SlideShare a Scribd company logo

Parallel session: security

Download as PPTX, PDF
Jisc
Jisc

This session is sponsored by Fortinet. Chair: Frances Burton, security services group manager, Jisc. Cybersecurity has long been an area of activity for those responsible for providing, protecting and supporting digital services in research and education, but recent events have focused public and media attention on the scale of the threat. Our security thread at this year’s conference is picking up on some of these themes and we have sessions covering a number of cybersecurity areas. There will be presentations on organisation experiences of email phishing and the results of our RPZ trial. Accreditation of services is being requested more often by project funders and will have a case study presentation on experience of obtaining ISO27001. Running order of talks: 11:30-11:55 - RPZ trial Speaker: Peter Dorey, Spamhaus 11:55-12:20 - Addressing the skills shortage in cybersecurity Speaker: Debbie Tunstall, Cyber Security Challenge. 12:20-12:45 - Institutional issues with Bitcoin Speaker: Jethro Perkins, London School of Economics and Political Science (LSE).

Education
1 of 63
Parallel session G: Security Chair: Frances Burton SPONSORED BY
Please switch your mobile phones to silent 19:30 No fire alarms scheduled. In the event of an alarm, please follow directions of NCC staff Dinner (now full) Entrance via Goldsmith Street 16:30 - 17:30 Birds of a feather sessions 15:20 - 16:00 Lightning talks
University of Kent and Spamhaus Response Policy Zone Trial David Hayling - University of Kent Peter Dorey - Spamhaus Technology
The UK’s European university RPZ David Hayling
RPZ Response Policy Zone • Basically ‘real time blocking lists’ for DNS lookups • Developed by ISC • In BIND since ver 9.8 • Load a zone from <some-source> • Full transfer (AXFR) • Incremental (IXFR) • DNS server check RPZ zone for each resolve request • If negative then resolve name as normal • If positive then return a pre-configured IP address (‘walled garden’), or return ‘non-existent domain’ (NXDOMAIN) simples
‘Normal levels’ of malware RPZ | David Hayling
‘Normal levels’ of malware – what is ‘normal’? RPZ | David Hayling
‘Normal levels’ of malware – term time in full swing RPZ | David Hayling
‘Normal levels’ of malware – we’re ready to start blocking RPZ | David Hayling
‘Normal levels’ of malware – it works! RPZ | David Hayling
‘Normal levels’ of malware – Christmas break RPZ | David Hayling
‘Normal levels’ of malware – spring term – the ‘New Normal’ RPZ | David Hayling
Don’t just take RPZ’s word for it … • Suricata Intrusion Detection System • Log file analysis by Splunk RPZ | David Hayling
Don’t just take RPZ’s word for it … • Suricata Intrusion Detection System • Log file analysis by Splunk RPZ | David Hayling
RPZ Response Policy Zone - issues • Load a zone from <some-source> • Incremental (IXFR) after long gap causes BIND to ’barth’ • Full transfer (AXFR) • False positives • No reports • but …blocking Twitter isn’t popular • Whitelists • Blacklists • Google DNS (et al) • Should we block? • or redirect the query to local DNS • or do nothing RPZ | David Hayling
RPZ Response Policy Zone “The greatest improvement in our malware defense, in one easy step” RPZ | David Hayling Networks Team, Server Infrastructure Team, and Operations https://blogs.kent.ac.uk/unseenit/?s=rpz With thanks to Matthew Trump
www.kent.ac.uk
RPZ Trial12/04/2017 Spamhaus Technology » What we do 90% of the world’s email traffic is spam…still 100 spam operations in North America and Europe account for 80% of spam Protecting 3 billion mailboxes world-wide
RPZ Trial12/04/2017 Spamhaus Technology
RPZ Trial12/04/2017 » What it is - Domain Based Threat Intelligence Response Policy Zones
RPZ Trial12/04/2017 Response Policy Zones » Standard • bad-nameservers.zone ~18,000 entries • dbl.zone ~1,400,00 entries • dblsr.zone ~2,500,000 entries » Malware • botnetcc.zone ~ 500 entries • dga-domains.zone ~1,200,000 entries • malware.zone ~ 67,000 entries • malware-aggressive.zone ~ 4,000 entries • malware-adware.zone ~ 4,000 entries » Abused • abused-legit.zone ~35,000 entries • adservers.zone ~18,000 entries • bogon.zone ~ 6,000 entries » Diverse • sbl.zone ~ 550,000 entries • tor-exit-nodes.zone ~1,000 entries » DROP & eDROP ~1,000 entries
RPZ Trial12/04/2017 » How it works Response Policy Zones DNS resolver DNS root server DNS .com TLD DNS example.com
RPZ Trial12/04/2017 Response Policy Zones DNS resolver DNS root server DNS .com TLD DNS example.com » How it works » Distribution via IXFR •8 Core CPU with at least a 2.4 gHz clock speed •8 GB of RAM •Servers should be bare metal - not virtualized
RPZ Trial12/04/2017 Hosting environment result »Tips for implementation Botnet C&C C&C other Outbound Inbound
RPZ Trial12/04/2017 The Results »Tips for implementation 1. Testing & Implementation 2. Whitelists 3. Tracking and metrics (log re-writes)
RPZ Trial12/04/2017 What next »Sign up for DROP &eDROP www.spamhaus.org www.spamhaustech.com @spamteq Search Groups ‘Spamhaus Technology’
jisc.ac.uk David Hayling, University of Kent Peter Dorey, Spamhaus
Addressing the skills shortage in Cyber Security DebbieTunstall,Cyber Security challenge
Debbie Tunstall Education Team Manager - Cyber Security Challenge UK Ensuring We Have The Cyber Skills for Tomorrow 12 April 2017
Cyber Security Cyber security has become prominent in recent years, moving from a back-office ‘techie’ activity to an industry that is at the heart of Britain’s business success and its protection from major online criminals and terrorists.
Current Picture »The eight annual (ISC2) Global Workforce Survey predicts there will be a shortage of 1.8 million Information Security Professionals by 2022 »The Government will invest £1.9 billion in a National Cyber Security Strategy to ensure government, businesses, law enforcement and UK citizens have the right skills and knowledge
But: are we doing enough as a nation?
Why is there a skills shortage? • Profession is relatively new • Understanding of the nature of the jobs is poor • The pathways into it are ill defined • Lacking diversity: we recruit from half the population -7% women • Our education system was not delivering for us. Peter Clarke, Nov 2015 Masterclass winner Ben Jackson (18), Nov 2016 Masterclass winner
The world is your oyster »The UK cyber security industry contributes over £17 billion to the UK economy » Tens of thousands of home-grown experts are working to protect UK businesses »Globally, the rise in online crime is outpacing the supply of cyber defenders »Exports of UK cyber products and services are growing by over 15% a year
Employers Need You! Attributes: Quick thinkers  Strong communicators  Have an inquisitive and analytical mind  Problem solvers  Good at thinking outside the box  Creative – can stay one step ahead
Introduction to Cyber Security Challenge UK  Cyber Security Challenge UK was set up to support the National Cyber Security Strategy and to help address the critical skills gap  A not-for-profit organisation attracting government and commercial sponsorship  Over 80 Sponsors of all sizes Cyber Education and Skills: High on the list of UK Governmental Priorities
What is on Offer From The Challenge ? Competitions for all – National and European University Competitions Schools Competitions – Cyber Games CyberCenturion Online Gaming – PoD – MMOGE Cyphinx Toolkits Virtuals Cyber Camps Face-to-Face learning and competitions Masterclass and Finals Prizes Mentoring Careers Alumni Group - Whitehatters 2015 Schools Final Winners at Cheltenham Science Festival
. Education – Schools • Schools Programme • Lesson Plans and Activities • CyberCenturion • Online Gaming – PoD • CyPhinx • Cyber Extended Project Qualification [EPQ] CyberCenturion finals – TNMOC Bletchley Park 2015, 2016
Education - Universities • FE – HE - Universities • Insight Camps • Capture the Flags • Careers Events Kane Small – Greenwich Camp The Cyber Security Challenge camp was such an enlightening event and the amount of information that I absorbed in just three days was phenomenal. Before the event I had no idea I even wanted to pursue a career in Cyber Security, but after the event I literally didn't know why I hadn't looked into the field sooner! Having industry experts attend and provide such rich and engaging talks, not only about their own experiences but the threats that exist now and are constantly evolving and adapting, was an absolute eye-opener. I really would encourage anyone who is interested in cyber security even in the slightest to attend, you will not regret it for a second!
Education - Universities Jessica Williams – Development Camp, Student Ambassador, Masterclass Finalist, European Team, speaker. Cyber Security gave me the opportunity to attend loads of cyber networking events. I meet many prospective employers and ended up getting loads of interviews and eventually my job at BT, this was all before I'd even finished my degree. I also got to work with the National Grid on my final year project. I had so much fun meeting all these great people, its also given me a great bit of PR that I'm still getting contacted about! Cyber Security Challenge gave me the confidence to do all these things, really recognised my achievements even when sometimes my university didn't. Cyber Security Challenge has literally changed my life.
Education – Career Transitioners My first experience of the Cyber Security Challenge UK came at the end of a 6 year career in the Royal Marines. Looking for a career change and with zero technical background, the challenge gave me hands on experience into an exciting and challenging industry. Tim Carrington, Masterclass Finalist, European Team, Whitehatters
Switzerland October 2015: European Cyber Security Challenge
Careers – Find out more Inspired Careers http://www.inspiredcareers.org/browse- careers/cyber-security/
jisc.ac.uk Thank you DebbieTunstall Cyber SecurityChallenge dtunstall@Cybersecuritychallenge.org.uk 12/04/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
“It started with a phish...” Or, how we got USED for Bitcoin Jethro Perkins Information Security Manager, LSE
It was 15.52 on a Friday afternoon... • ...and I was due to go on holiday the next day • I was contacted by the (physical) Security Office • Someone thinks they’ve been hacked • “[John], below, claims his computer was hacked when he corresponded with someone purporting to be from LSE. It would seem that the perpetrator was using LSE website/credentials (or is he LSE).”
We have a problem... • Victim suspected: – he had fallen for an elaborate scam perpetrated by “Professor Zhai” • (who is in no way a criminal mastermind from a film) – Prof Zhai claimed to the victim he was researching bitcoin exchanges… – …but was really hacking bitcoin exchanges… – …using malware packaged as GoToMeeting binaries… – Downloaded from learningresources.lse.ac.uk
Uh oh… • We don’t have a Professor Howard Zhai • But we do have a postgraduate student in another Department with the referenced email address • We don’t use (or distribute) GoToMeeting binaries • What the hell is learningresources.lse.ac.uk? – Is it some fake resource lurking on our network? – Or a cunning redirect to something somewhere else?
We’ve been hacked! – Oh, wait... • Is this a scam being run by a postgrad student masquerading as a professor? • Or is it a compromised account being used for nefarious purposes? • (Or is it an evil genius from a film trying to take over the universe?) • We disable the account – Was this a mistake? – Did it alert the attacker? • Is learningresources.lse.ac.uk a real thing? • Turns out it is. How has it been hacked? • Turns out – it hasn’t • Anyone can create an account and upload stuff • This is its function by design • <headdesk>
Learningresources.lse.ac.uk • Built long ago for lecturers to be able to upload and share resources • Before formal Project reviews and Solution Design Authorities existed – so no identification of the potential issue in the functionality • Little used, but not decommissioned because “there’s some good stuff on it” • It was patched • We guessed pretty quickly that the upload facility had been abused, but we couldn’t be sure... • So we spent quite a lot of time trying to work out whether someone had root privileges... • ...and if so, then we would have a bigger problem on our hands • At the same time, the attacker realised something was up (the disabled AD account?) and deleted all their stuff from the server – as we were looking at it
Learningresources.lse.ac.uk II • In the end, we took all three related servers down for the weekend, just to play it safe • Learningresources was never switched back on again • There was no indication of compromise • They just used learningresources as it was meant to be used (kind of) • We checked the firewall logs for any hint of the attacker going after other targets – It took a long time, as our logs are huge – And our SIEM capabilities are, ahem, *not perfect* • They had been sniffing around other departmental systems – we alerted the administrators
What had happened • “It started with a phish...” • Two compromised postgraduate accounts • Were they spear-phished, or were the accounts just bought from a pool? – (interestingly, later, one of the students reset his password to the one that was compromised and his account started sending out spam – indicating maybe the latter)
Making a Professor of Economics • Being a Professor of Economics is easy • You need: – a phished account – Learningresources.lse.ac.uk – A nice fake CV you can upload to it • You give the account a name that fits the email account • Then you can email bitcoin exchanges asking for them to participate in your classes • You can direct them to your fake CV on the ambiguously-named learningresources.lse.ac.uk – Authentic, huh? • And chat with your buddy on the other compromised @lse.ac.uk address, for added authenticity • If asked why you’re not on the LSE website, you say you’re new, and it’s only updated in September, ready for the new year
Talking to the Bitcoin exchanges • “Professor Zhai” contacted several • Same story each time: • “We pay special attention to the development of digital currencies and Blockchain technology, and we consider that these technologies can have a significant impact on the development of the world economy. Our University is interested in cooperation with people who can share some practical experience in this area.”
Next... • For anyone who fell for this, the next stage was: • “We regularly run webinars with directors of major companies, government experts and entertainers. Students and teachers can ask any questions online and discuss burning issues in the field of digital currencies” • This was followed up with a Skype conversation • And then Bitcoin exchanges log into the “lecture” using... • ...You guessed it... • ...the malware hosted on learningresources.lse.ac.uk, masquerading as GoToMeeting
Next II • “Professor Zhai” then claims there have been some technical issues, and he’ll get back in contact when these have been resolved • Meanwhile, the malware is hunting around for whatever it is hunting around for, and is talking back to a server in France • He tries to string the exchanges along for as long as possible, to give the attackers a chance to try what they’ve got • Some get a bit angry and give up. • Only one realises the game and has the presence of mind to get in contact with us
Mopping up • We contacted all of the Bitcoin exchanges “Professor Zhai” had emailed, in order to let them know it was fake • We hardened the remaining servers that ran the same system as learningresources • No more creating user accounts, logging in and uploading any old thing!
What we learned • Authenticity is hard – faking it is easy • A victim who’s willing to help makes all the difference to an investigation • Everything still starts with a phish. All it took were two careless postgraduate students • The attackers took the easiest route in - forgotten legacy services • The scam was elaborate and carefully planned, but... • …the only sophisticated technical aspect was the malware – (and that was probably purchased) – (and we don’t know if it actually worked) • The rest was achieved by a combination of social engineering and opportunism • LSE press releases and “chatty” website information give attackers plenty of “insider information” • …which they relentlessly leverage • Don’t go on holiday
Any questions?
jisc.ac.uk Jethro Perkins Information Security Manager, LSE
Thank you

Recommended

Parallel session: mobility
Parallel session: mobilityParallel session: mobility
Parallel session: mobilityJisc
 
Network engineering surgery (part one)
Network engineering surgery (part one)Network engineering surgery (part one)
Network engineering surgery (part one)Jisc
 
Parallel session: IPv6
Parallel session: IPv6Parallel session: IPv6
Parallel session: IPv6Jisc
 
Parallel session: supporting data-intensive applications
Parallel session: supporting data-intensive applicationsParallel session: supporting data-intensive applications
Parallel session: supporting data-intensive applicationsJisc
 
Networkshop45 day one plenary session
Networkshop45 day one plenary sessionNetworkshop45 day one plenary session
Networkshop45 day one plenary sessionJisc
 
Exhibitor session: Efficient IP
Exhibitor session: Efficient IPExhibitor session: Efficient IP
Exhibitor session: Efficient IPJisc
 
Introducing Jisc's new managed identity provider service
Introducing Jisc's new managed identity provider serviceIntroducing Jisc's new managed identity provider service
Introducing Jisc's new managed identity provider serviceJisc
 
Introducing the Jisc National HPC Agreement
Introducing the Jisc National HPC AgreementIntroducing the Jisc National HPC Agreement
Introducing the Jisc National HPC AgreementMartin Hamilton
 

Recommended

Parallel session: mobility
Parallel session: mobilityParallel session: mobility
Parallel session: mobilityJisc
 
Network engineering surgery (part one)
Network engineering surgery (part one)Network engineering surgery (part one)
Network engineering surgery (part one)Jisc
 
Parallel session: IPv6
Parallel session: IPv6Parallel session: IPv6
Parallel session: IPv6Jisc
 
Parallel session: supporting data-intensive applications
Parallel session: supporting data-intensive applicationsParallel session: supporting data-intensive applications
Parallel session: supporting data-intensive applicationsJisc
 
Networkshop45 day one plenary session
Networkshop45 day one plenary sessionNetworkshop45 day one plenary session
Networkshop45 day one plenary sessionJisc
 
Exhibitor session: Efficient IP
Exhibitor session: Efficient IPExhibitor session: Efficient IP
Exhibitor session: Efficient IPJisc
 
Introducing Jisc's new managed identity provider service
Introducing Jisc's new managed identity provider serviceIntroducing Jisc's new managed identity provider service
Introducing Jisc's new managed identity provider serviceJisc
 
Introducing the Jisc National HPC Agreement
Introducing the Jisc National HPC AgreementIntroducing the Jisc National HPC Agreement
Introducing the Jisc National HPC AgreementMartin Hamilton
 
The Janet network: your digital utility - Jisc Digifest 2016
The Janet network: your digital utility - Jisc Digifest 2016The Janet network: your digital utility - Jisc Digifest 2016
The Janet network: your digital utility - Jisc Digifest 2016Jisc
 
The Science DMZ
The Science DMZThe Science DMZ
The Science DMZJisc
 
UK e-Infrastructure for Research - UK/USA HPC Workshop, Oxford, July 2015
UK e-Infrastructure for Research - UK/USA HPC Workshop, Oxford, July 2015UK e-Infrastructure for Research - UK/USA HPC Workshop, Oxford, July 2015
UK e-Infrastructure for Research - UK/USA HPC Workshop, Oxford, July 2015Martin Hamilton
 
Network engineering surgery (part two)
Network engineering surgery (part two)Network engineering surgery (part two)
Network engineering surgery (part two)Jisc
 
Frictionless Supercomputing - MEW25
Frictionless Supercomputing - MEW25Frictionless Supercomputing - MEW25
Frictionless Supercomputing - MEW25Martin Hamilton
 
Digital Humanities and the First World War
Digital Humanities and the First World WarDigital Humanities and the First World War
Digital Humanities and the First World WarAdrian Stevenson
 
Network monitoring system demonstration
Network monitoring system demonstrationNetwork monitoring system demonstration
Network monitoring system demonstrationJisc
 
Readying the campus for the internet of things (io t) - Networkshop44
Readying the campus for the internet of things (io t) - Networkshop44Readying the campus for the internet of things (io t) - Networkshop44
Readying the campus for the internet of things (io t) - Networkshop44Jisc
 
Building an international infrastructure for research data - Jisc Digital Fes...
Building an international infrastructure for research data - Jisc Digital Fes...Building an international infrastructure for research data - Jisc Digital Fes...
Building an international infrastructure for research data - Jisc Digital Fes...Jisc
 
Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Jisc
 
Save money and consolidate data in one safe environment - Jisc Digital Festiv...
Save money and consolidate data in one safe environment - Jisc Digital Festiv...Save money and consolidate data in one safe environment - Jisc Digital Festiv...
Save money and consolidate data in one safe environment - Jisc Digital Festiv...Jisc
 
Frictionless Sharing - The New Normal?
Frictionless Sharing - The New Normal?Frictionless Sharing - The New Normal?
Frictionless Sharing - The New Normal?Martin Hamilton
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiJisc
 
Research data spring: clipper
Research data spring: clipperResearch data spring: clipper
Research data spring: clipperJisc RDM
 
Enabling efficient movement of data into & out of a high-performance analysis...
Enabling efficient movement of data into & out of a high-performance analysis...Enabling efficient movement of data into & out of a high-performance analysis...
Enabling efficient movement of data into & out of a high-performance analysis...Jisc
 
Big data and the dark arts - Jisc Digital Media 2015
Big data and the dark arts - Jisc Digital Media 2015Big data and the dark arts - Jisc Digital Media 2015
Big data and the dark arts - Jisc Digital Media 2015Jisc
 
Jisc - Rebooting a National Innovation Agency (EUNIS 2014)
Jisc - Rebooting a National Innovation Agency (EUNIS 2014)Jisc - Rebooting a National Innovation Agency (EUNIS 2014)
Jisc - Rebooting a National Innovation Agency (EUNIS 2014)Martin Hamilton
 
Dstl Academic Engagement (Prof. Tom McCutcheon)
Dstl Academic Engagement (Prof. Tom McCutcheon)Dstl Academic Engagement (Prof. Tom McCutcheon)
Dstl Academic Engagement (Prof. Tom McCutcheon)scirexcenter
 
3D technologies for teaching and learning
3D technologies for teaching and learning3D technologies for teaching and learning
3D technologies for teaching and learningJisc
 
Collaborative Research with UK MOD - an Academic's Experience ((John Fitzgerald)
Collaborative Research with UK MOD - an Academic's Experience ((John Fitzgerald)Collaborative Research with UK MOD - an Academic's Experience ((John Fitzgerald)
Collaborative Research with UK MOD - an Academic's Experience ((John Fitzgerald)scirexcenter
 
Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...
Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...
Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...KTN
 
COMIT Community Day Spring 2019 - Main Slides
COMIT Community Day Spring 2019 - Main SlidesCOMIT Community Day Spring 2019 - Main Slides
COMIT Community Day Spring 2019 - Main SlidesComit Projects Ltd
 

More Related Content

What's hot

The Janet network: your digital utility - Jisc Digifest 2016
The Janet network: your digital utility - Jisc Digifest 2016The Janet network: your digital utility - Jisc Digifest 2016
The Janet network: your digital utility - Jisc Digifest 2016Jisc
 
The Science DMZ
The Science DMZThe Science DMZ
The Science DMZJisc
 
UK e-Infrastructure for Research - UK/USA HPC Workshop, Oxford, July 2015
UK e-Infrastructure for Research - UK/USA HPC Workshop, Oxford, July 2015UK e-Infrastructure for Research - UK/USA HPC Workshop, Oxford, July 2015
UK e-Infrastructure for Research - UK/USA HPC Workshop, Oxford, July 2015Martin Hamilton
 
Network engineering surgery (part two)
Network engineering surgery (part two)Network engineering surgery (part two)
Network engineering surgery (part two)Jisc
 
Frictionless Supercomputing - MEW25
Frictionless Supercomputing - MEW25Frictionless Supercomputing - MEW25
Frictionless Supercomputing - MEW25Martin Hamilton
 
Digital Humanities and the First World War
Digital Humanities and the First World WarDigital Humanities and the First World War
Digital Humanities and the First World WarAdrian Stevenson
 
Network monitoring system demonstration
Network monitoring system demonstrationNetwork monitoring system demonstration
Network monitoring system demonstrationJisc
 
Readying the campus for the internet of things (io t) - Networkshop44
Readying the campus for the internet of things (io t) - Networkshop44Readying the campus for the internet of things (io t) - Networkshop44
Readying the campus for the internet of things (io t) - Networkshop44Jisc
 
Building an international infrastructure for research data - Jisc Digital Fes...
Building an international infrastructure for research data - Jisc Digital Fes...Building an international infrastructure for research data - Jisc Digital Fes...
Building an international infrastructure for research data - Jisc Digital Fes...Jisc
 
Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Jisc
 
Save money and consolidate data in one safe environment - Jisc Digital Festiv...
Save money and consolidate data in one safe environment - Jisc Digital Festiv...Save money and consolidate data in one safe environment - Jisc Digital Festiv...
Save money and consolidate data in one safe environment - Jisc Digital Festiv...Jisc
 
Frictionless Sharing - The New Normal?
Frictionless Sharing - The New Normal?Frictionless Sharing - The New Normal?
Frictionless Sharing - The New Normal?Martin Hamilton
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiJisc
 
Research data spring: clipper
Research data spring: clipperResearch data spring: clipper
Research data spring: clipperJisc RDM
 
Enabling efficient movement of data into & out of a high-performance analysis...
Enabling efficient movement of data into & out of a high-performance analysis...Enabling efficient movement of data into & out of a high-performance analysis...
Enabling efficient movement of data into & out of a high-performance analysis...Jisc
 
Big data and the dark arts - Jisc Digital Media 2015
Big data and the dark arts - Jisc Digital Media 2015Big data and the dark arts - Jisc Digital Media 2015
Big data and the dark arts - Jisc Digital Media 2015Jisc
 
Jisc - Rebooting a National Innovation Agency (EUNIS 2014)
Jisc - Rebooting a National Innovation Agency (EUNIS 2014)Jisc - Rebooting a National Innovation Agency (EUNIS 2014)
Jisc - Rebooting a National Innovation Agency (EUNIS 2014)Martin Hamilton
 
Dstl Academic Engagement (Prof. Tom McCutcheon)
Dstl Academic Engagement (Prof. Tom McCutcheon)Dstl Academic Engagement (Prof. Tom McCutcheon)
Dstl Academic Engagement (Prof. Tom McCutcheon)scirexcenter
 
3D technologies for teaching and learning
3D technologies for teaching and learning3D technologies for teaching and learning
3D technologies for teaching and learningJisc
 
Collaborative Research with UK MOD - an Academic's Experience ((John Fitzgerald)
Collaborative Research with UK MOD - an Academic's Experience ((John Fitzgerald)Collaborative Research with UK MOD - an Academic's Experience ((John Fitzgerald)
Collaborative Research with UK MOD - an Academic's Experience ((John Fitzgerald)scirexcenter
 

What's hot (20)

The Janet network: your digital utility - Jisc Digifest 2016
The Janet network: your digital utility - Jisc Digifest 2016The Janet network: your digital utility - Jisc Digifest 2016
The Janet network: your digital utility - Jisc Digifest 2016
 
The Science DMZ
The Science DMZThe Science DMZ
The Science DMZ
 
UK e-Infrastructure for Research - UK/USA HPC Workshop, Oxford, July 2015
UK e-Infrastructure for Research - UK/USA HPC Workshop, Oxford, July 2015UK e-Infrastructure for Research - UK/USA HPC Workshop, Oxford, July 2015
UK e-Infrastructure for Research - UK/USA HPC Workshop, Oxford, July 2015
 
Network engineering surgery (part two)
Network engineering surgery (part two)Network engineering surgery (part two)
Network engineering surgery (part two)
 
Frictionless Supercomputing - MEW25
Frictionless Supercomputing - MEW25Frictionless Supercomputing - MEW25
Frictionless Supercomputing - MEW25
 
Digital Humanities and the First World War
Digital Humanities and the First World WarDigital Humanities and the First World War
Digital Humanities and the First World War
 
Network monitoring system demonstration
Network monitoring system demonstrationNetwork monitoring system demonstration
Network monitoring system demonstration
 
Readying the campus for the internet of things (io t) - Networkshop44
Readying the campus for the internet of things (io t) - Networkshop44Readying the campus for the internet of things (io t) - Networkshop44
Readying the campus for the internet of things (io t) - Networkshop44
 
Building an international infrastructure for research data - Jisc Digital Fes...
Building an international infrastructure for research data - Jisc Digital Fes...Building an international infrastructure for research data - Jisc Digital Fes...
Building an international infrastructure for research data - Jisc Digital Fes...
 
Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44
 
Save money and consolidate data in one safe environment - Jisc Digital Festiv...
Save money and consolidate data in one safe environment - Jisc Digital Festiv...Save money and consolidate data in one safe environment - Jisc Digital Festiv...
Save money and consolidate data in one safe environment - Jisc Digital Festiv...
 
Frictionless Sharing - The New Normal?
Frictionless Sharing - The New Normal?Frictionless Sharing - The New Normal?
Frictionless Sharing - The New Normal?
 
Exhibitor session: Cisco Meraki
Exhibitor session: Cisco MerakiExhibitor session: Cisco Meraki
Exhibitor session: Cisco Meraki
 
Research data spring: clipper
Research data spring: clipperResearch data spring: clipper
Research data spring: clipper
 
Enabling efficient movement of data into & out of a high-performance analysis...
Enabling efficient movement of data into & out of a high-performance analysis...Enabling efficient movement of data into & out of a high-performance analysis...
Enabling efficient movement of data into & out of a high-performance analysis...
 
Big data and the dark arts - Jisc Digital Media 2015
Big data and the dark arts - Jisc Digital Media 2015Big data and the dark arts - Jisc Digital Media 2015
Big data and the dark arts - Jisc Digital Media 2015
 
Jisc - Rebooting a National Innovation Agency (EUNIS 2014)
Jisc - Rebooting a National Innovation Agency (EUNIS 2014)Jisc - Rebooting a National Innovation Agency (EUNIS 2014)
Jisc - Rebooting a National Innovation Agency (EUNIS 2014)
 
Dstl Academic Engagement (Prof. Tom McCutcheon)
Dstl Academic Engagement (Prof. Tom McCutcheon)Dstl Academic Engagement (Prof. Tom McCutcheon)
Dstl Academic Engagement (Prof. Tom McCutcheon)
 
3D technologies for teaching and learning
3D technologies for teaching and learning3D technologies for teaching and learning
3D technologies for teaching and learning
 
Collaborative Research with UK MOD - an Academic's Experience ((John Fitzgerald)
Collaborative Research with UK MOD - an Academic's Experience ((John Fitzgerald)Collaborative Research with UK MOD - an Academic's Experience ((John Fitzgerald)
Collaborative Research with UK MOD - an Academic's Experience ((John Fitzgerald)
 

Similar to Parallel session: security

Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...
Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...
Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...KTN
 
COMIT Community Day Spring 2019 - Main Slides
COMIT Community Day Spring 2019 - Main SlidesCOMIT Community Day Spring 2019 - Main Slides
COMIT Community Day Spring 2019 - Main SlidesComit Projects Ltd
 
Trustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next StepsTrustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next StepsVon Welch
 
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conferenceSMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conferenceDale Butler
 
Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017Ray Bugg
 
Investigating Cybercrime in the UK
Investigating Cybercrime in the UKInvestigating Cybercrime in the UK
Investigating Cybercrime in the UKNapier University
 
Scot Secure 2018
Scot Secure 2018Scot Secure 2018
Scot Secure 2018Ray Bugg
 
2020 FRSecure CISSP Mentor Program - Class 3
2020 FRSecure CISSP Mentor Program - Class 3 2020 FRSecure CISSP Mentor Program - Class 3
2020 FRSecure CISSP Mentor Program - Class 3 FRSecure
 
Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Ray Bugg
 
Cyber Security resilience - what's in a number? The real threat to industrial...
Cyber Security resilience - what's in a number? The real threat to industrial...Cyber Security resilience - what's in a number? The real threat to industrial...
Cyber Security resilience - what's in a number? The real threat to industrial...Schneider Electric
 
SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015Dale Butler
 
Gabor Munk - CTI and Information Sharing
Gabor Munk - CTI and Information SharingGabor Munk - CTI and Information Sharing
Gabor Munk - CTI and Information SharingBlack Cell Ltd.
 
Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentationIISPEastMids
 
March cybersecurity powerpoint
March cybersecurity powerpointMarch cybersecurity powerpoint
March cybersecurity powerpointCourtney King
 
SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016Dale Butler
 
Smart Cities Day 2 Urban Innovation
Smart Cities Day 2 Urban InnovationSmart Cities Day 2 Urban Innovation
Smart Cities Day 2 Urban Innovation4 All of Us
 
Spotlight on Technology 2018
Spotlight on Technology 2018Spotlight on Technology 2018
Spotlight on Technology 2018Craig Devlin
 
Datto event master slides
Datto event master slidesDatto event master slides
Datto event master slidesGary S. Creigh
 
Opening plenary session - Day one Networkshop46
Opening plenary session - Day one Networkshop46Opening plenary session - Day one Networkshop46
Opening plenary session - Day one Networkshop46Jisc
 

Similar to Parallel session: security (20)

Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...
Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...
Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...
 
COMIT Community Day Spring 2019 - Main Slides
COMIT Community Day Spring 2019 - Main SlidesCOMIT Community Day Spring 2019 - Main Slides
COMIT Community Day Spring 2019 - Main Slides
 
Trustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next StepsTrustworthy Computational Science: Lessons Learned and Next Steps
Trustworthy Computational Science: Lessons Learned and Next Steps
 
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conferenceSMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
SMi Group's 7th annual European Smart Grid Cyber Security 2017 conference
 
Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017
 
Investigating Cybercrime in the UK
Investigating Cybercrime in the UKInvestigating Cybercrime in the UK
Investigating Cybercrime in the UK
 
Scot Secure 2018
Scot Secure 2018Scot Secure 2018
Scot Secure 2018
 
2020 FRSecure CISSP Mentor Program - Class 3
2020 FRSecure CISSP Mentor Program - Class 3 2020 FRSecure CISSP Mentor Program - Class 3
2020 FRSecure CISSP Mentor Program - Class 3
 
Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Digital Energy 2018 Day 2
Digital Energy 2018 Day 2
 
Cyber Security resilience - what's in a number? The real threat to industrial...
Cyber Security resilience - what's in a number? The real threat to industrial...Cyber Security resilience - what's in a number? The real threat to industrial...
Cyber Security resilience - what's in a number? The real threat to industrial...
 
SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015
 
Gabor Munk - CTI and Information Sharing
Gabor Munk - CTI and Information SharingGabor Munk - CTI and Information Sharing
Gabor Munk - CTI and Information Sharing
 
Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentation
 
March cybersecurity powerpoint
March cybersecurity powerpointMarch cybersecurity powerpoint
March cybersecurity powerpoint
 
Cyber Security Conference 2017
Cyber Security Conference 2017Cyber Security Conference 2017
Cyber Security Conference 2017
 
SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016
 
Smart Cities Day 2 Urban Innovation
Smart Cities Day 2 Urban InnovationSmart Cities Day 2 Urban Innovation
Smart Cities Day 2 Urban Innovation
 
Spotlight on Technology 2018
Spotlight on Technology 2018Spotlight on Technology 2018
Spotlight on Technology 2018
 
Datto event master slides
Datto event master slidesDatto event master slides
Datto event master slides
 
Opening plenary session - Day one Networkshop46
Opening plenary session - Day one Networkshop46Opening plenary session - Day one Networkshop46
Opening plenary session - Day one Networkshop46
 

More from Jisc

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptxJisc
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptxJisc
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxJisc
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptxJisc
 

More from Jisc (20)

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptx
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptx
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptx
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptx
 

Recently uploaded

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 

Recently uploaded (20)

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 

Parallel session: security

  • 1. Parallel session G: Security Chair: Frances Burton SPONSORED BY
  • 2. Please switch your mobile phones to silent 19:30 No fire alarms scheduled. In the event of an alarm, please follow directions of NCC staff Dinner (now full) Entrance via Goldsmith Street 16:30 - 17:30 Birds of a feather sessions 15:20 - 16:00 Lightning talks
  • 3. University of Kent and Spamhaus Response Policy Zone Trial David Hayling - University of Kent Peter Dorey - Spamhaus Technology
  • 4. The UK’s European university RPZ David Hayling
  • 5. RPZ Response Policy Zone • Basically ‘real time blocking lists’ for DNS lookups • Developed by ISC • In BIND since ver 9.8 • Load a zone from <some-source> • Full transfer (AXFR) • Incremental (IXFR) • DNS server check RPZ zone for each resolve request • If negative then resolve name as normal • If positive then return a pre-configured IP address (‘walled garden’), or return ‘non-existent domain’ (NXDOMAIN) simples
  • 6. ‘Normal levels’ of malware RPZ | David Hayling
  • 7. ‘Normal levels’ of malware – what is ‘normal’? RPZ | David Hayling
  • 8. ‘Normal levels’ of malware – term time in full swing RPZ | David Hayling
  • 9. ‘Normal levels’ of malware – we’re ready to start blocking RPZ | David Hayling
  • 10. ‘Normal levels’ of malware – it works! RPZ | David Hayling
  • 11. ‘Normal levels’ of malware – Christmas break RPZ | David Hayling
  • 12. ‘Normal levels’ of malware – spring term – the ‘New Normal’ RPZ | David Hayling
  • 13. Don’t just take RPZ’s word for it … • Suricata Intrusion Detection System • Log file analysis by Splunk RPZ | David Hayling
  • 14. Don’t just take RPZ’s word for it … • Suricata Intrusion Detection System • Log file analysis by Splunk RPZ | David Hayling
  • 15. RPZ Response Policy Zone - issues • Load a zone from <some-source> • Incremental (IXFR) after long gap causes BIND to ’barth’ • Full transfer (AXFR) • False positives • No reports • but …blocking Twitter isn’t popular • Whitelists • Blacklists • Google DNS (et al) • Should we block? • or redirect the query to local DNS • or do nothing RPZ | David Hayling
  • 16. RPZ Response Policy Zone “The greatest improvement in our malware defense, in one easy step” RPZ | David Hayling Networks Team, Server Infrastructure Team, and Operations https://blogs.kent.ac.uk/unseenit/?s=rpz With thanks to Matthew Trump
  • 18. RPZ Trial12/04/2017 Spamhaus Technology » What we do 90% of the world’s email traffic is spam…still 100 spam operations in North America and Europe account for 80% of spam Protecting 3 billion mailboxes world-wide
  • 20. RPZ Trial12/04/2017 » What it is - Domain Based Threat Intelligence Response Policy Zones
  • 21. RPZ Trial12/04/2017 Response Policy Zones » Standard • bad-nameservers.zone ~18,000 entries • dbl.zone ~1,400,00 entries • dblsr.zone ~2,500,000 entries » Malware • botnetcc.zone ~ 500 entries • dga-domains.zone ~1,200,000 entries • malware.zone ~ 67,000 entries • malware-aggressive.zone ~ 4,000 entries • malware-adware.zone ~ 4,000 entries » Abused • abused-legit.zone ~35,000 entries • adservers.zone ~18,000 entries • bogon.zone ~ 6,000 entries » Diverse • sbl.zone ~ 550,000 entries • tor-exit-nodes.zone ~1,000 entries » DROP & eDROP ~1,000 entries
  • 22. RPZ Trial12/04/2017 » How it works Response Policy Zones DNS resolver DNS root server DNS .com TLD DNS example.com
  • 23. RPZ Trial12/04/2017 Response Policy Zones DNS resolver DNS root server DNS .com TLD DNS example.com » How it works » Distribution via IXFR •8 Core CPU with at least a 2.4 gHz clock speed •8 GB of RAM •Servers should be bare metal - not virtualized
  • 24. RPZ Trial12/04/2017 Hosting environment result »Tips for implementation Botnet C&C C&C other Outbound Inbound
  • 25. RPZ Trial12/04/2017 The Results »Tips for implementation 1. Testing & Implementation 2. Whitelists 3. Tracking and metrics (log re-writes)
  • 26. RPZ Trial12/04/2017 What next »Sign up for DROP &eDROP www.spamhaus.org www.spamhaustech.com @spamteq Search Groups ‘Spamhaus Technology’
  • 27. jisc.ac.uk David Hayling, University of Kent Peter Dorey, Spamhaus
  • 28. Addressing the skills shortage in Cyber Security DebbieTunstall,Cyber Security challenge
  • 29. Debbie Tunstall Education Team Manager - Cyber Security Challenge UK Ensuring We Have The Cyber Skills for Tomorrow 12 April 2017
  • 30. Cyber Security Cyber security has become prominent in recent years, moving from a back-office ‘techie’ activity to an industry that is at the heart of Britain’s business success and its protection from major online criminals and terrorists.
  • 31. Current Picture »The eight annual (ISC2) Global Workforce Survey predicts there will be a shortage of 1.8 million Information Security Professionals by 2022 »The Government will invest £1.9 billion in a National Cyber Security Strategy to ensure government, businesses, law enforcement and UK citizens have the right skills and knowledge
  • 32. But: are we doing enough as a nation?
  • 33.
  • 34. Why is there a skills shortage? • Profession is relatively new • Understanding of the nature of the jobs is poor • The pathways into it are ill defined • Lacking diversity: we recruit from half the population -7% women • Our education system was not delivering for us. Peter Clarke, Nov 2015 Masterclass winner Ben Jackson (18), Nov 2016 Masterclass winner
  • 35. The world is your oyster »The UK cyber security industry contributes over £17 billion to the UK economy » Tens of thousands of home-grown experts are working to protect UK businesses »Globally, the rise in online crime is outpacing the supply of cyber defenders »Exports of UK cyber products and services are growing by over 15% a year
  • 36. Employers Need You! Attributes: Quick thinkers  Strong communicators  Have an inquisitive and analytical mind  Problem solvers  Good at thinking outside the box  Creative – can stay one step ahead
  • 37. Introduction to Cyber Security Challenge UK  Cyber Security Challenge UK was set up to support the National Cyber Security Strategy and to help address the critical skills gap  A not-for-profit organisation attracting government and commercial sponsorship  Over 80 Sponsors of all sizes Cyber Education and Skills: High on the list of UK Governmental Priorities
  • 38. What is on Offer From The Challenge ? Competitions for all – National and European University Competitions Schools Competitions – Cyber Games CyberCenturion Online Gaming – PoD – MMOGE Cyphinx Toolkits Virtuals Cyber Camps Face-to-Face learning and competitions Masterclass and Finals Prizes Mentoring Careers Alumni Group - Whitehatters 2015 Schools Final Winners at Cheltenham Science Festival
  • 39. . Education – Schools • Schools Programme • Lesson Plans and Activities • CyberCenturion • Online Gaming – PoD • CyPhinx • Cyber Extended Project Qualification [EPQ] CyberCenturion finals – TNMOC Bletchley Park 2015, 2016
  • 40. Education - Universities • FE – HE - Universities • Insight Camps • Capture the Flags • Careers Events Kane Small – Greenwich Camp The Cyber Security Challenge camp was such an enlightening event and the amount of information that I absorbed in just three days was phenomenal. Before the event I had no idea I even wanted to pursue a career in Cyber Security, but after the event I literally didn't know why I hadn't looked into the field sooner! Having industry experts attend and provide such rich and engaging talks, not only about their own experiences but the threats that exist now and are constantly evolving and adapting, was an absolute eye-opener. I really would encourage anyone who is interested in cyber security even in the slightest to attend, you will not regret it for a second!
  • 41. Education - Universities Jessica Williams – Development Camp, Student Ambassador, Masterclass Finalist, European Team, speaker. Cyber Security gave me the opportunity to attend loads of cyber networking events. I meet many prospective employers and ended up getting loads of interviews and eventually my job at BT, this was all before I'd even finished my degree. I also got to work with the National Grid on my final year project. I had so much fun meeting all these great people, its also given me a great bit of PR that I'm still getting contacted about! Cyber Security Challenge gave me the confidence to do all these things, really recognised my achievements even when sometimes my university didn't. Cyber Security Challenge has literally changed my life.
  • 42. Education – Career Transitioners My first experience of the Cyber Security Challenge UK came at the end of a 6 year career in the Royal Marines. Looking for a career change and with zero technical background, the challenge gave me hands on experience into an exciting and challenging industry. Tim Carrington, Masterclass Finalist, European Team, Whitehatters
  • 43. Switzerland October 2015: European Cyber Security Challenge
  • 44. Careers – Find out more Inspired Careers http://www.inspiredcareers.org/browse- careers/cyber-security/
  • 45.
  • 46. jisc.ac.uk Thank you DebbieTunstall Cyber SecurityChallenge dtunstall@Cybersecuritychallenge.org.uk 12/04/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all)
  • 47. “It started with a phish...” Or, how we got USED for Bitcoin Jethro Perkins Information Security Manager, LSE
  • 48. It was 15.52 on a Friday afternoon... • ...and I was due to go on holiday the next day • I was contacted by the (physical) Security Office • Someone thinks they’ve been hacked • “[John], below, claims his computer was hacked when he corresponded with someone purporting to be from LSE. It would seem that the perpetrator was using LSE website/credentials (or is he LSE).”
  • 49. We have a problem... • Victim suspected: – he had fallen for an elaborate scam perpetrated by “Professor Zhai” • (who is in no way a criminal mastermind from a film) – Prof Zhai claimed to the victim he was researching bitcoin exchanges… – …but was really hacking bitcoin exchanges… – …using malware packaged as GoToMeeting binaries… – Downloaded from learningresources.lse.ac.uk
  • 50. Uh oh… • We don’t have a Professor Howard Zhai • But we do have a postgraduate student in another Department with the referenced email address • We don’t use (or distribute) GoToMeeting binaries • What the hell is learningresources.lse.ac.uk? – Is it some fake resource lurking on our network? – Or a cunning redirect to something somewhere else?
  • 51. We’ve been hacked! – Oh, wait... • Is this a scam being run by a postgrad student masquerading as a professor? • Or is it a compromised account being used for nefarious purposes? • (Or is it an evil genius from a film trying to take over the universe?) • We disable the account – Was this a mistake? – Did it alert the attacker? • Is learningresources.lse.ac.uk a real thing? • Turns out it is. How has it been hacked? • Turns out – it hasn’t • Anyone can create an account and upload stuff • This is its function by design • <headdesk>
  • 52. Learningresources.lse.ac.uk • Built long ago for lecturers to be able to upload and share resources • Before formal Project reviews and Solution Design Authorities existed – so no identification of the potential issue in the functionality • Little used, but not decommissioned because “there’s some good stuff on it” • It was patched • We guessed pretty quickly that the upload facility had been abused, but we couldn’t be sure... • So we spent quite a lot of time trying to work out whether someone had root privileges... • ...and if so, then we would have a bigger problem on our hands • At the same time, the attacker realised something was up (the disabled AD account?) and deleted all their stuff from the server – as we were looking at it
  • 53. Learningresources.lse.ac.uk II • In the end, we took all three related servers down for the weekend, just to play it safe • Learningresources was never switched back on again • There was no indication of compromise • They just used learningresources as it was meant to be used (kind of) • We checked the firewall logs for any hint of the attacker going after other targets – It took a long time, as our logs are huge – And our SIEM capabilities are, ahem, *not perfect* • They had been sniffing around other departmental systems – we alerted the administrators
  • 54. What had happened • “It started with a phish...” • Two compromised postgraduate accounts • Were they spear-phished, or were the accounts just bought from a pool? – (interestingly, later, one of the students reset his password to the one that was compromised and his account started sending out spam – indicating maybe the latter)
  • 55. Making a Professor of Economics • Being a Professor of Economics is easy • You need: – a phished account – Learningresources.lse.ac.uk – A nice fake CV you can upload to it • You give the account a name that fits the email account • Then you can email bitcoin exchanges asking for them to participate in your classes • You can direct them to your fake CV on the ambiguously-named learningresources.lse.ac.uk – Authentic, huh? • And chat with your buddy on the other compromised @lse.ac.uk address, for added authenticity • If asked why you’re not on the LSE website, you say you’re new, and it’s only updated in September, ready for the new year
  • 56. Talking to the Bitcoin exchanges • “Professor Zhai” contacted several • Same story each time: • “We pay special attention to the development of digital currencies and Blockchain technology, and we consider that these technologies can have a significant impact on the development of the world economy. Our University is interested in cooperation with people who can share some practical experience in this area.”
  • 57. Next... • For anyone who fell for this, the next stage was: • “We regularly run webinars with directors of major companies, government experts and entertainers. Students and teachers can ask any questions online and discuss burning issues in the field of digital currencies” • This was followed up with a Skype conversation • And then Bitcoin exchanges log into the “lecture” using... • ...You guessed it... • ...the malware hosted on learningresources.lse.ac.uk, masquerading as GoToMeeting
  • 58. Next II • “Professor Zhai” then claims there have been some technical issues, and he’ll get back in contact when these have been resolved • Meanwhile, the malware is hunting around for whatever it is hunting around for, and is talking back to a server in France • He tries to string the exchanges along for as long as possible, to give the attackers a chance to try what they’ve got • Some get a bit angry and give up. • Only one realises the game and has the presence of mind to get in contact with us
  • 59. Mopping up • We contacted all of the Bitcoin exchanges “Professor Zhai” had emailed, in order to let them know it was fake • We hardened the remaining servers that ran the same system as learningresources • No more creating user accounts, logging in and uploading any old thing!
  • 60. What we learned • Authenticity is hard – faking it is easy • A victim who’s willing to help makes all the difference to an investigation • Everything still starts with a phish. All it took were two careless postgraduate students • The attackers took the easiest route in - forgotten legacy services • The scam was elaborate and carefully planned, but... • …the only sophisticated technical aspect was the malware – (and that was probably purchased) – (and we don’t know if it actually worked) • The rest was achieved by a combination of social engineering and opportunism • LSE press releases and “chatty” website information give attackers plenty of “insider information” • …which they relentlessly leverage • Don’t go on holiday

Editor's Notes

  1. V1.0 To change the footer on every slide: 1. On the menu go to Insert > Header and Footer… 2. Select the Footer checkbox and enter the footer text in the accompanying text box 3. Click “Apply to All”
  2. This
  3. It is clear from films and TV that cyber security experts are becoming high-profile and highly valued. From CSI: Cyber to James Bond’s sidekick ‘Q’, cyber security is portrayed as an exciting, innovative and cutting-edge career. This glamorous film image is not that far from real life! Every day there are attacks, from major corporate hacks to the theft of people’s credit cards and personal data. In 2016, cyber-attack victims have ranged from the UK rail network to the campaign team behind Hillary Clinton’s bid to become US President , while over 100 million 02, Twitter, Yahoo, Hotmail and Gmail customers have seen their private data leaked online. Spectre – the first Bond film to really focus on Cyber Security The basics of computer security are not taught in schools or covered in many of university computer science courses even, although there is work underway to address that. But still is it enough? Discuss – in true exam question style…….. are we doing enough as a nation? do we mostly agree with that statement? Yes, but has education moved on? Anyone name that film? Indeed and the script was also hacked from the studio!
  4. The eight annual (ISC2) Global Workforce Survey predicts there will be a shortage of 1.8 million Information Security Professionals by 2022. The lack of well trained professional workforce poses a dire threat to Uk businesses and the pace of technological change (which we all know moves at eye watering speeds also exacerbates the issue
  5. It is an immature profession, the jobs are ill defined and not well understood. They are not the same as the jobs 10 years ago. Careers officers and those advising people making career decisions are only now starting to learn what these jobs are. Things are improving STEM, e-skills and others now have more data. The nature of the jobs is really NOT understood. In particular the fact that they are varied and not purely geeky. We do need people with strong technical skills but we also need people with interpersonal skills who can persuade boards, have the broad knowledge to comprehend the nature of the risks, and understand the human factor. The very best have all these attributes but we work in teams. Professionals will tell you they got jobs by serendipity. This is not the way to get a pipeline of people for the future. In medicine or law the pathways to different jobs are very clear. This is not the case in cyber security. There are a number of doors in but the paths are unclear; Recruiting from a little over half the population. Only 10% are women. There isn’t a cyber security skills male gene, there is no good reason why women are not coming into these jobs. We have to address the cultural issues that have brought about this situation. We are building the data available on our website about jobs and have a special page for women in cyber and examples of female role models. We need our ed system to do more
  6. I took part in a Masterclass event hosted by QinetiQ in November 2015, this then gave me the confidence to take my first professional certification (OSCP), all whilst doing a degree in Computer Science (at the time as a first year, currently in my second year).   This then led onto gaining an internship at MWR Infosec, an opportunity that I would not have had without the contacts I made during the masterclass.    I more recently competed in the European Cyber Security Challenge through CSCUK, the experience itself was brilliant, and gave me another chance to develop my current skills and look at where I need to improve.    Due to all of these opportunities, I'm now in an extremely strong position for future employment, I'm regularly contacted by recruiters in industry who are always impressed by my experience, which is pretty much all down to the challenge.    Put simply, the Cyber Security Challenge has allowed me to have an extremely successful transition to civilian life, and has pretty much set me up for a lifelong career. I am basically now in a position where I'm not even slightly worried about getting work after university (something that not many students can say confidently).