlefield Thermopylae, Salamis and the Greeks Fighting on Their Own Turf
  • 8. #RSAC Leonidas & Themistocles 8 Warner Brothers Pictures, 2006 Warner Brothers Pictures, 2014
  • 9. #RSAC The Greco-Persian Wars: 480-479 9 • Persia, under Xerxes, invades in Greece in 480 • Leonidas & the Spartans defend Thermopylae to the last man • In 479, the Persian navy is decisively defeated at Salamis by a Greek fleet led by Themistocles • Xerxes leaves, the rest of his army is destroyed at Plataea mapbox.com
  • 10. #RSAC Thermopylae: The Bottleneck 10 “The Persians were roughly handled by the Spartans, since they used shorter spears than the Greeks and could not use their numbers fighting in a narrow space. The Spartans fought memorably, showing themselves skilled fighters amidst unskilled.” -Herodotus, Histories (VII, 211) Brian Martens – 11/8/2012 livius.org
  • 11. #RSAC Salamis: Same Tactic, Different Element 11 “By engaging many ships with our few ships in the strait, we shall win a great victory. If the war turns out reasonably, it is to our advantage to fight in the strait and to their advantage to fight in the open ocean.” - Themistocles, from: Herodotus, Histories (VII, 60) www.arsbellica.it
  • 12. #RSAC Who cares? You do.POWER YEAR (BC) Battle of Salamis (479) Persia = Athens = Sparta = Thebes = KeyThings that might not have happened: • Democracy • Greek philosophy (Socrates, Plato, Aristotle) • Greek literature (The Iliad, The Odyssey) • Greek theater (Aeschylus, Sophocles, Euripides, Aristophanes) • Greek history (Herodotus, Thucydides, Xenophon) • Greek art • Greek medicine • The Rise of Rome • Christianity • Western Civilization….? Athenian Golden Age (Periclean Athens)
  • 13. #RSAC What this means for you 13 You know your system better than anyone, so… Where is your Thermopylae? Where is your Salamis? Where do you choose to fight?
  • 14. #RSAC Lesson #1: Choose your battlefield • Cyber terrain • USG: decrease # of nets, homogenize • Risk: all eggs in one basket • Utopia vs. Big Brother • Elections and surveillance • Belarus, China, Russia, Zimbabwe • Creativity on cyber defense • Code Red worm vs. MS IIS web server (2001) • Bot army: 359,000 infected servers • DoS Target: White House website • Techies “blackholed” the attack
  • 15. #RSAC Lesson #1: Choose your battlefield • Strategy before tactics • Crown jewels • Traffic analysis • Alice, Bob, Charlie • Old paradigm • Defined perimeter • New paradigm • Undefined perimeter, social media • Compartmentalization • Assume insider / penetration
  • 16. #RSAC Lesson 2: Be Original Epaminondas Beats the “Unbeatable” Spartans
  • 17. #RSAC Greece divided (again) 17 Greece after 479 • 479-431: Athenian Golden Age • 431-405: Peloponnesian War, fought between Athens and Sparta • Sparta defeats Athens • 405-371: Spartan Hegemony • 371: Thebes defeats Sparta at the Battle of Leuctra
  • 18. #RSAC The Greek Phalanx 18 • Rounds shields called hoplons • Overhand spear • Short sword called a xiphos • Shields overlap one another, forming a solid block • Opposing forces clash and try to push one another off the field • 8-12 men deep Ancientgreekbattles.net
  • 19. #RSAC Oblique Formation: Leuctra, 371BC 19 “The Spartans led each half-company three files abreast, and this resulted in the phalanx being not more than twelve men deep. The Thebans, however, were massed not less than fifty shields deep, calculating that if they conquered that part of the army around the king, all the rest of it would be easy to overcome.” - Xenophon, Hellenica Wikimedia commons
  • 20. #RSAC What this means for you 20 Pitched battles and cybersecurity are games of wit. Originality is your ace in the hole.
  • 21. #RSAC Lesson #2: Be original • ZeroDay philosophy • Element of surprise • Home field advantage • Unique defense • SEC vs. Pac-12 • Best players on defense • Art of War chapter 13 • Collect evidence • The “Moscow Rules” • Muhammed Ali
  • 22. #RSAC Lesson #2: Be original • What is malware? • Characteristics, signatures, behavior • Known vs. novel • Analysis • AV, sandboxing, white/blacklisting • OK to reject safe programs • Limitations • Complexity, obfuscation, time • Simplistic: malicious / non-malicious • Education • Awareness, policy, enforcement
  • 23. #RSAC Lesson 3: Know Thy Enemy The Brilliant Statesmanship of Phillip II
  • 25. #RSAC Philip of Macedon 25 Historyofmacedonia.org Warner Brothers Pictures, 2004
  • 26. #RSAC Quadruple Threat 26 Dardanians Paionians Thracians Athenians Noun Project credits: Francielly Costantin Senra Joshua McMahan Creative Stall Divya Kulshreshtha
  • 27. #RSAC Macedon from 359-338 BC 27 359BC 338BC
  • 28. #RSAC Lesson: know thy enemy 28 “If you know your enemies and yourself, you will not be imperiled in a hundred battles ... if you neither know your enemies nor yourself, you will be imperiled in every single battle.” - Sun Tzu, The Art of War
  • 29. #RSAC Lesson #3: Know Thy Enemy • 1980s: Cuckoo’s Egg • 1990s: Moonlight Maze • 1990s: Chechnya • 1999: Kosovo • 2007: Estonia • 2008: Georgia • 2009: Kyrgyzstan • 2010: Microsoft • 2011: Azerbaijan • 2012: Red October • 2013: Lithuania • 2014: Ukraine • 2015: Turkey
  • 30. #RSAC Lesson #3: Know Thy Enemy • Analysis • Data -> information -> intelligence • Geopolitical insight • Technical + non-technical • Modelling • Physics, analogies, napkins • The “attribution” problem • APT vs. APT • Logic • Think horses, then zebras
  • 31. #RSAC Lesson 4: Lead from the Front The Conquests of Alexander the Great
  • 32. #RSAC Alexander the Great 32 Artcreationforver.com Warner Brothers Pictures, 2004
  • 33. #RSAC The Conquests of Alexander 33 334BC 323BC
  • 34. #RSAC Follow the Leader 34 • 334: Alexander crosses into Asia • 334-332: Wins a streak of major victories • Founds Alexandria in Egypt • 331: Defeats Darius, king of the Persians at the Battle of Gaugamela • Enters Babylon • Travels as far east as the Hindu Kush and the Indus River • 326: Troops beg Alexander to turn back • Returns to Babylon via the Persian Gulf • 323: Dies at age 32 Pbase.com
  • 36. #RSAC Lesson #4: Lead from the Front • Alexander the GEEK • DIRNSA / CYBERCOM 2005-2014 • Education • 4 Masters: EW, physics, strategy, business • USMA ‘74: Petraeus (CIA), Dempsey (JCS) • Dominant personality • Like Hoover • 10th Fleet, 24th Air Force, 2nd Army • 40,000+ geek soldiers • SIGINT today • Proactive deterrence • Massive mission expansion • Cyber “fire support”
  • 37. #RSAC Lesson #4: Lead from the Front • Cyber weapons • Nukes of 21st century? • Rated ahead of terrorism • NSA / CYBERCOM • Line blurring between traditional, digital • Defend private sector? • Alexander controversy • Collection on US citizens • US Congressman: “mockery of oversight” • Militant on secrecy, leaks • Iran counterattack post-Stuxnet • Saudi Aramco, RasGas, Wall Street • DHS: US energy should be on alert
  • 38. #RSAC Lesson 5: Fight Fire With Fire Rome Reverse Engineers Carthage’s Tactics
  • 41. #RSAC Act I: Elephants don’t belong in snow 41 The Punic Wars • Carthage enters Spain, Rome declares war under false pretenses • 218: Hannibal takes his army, with elephants, over the Alps & invades Italy • 216: Rome and Carthage fight the Battle of Cannae
  • 42. #RSAC The Battle of Cannae, 218BC 42 “As the outer ranks fell, and the rest were gradually huddled in and surrounded, they were all killed where they stood. While this murderous combat was going on, the Carthaginians killed most of the cavalry and unseated others. Some 70,000 died bravely.” - Polybius, The Histories dcc.dickinson.edu
  • 44. #RSAC Act II: Return of the Romans 44
  • 45. #RSAC The Battle of Ilipa, 206BC 45 1: Crying wolf 3: The battle2: The wolf Wikipedia commons
  • 46. #RSAC What this means for you 46 Don’t just know thy enemy. Act like them.
  • 47. #RSAC Lesson #5: Think like a hacker • Cliff Stoll, SysAdmin vs. KGB (1986) • Astronomer, inventor, physics teacher • Followed $0.75 around the world • Stoll gaffes • Doubted e-commerce, e-media • Pioneer in digital forensics • Honeypot: “SDInet” • Teleprinter recorded everything • GNU Emacs vuln gave root access • Capture of hacker Markus Hess • Breached US military
  • 48. #RSAC Lesson #5: Think like a hacker • What is this thing? • How does it work? • What else does it do? • Is it secure? • Can I break it? • Can I improve it? • Can I own it?
  • 49. #RSAC Conclusion: The Modern Perimeter The Fall of the Roman Empire
  • 50. #RSAC Height of the Roman Empire: 200AD 50
  • 51. #RSAC Advance Persistent Threat: Barbarians 51 The Fall of Rome • The borders are immense and incredibly difficult to police • Threats from the East & North • When one army is in trouble, others can’t come to their aid • Political infighting divides the empire – split in two • Rome sacked twice • Last Roman emperor killed in 476 Wikipedia commons
  • 52. #RSAC Parallel Lives 52 Classical Greece Phillip & Alexander Fragmentation The Rise of Rome The Fall of Rome Early InfoSec Dot Com Era InfoSec Start-ups InfoSec Expands Modern Landscape
  • 53. #RSAC Drop us a line 53 zerofox.com @zerofox Spencer Wolfe @wolfesp18 spencer@zerofox.com Dr. Kenneth Geers @kgeers kgeers@zerofox.com