Perimeter Defense when you don't have a perimeter, and how to change the paradigm to protect hosts, and hide from the bad guys. Introduction of the Big Freakin' Haystack project (that, sadly, went nowhere).
The document describes an upcoming cyber security conference presentation on hands-on threat demonstrations. The agenda includes demonstrations of malware installation via a malicious USB drive, capturing usernames and passwords on a rogue open wireless network, hacking into a wireless network protected with WPA2-PSK, and social engineering executives on social media using a fake profile. The speaker is introduced as an experienced cybercrime investigator and security advisor who will demonstrate these attack scenarios live. Attendees are encouraged to learn techniques to defend against these types of attacks.
This document discusses the history and capabilities of the network intrusion detection system SNORT. It provides an overview of SNORT's origins as a weekend project in 1998, its growth with support from the security community, and its commercialization. The document also previews SNORT's open source Razorback project and provides links on SNORT deployment, common web attacks that SNORT can detect like XSS and SQL injection, and penetration testing tools that can be used alongside SNORT.
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
This document discusses vulnerability assessments of security and safeguard devices and programs. It describes how vulnerability assessments have been conducted on over 1,000 different systems and devices. It outlines some key differences between domestic and international nuclear safeguard programs and notes that similar hardware and strategies are sometimes incorrectly used for both applications. It also discusses several common problems with international safeguard programs and outlines attributes of "security theater".
This document summarizes a company that provides surveillance, security, and targeting solutions including thermal imaging cameras and other equipment. It describes their adaptable and high-value system called Wolf Pack that features a modular design allowing configurations for different missions and budgets. The system provides capabilities for perimeter security, evidence recovery, and other applications in a portable design tested for durability. It then provides examples of how Wolf Pack thermal cameras and probes can detect hidden weapons and other contraband during vehicle searches more safely and effectively than traditional methods.
This document summarizes a small veteran-owned company that provides surveillance, security, and targeting solutions to law enforcement, military, and homeland security agencies. It describes the Wolf Pack system which uses portable imaging technology to detect concealed weapons and contraband for various applications like border security, building searches, and tactical operations. The system helps increase officer safety, effectiveness, and efficiency while reducing fatigue compared to traditional search methods.
Total Defense r12 is a multi-layered Internet security solution from CA that protects against malware in a visually refined and easy to manage way. It uses multiple layers of security to protect systems many times over at a surprisingly affordable price. Total Defense simplifies security management with an intuitive dashboard and one-click policy deployment while providing 24/7 support and global security intelligence through the Security Advisor.
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...AgileNetwork
The document discusses various topics related to cyber security including:
1) Types of cyber attacks seen during the COVID-19 pandemic like typo squatting domains and command and control servers.
2) Web application attacks like SQL injection, XSS, and how to prevent them through input filtering, encoding and CORS.
3) Secure development practices like establishing secure coding norms, separating duties, and fixing issues in a time-bound manner.
4) Quantifying cyber risks using techniques like Six Sigma and creating threat models.
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
Rapid changes in the world around us, driven by cloud, mobility and the Internet of Everything, are creating significant opportunities for global organizations. With these environmental changes, the sophistication with which cyber threats and attacks are carried out continues to grow rapidly, and attackers are increasingly able to circumvent traditional security systems. To learn more, please visit our website here: http://www.cisco.com/web/CA/index.html
The document describes an upcoming cyber security conference presentation on hands-on threat demonstrations. The agenda includes demonstrations of malware installation via a malicious USB drive, capturing usernames and passwords on a rogue open wireless network, hacking into a wireless network protected with WPA2-PSK, and social engineering executives on social media using a fake profile. The speaker is introduced as an experienced cybercrime investigator and security advisor who will demonstrate these attack scenarios live. Attendees are encouraged to learn techniques to defend against these types of attacks.
This document discusses the history and capabilities of the network intrusion detection system SNORT. It provides an overview of SNORT's origins as a weekend project in 1998, its growth with support from the security community, and its commercialization. The document also previews SNORT's open source Razorback project and provides links on SNORT deployment, common web attacks that SNORT can detect like XSS and SQL injection, and penetration testing tools that can be used alongside SNORT.
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
This document discusses vulnerability assessments of security and safeguard devices and programs. It describes how vulnerability assessments have been conducted on over 1,000 different systems and devices. It outlines some key differences between domestic and international nuclear safeguard programs and notes that similar hardware and strategies are sometimes incorrectly used for both applications. It also discusses several common problems with international safeguard programs and outlines attributes of "security theater".
This document summarizes a company that provides surveillance, security, and targeting solutions including thermal imaging cameras and other equipment. It describes their adaptable and high-value system called Wolf Pack that features a modular design allowing configurations for different missions and budgets. The system provides capabilities for perimeter security, evidence recovery, and other applications in a portable design tested for durability. It then provides examples of how Wolf Pack thermal cameras and probes can detect hidden weapons and other contraband during vehicle searches more safely and effectively than traditional methods.
This document summarizes a small veteran-owned company that provides surveillance, security, and targeting solutions to law enforcement, military, and homeland security agencies. It describes the Wolf Pack system which uses portable imaging technology to detect concealed weapons and contraband for various applications like border security, building searches, and tactical operations. The system helps increase officer safety, effectiveness, and efficiency while reducing fatigue compared to traditional search methods.
Total Defense r12 is a multi-layered Internet security solution from CA that protects against malware in a visually refined and easy to manage way. It uses multiple layers of security to protect systems many times over at a surprisingly affordable price. Total Defense simplifies security management with an intuitive dashboard and one-click policy deployment while providing 24/7 support and global security intelligence through the Security Advisor.
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...AgileNetwork
The document discusses various topics related to cyber security including:
1) Types of cyber attacks seen during the COVID-19 pandemic like typo squatting domains and command and control servers.
2) Web application attacks like SQL injection, XSS, and how to prevent them through input filtering, encoding and CORS.
3) Secure development practices like establishing secure coding norms, separating duties, and fixing issues in a time-bound manner.
4) Quantifying cyber risks using techniques like Six Sigma and creating threat models.
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
Rapid changes in the world around us, driven by cloud, mobility and the Internet of Everything, are creating significant opportunities for global organizations. With these environmental changes, the sophistication with which cyber threats and attacks are carried out continues to grow rapidly, and attackers are increasingly able to circumvent traditional security systems. To learn more, please visit our website here: http://www.cisco.com/web/CA/index.html
The document discusses how to securely protect internal communication within an organization. It provides examples of how clear text communication, such as instant messages and emails, can expose sensitive information if intercepted. The document then introduces Virtual Security Technology (VST) solutions like virtual security appliances with firewalls and VPN tunnels, public key infrastructure (PKI) services, and secure identity cards to encrypt communication and authentication. These solutions aim to prevent data theft and security breaches that often originate from within organizations.
This document discusses weaknesses in current computer security approaches and proposes a new "Secure Computing Infrastructure" (SCI) approach. It notes that operating systems and applications currently lack basic immune systems to defend against attacks. The SCI would integrate existing components like a separation kernel and Erlang virtual machine to create a more secure fault-tolerant environment. A phased approach is proposed beginning with a feasibility study and moving to proof of concept, field trials, and eventual full implementation. The goal is to develop a foundational security solution that is taught more widely in education.
This document discusses cybersecurity for industrial networks. It introduces Westermo, which provides hardware and software for industrial communications. It outlines the current security threats facing industrial networks, including state-sponsored hacking and disgruntled employees. It then discusses best practices for building a secure network, including perimeter protection, network segmentation, disabling unused ports, port authentication, and network-to-network protection using VPNs. Finally, it describes Westermo's cybersecurity features and tools like WeConfig that help harden devices and networks.
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
Real World Threat Hunting
Security threats have grown from network annoyances to attacks on sensitive infrastructure; penetrating network perimeters, moving laterally within networks, breaching new device types, and cloaking movements. This presentation will share techniques utilized by Cisco to detect and investigate sophisticated, embedded threats.
The speaker, who has conducted monitoring and investigations on customer networks, will review recent real attacks observed on customer networks, from discovery to remediation, and provide lessons learned. These interactive case examples will highlight how to identify these threats using security intelligence, expert staff, and the Cisco OpenSOC platform.
Examples of attacks and illustrations:
* Sophisticated phishing attacks targeted at customer environments.
* Breaches and data exfiltration resulting from the high-profile HeartBleed and Shellshock vulnerabilities.
* Sophisticated malware targeting financial institutions with the goal of data theft.
* Use of full packet capture to identify data exfiltration.
An introductory overview of cybersecurity covering technical and non-technical aspects of cybersecurity.
We define what is cybersecurity, we talk about risks and impacts of a cybersecurity breach and present means to avoid it both in term of regulations (Common criteria, FIPS, ...). We continue with technology and some cryptography and we finish by some fact numbers.
Advanced red teaming all your badges are belong to usPriyanka Aash
The document is a presentation by Eric Smith and Josh Perrymon of LARES on red teaming and advanced RFID attacks. It begins with an introduction to red teaming and how it is used to test security measures. It then provides overviews of RFID technologies, traditional and advanced attacks against access control systems using RFID badges, and recommendations for risk mitigation and remediation. The presenters have extensive experience in security and red teaming and demonstrate attacks such as RFID cloning, privilege escalation, and blended attacks.
Nation state teams pose significant cyber threats through techniques like advanced persistent threats (APTs) and supply chain compromises. The document discusses nation state teams like China's APT1, which have successfully breached many organizations. It recommends developing an adaptive cyber security strategy using principles from military strategy. This includes gaining threat intelligence from various sources to stay updated on threats. Both traditional "defense in depth" and more agile "overlapping fields of defense" approaches are suggested. The document provides an overview of steps to improve security like assessing risks and developing security policies, and recommends specific controls and technologies to implement like secure email gateways, endpoint protection, and network activity monitoring.
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...David Etue
Control Quotient: Adaptive Strategies For Gracefully Losing Control as presented at RSAC US 2013 by @djetue and @joshcorman
The security community has spent years on failed approaches to Return On Investment (ROI) on security offerings and Return On Security Investment (ROSI). It’s failed as it evaluates from the wrong perspective. This session flips ROI on its head, looking from the adversary’s perspective. We’ll introduce an “Adversary ROI” model, and show how it can change how you evaluate cyber security investment.
An in-depth look at Security Operations in the Cloud. Join us as we discuss: Cloud Security, Secure Cloud Topology, Kill Chain and Threat actor motives.
Fortinet is a global network security company that provides network security appliances for carriers, data centers, enterprises and distributed offices. It has over 5,000 employees worldwide, over 340,000 customers, and annual revenue exceeding $1 billion. Fortinet's mission is to deliver innovative and high-performance network security solutions through its security fabric platform to secure and simplify IT infrastructure.
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
This document discusses Cisco's next generation security strategy and solutions. It outlines Cisco's approach of integrating products to provide unified visibility, advanced threat protection, and consistent control across networks, endpoints, cloud, and mobile environments. It highlights key Cisco security technologies like FirePOWER, Advanced Malware Protection (AMP), and Identity Services Engine (ISE) and how they work together to provide defense, detection, and remediation against evolving threats.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai
What is CyberSecurity? Who are the threats? Why is cyber attack happening? How bad is it? How do attackers do it? What can we learn from Star Wars?
This presentations Cyber Attacks, State of CyberSecurity, some guidance for the students interested in getting into the field, and some great resources.
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
Kyle Lai is the President and CTO of KLC Consulting. He has over 20 years of experience in IT and 15 years specializing in security. His career highlights include roles as CISO and DISA Operations Manager for Security Portal. He holds several security certifications and has consulted for many large companies. Lai is also the author of two security tools and administers several LinkedIn security groups.
As presented at ITExpo 2017 and the April Peerlyst Tel-Aviv security Meetup.
Can your company afford to ignore VoIP security? With the number of attacks on your telephone services and mobile devices your chance of being attacked and financial liability is at an all time high. This session offers an introductory primer to securing your VoIP PBX. This talk will include explanations about common attacks, how they can find you, and common techniques you can use to defend your company.
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...Diego Kreutz
This document discusses challenges and opportunities for building identity providers (IdPs) as a service using a cloud-of-clouds approach. It outlines how a multi-cloud architecture can increase resilience and trustworthiness compared to single cloud or data center deployments. Experimental evaluations show the multi-cloud approach improves performance and scalability while reducing costs compared to other options. However, technical challenges remain around efficient wide-area networks, interoperability, and privacy across multiple cloud providers.
A presentation for the Innovation in the Post-Heartbleed session at the 2014 Cyber Summit by Jason Maynard,
Security Consulting Systems Engineer at CISCO.
Jason Christopher, Dragos Principal Cyber Risk Advisor, joins CyberWire for this podcast that discusses the evolution of ICS/OT ransomware, its impacts on the community, and cybersecurity best practices ICS/OT practitioners can implement to combat it. Listen to the full podcast here: https://dragos.com/resource/ransomware-in-an-industrial-world/
In this webcast, we discuss how adopting certain IT security stances, including those using log management and SIEM (Security Information and Event Management) solutions, can help you combat evolving cybersecurity threats and maintain regulatory compliance.
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...Hillel Kobrovski
The document discusses the challenges of securing remote work and access. It outlines an agenda for a seminar on the topic, including presentations on existing technologies and models for secure remote connections, as well as a presentation from the company Safe-T on their Zero Trust implementation. It notes some of the realities of remote access compared to fantasies, such as cost, technical complexity, device compatibility issues, and inability to match network topologies. It discusses the need for endpoint security capabilities and a layered "onion model" approach to security in a boundaryless network where access is needed from any device and any location at any time.
This document summarizes Dan Houser's experiment aging bourbon in bottles at home. Some key points:
1) Houser conducted an experiment aging bourbon in bottles using toasted oak inserts to see if he could achieve the taste of an aged $40-50 bourbon for under $10 per liter with minimal additional investment.
2) The results showed that higher alcohol by volume (ABV) spirits like rye whiskey aged more dramatically than lower ABV bourbons.
3) However, finding high ABV bourbons or moonshine for under $30 per bottle to experiment with was not feasible given legal constraints.
4) While aging in bottles was capable of producing different flavor profiles,
2013 (ISC)² Congress: This Curious Thing Called EthicsDan Houser
The (ISC)² Ethics Committee helped provide this overview of professionalism, ethics, the (ISC)² Code of Ethics and case studies to help explain the ethics complaint & review process. Co-developed with William H. Murray, Graham Jackon & Mano Paul.
More Related Content
Similar to Perimeter Defense in a World Without Walls
The document discusses how to securely protect internal communication within an organization. It provides examples of how clear text communication, such as instant messages and emails, can expose sensitive information if intercepted. The document then introduces Virtual Security Technology (VST) solutions like virtual security appliances with firewalls and VPN tunnels, public key infrastructure (PKI) services, and secure identity cards to encrypt communication and authentication. These solutions aim to prevent data theft and security breaches that often originate from within organizations.
This document discusses weaknesses in current computer security approaches and proposes a new "Secure Computing Infrastructure" (SCI) approach. It notes that operating systems and applications currently lack basic immune systems to defend against attacks. The SCI would integrate existing components like a separation kernel and Erlang virtual machine to create a more secure fault-tolerant environment. A phased approach is proposed beginning with a feasibility study and moving to proof of concept, field trials, and eventual full implementation. The goal is to develop a foundational security solution that is taught more widely in education.
This document discusses cybersecurity for industrial networks. It introduces Westermo, which provides hardware and software for industrial communications. It outlines the current security threats facing industrial networks, including state-sponsored hacking and disgruntled employees. It then discusses best practices for building a secure network, including perimeter protection, network segmentation, disabling unused ports, port authentication, and network-to-network protection using VPNs. Finally, it describes Westermo's cybersecurity features and tools like WeConfig that help harden devices and networks.
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
Real World Threat Hunting
Security threats have grown from network annoyances to attacks on sensitive infrastructure; penetrating network perimeters, moving laterally within networks, breaching new device types, and cloaking movements. This presentation will share techniques utilized by Cisco to detect and investigate sophisticated, embedded threats.
The speaker, who has conducted monitoring and investigations on customer networks, will review recent real attacks observed on customer networks, from discovery to remediation, and provide lessons learned. These interactive case examples will highlight how to identify these threats using security intelligence, expert staff, and the Cisco OpenSOC platform.
Examples of attacks and illustrations:
* Sophisticated phishing attacks targeted at customer environments.
* Breaches and data exfiltration resulting from the high-profile HeartBleed and Shellshock vulnerabilities.
* Sophisticated malware targeting financial institutions with the goal of data theft.
* Use of full packet capture to identify data exfiltration.
An introductory overview of cybersecurity covering technical and non-technical aspects of cybersecurity.
We define what is cybersecurity, we talk about risks and impacts of a cybersecurity breach and present means to avoid it both in term of regulations (Common criteria, FIPS, ...). We continue with technology and some cryptography and we finish by some fact numbers.
Advanced red teaming all your badges are belong to usPriyanka Aash
The document is a presentation by Eric Smith and Josh Perrymon of LARES on red teaming and advanced RFID attacks. It begins with an introduction to red teaming and how it is used to test security measures. It then provides overviews of RFID technologies, traditional and advanced attacks against access control systems using RFID badges, and recommendations for risk mitigation and remediation. The presenters have extensive experience in security and red teaming and demonstrate attacks such as RFID cloning, privilege escalation, and blended attacks.
Nation state teams pose significant cyber threats through techniques like advanced persistent threats (APTs) and supply chain compromises. The document discusses nation state teams like China's APT1, which have successfully breached many organizations. It recommends developing an adaptive cyber security strategy using principles from military strategy. This includes gaining threat intelligence from various sources to stay updated on threats. Both traditional "defense in depth" and more agile "overlapping fields of defense" approaches are suggested. The document provides an overview of steps to improve security like assessing risks and developing security policies, and recommends specific controls and technologies to implement like secure email gateways, endpoint protection, and network activity monitoring.
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...David Etue
Control Quotient: Adaptive Strategies For Gracefully Losing Control as presented at RSAC US 2013 by @djetue and @joshcorman
The security community has spent years on failed approaches to Return On Investment (ROI) on security offerings and Return On Security Investment (ROSI). It’s failed as it evaluates from the wrong perspective. This session flips ROI on its head, looking from the adversary’s perspective. We’ll introduce an “Adversary ROI” model, and show how it can change how you evaluate cyber security investment.
An in-depth look at Security Operations in the Cloud. Join us as we discuss: Cloud Security, Secure Cloud Topology, Kill Chain and Threat actor motives.
Fortinet is a global network security company that provides network security appliances for carriers, data centers, enterprises and distributed offices. It has over 5,000 employees worldwide, over 340,000 customers, and annual revenue exceeding $1 billion. Fortinet's mission is to deliver innovative and high-performance network security solutions through its security fabric platform to secure and simplify IT infrastructure.
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
This document discusses Cisco's next generation security strategy and solutions. It outlines Cisco's approach of integrating products to provide unified visibility, advanced threat protection, and consistent control across networks, endpoints, cloud, and mobile environments. It highlights key Cisco security technologies like FirePOWER, Advanced Malware Protection (AMP), and Identity Services Engine (ISE) and how they work together to provide defense, detection, and remediation against evolving threats.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai
What is CyberSecurity? Who are the threats? Why is cyber attack happening? How bad is it? How do attackers do it? What can we learn from Star Wars?
This presentations Cyber Attacks, State of CyberSecurity, some guidance for the students interested in getting into the field, and some great resources.
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
Kyle Lai is the President and CTO of KLC Consulting. He has over 20 years of experience in IT and 15 years specializing in security. His career highlights include roles as CISO and DISA Operations Manager for Security Portal. He holds several security certifications and has consulted for many large companies. Lai is also the author of two security tools and administers several LinkedIn security groups.
As presented at ITExpo 2017 and the April Peerlyst Tel-Aviv security Meetup.
Can your company afford to ignore VoIP security? With the number of attacks on your telephone services and mobile devices your chance of being attacked and financial liability is at an all time high. This session offers an introductory primer to securing your VoIP PBX. This talk will include explanations about common attacks, how they can find you, and common techniques you can use to defend your company.
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...Diego Kreutz
This document discusses challenges and opportunities for building identity providers (IdPs) as a service using a cloud-of-clouds approach. It outlines how a multi-cloud architecture can increase resilience and trustworthiness compared to single cloud or data center deployments. Experimental evaluations show the multi-cloud approach improves performance and scalability while reducing costs compared to other options. However, technical challenges remain around efficient wide-area networks, interoperability, and privacy across multiple cloud providers.
A presentation for the Innovation in the Post-Heartbleed session at the 2014 Cyber Summit by Jason Maynard,
Security Consulting Systems Engineer at CISCO.
Jason Christopher, Dragos Principal Cyber Risk Advisor, joins CyberWire for this podcast that discusses the evolution of ICS/OT ransomware, its impacts on the community, and cybersecurity best practices ICS/OT practitioners can implement to combat it. Listen to the full podcast here: https://dragos.com/resource/ransomware-in-an-industrial-world/
In this webcast, we discuss how adopting certain IT security stances, including those using log management and SIEM (Security Information and Event Management) solutions, can help you combat evolving cybersecurity threats and maintain regulatory compliance.
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...Hillel Kobrovski
The document discusses the challenges of securing remote work and access. It outlines an agenda for a seminar on the topic, including presentations on existing technologies and models for secure remote connections, as well as a presentation from the company Safe-T on their Zero Trust implementation. It notes some of the realities of remote access compared to fantasies, such as cost, technical complexity, device compatibility issues, and inability to match network topologies. It discusses the need for endpoint security capabilities and a layered "onion model" approach to security in a boundaryless network where access is needed from any device and any location at any time.
Similar to Perimeter Defense in a World Without Walls (20)
This document summarizes Dan Houser's experiment aging bourbon in bottles at home. Some key points:
1) Houser conducted an experiment aging bourbon in bottles using toasted oak inserts to see if he could achieve the taste of an aged $40-50 bourbon for under $10 per liter with minimal additional investment.
2) The results showed that higher alcohol by volume (ABV) spirits like rye whiskey aged more dramatically than lower ABV bourbons.
3) However, finding high ABV bourbons or moonshine for under $30 per bottle to experiment with was not feasible given legal constraints.
4) While aging in bottles was capable of producing different flavor profiles,
2013 (ISC)² Congress: This Curious Thing Called EthicsDan Houser
The (ISC)² Ethics Committee helped provide this overview of professionalism, ethics, the (ISC)² Code of Ethics and case studies to help explain the ethics complaint & review process. Co-developed with William H. Murray, Graham Jackon & Mano Paul.
RSA2008: What Vendors Won’t Tell You About Federated IdentityDan Houser
Federated Identity overview, including the little known traps and issues with implementing federated identity for SSO using SAML. Lessons learned, build vs. buy, support, SLAs, and legal issues. Jointly developed with Bob West.
The Challenges & Risks of New Technology: Privacy Law & PolicyDan Houser
This document summarizes key challenges and risks related to new technologies, including privacy issues, interesting case law, and regulatory changes. It discusses invasive technologies like RFID and smart dust that could threaten privacy. Two Supreme Court cases related to thermal imaging of homes and email wiretapping are analyzed. The document emphasizes that privacy must be protected and quotes Benjamin Franklin's warnings about trading liberty for security. The presenter provides an overview of their background and security work before opening for questions.
Risk Based Planning for Mission ContinuityDan Houser
Introduction to Continuity Management & Risk Based Continuity Planning. Risk-based approach to provide mission-critical BCP. Models are provided to conduct quantitative & qualitative analytics, prioritize activity and integrate continuity planning into risk management activities.
Security Capability Model - InfoSec Forum VIIIDan Houser
A security capability model for evaluation of risk based on mapping controls based on attack vectors, using the OSI 7-layer model plus 4 categories outside OSI, as well as the four disciplines of Security Management. This creates a matrix that permits scoring of capabilities by discipline and control layer.
Certifications and Career Development for Security ProfessionalsDan Houser
Joint presentation by Kevin Flanagan & Dan Houser, RSA 2008. Overview of career development, professional security/risk certifications, and how to develop and drive your career plan.
The document discusses considerations for surviving an identity and access management (IAM) audit. It provides recommendations in four key areas:
1. Understand the different types of audits for IAM - compliance, corporate controls, internal IAM audits, and addressing IAM issues in other audits. Prepare for each by understanding requirements and risks.
2. Recognize how auditors think in terms of preventative, detective and corrective controls, and how they need to collect evidence that controls are properly designed and operating as intended.
3. Be prepared to address specific IAM topics like access approval processes, as well as broader issues like logical security, change management, availability and disaster recovery that relate
This paper shines a spotlight risk management, particularly on the dogma and BS in security "best practice", and utilizes primary research in password strength and compromise as a case study to blow the lid off password mythology.
Humorous and insightful look at breaking into security conferences by conquering the CFP. Uses Hacking Exposed methodology for targeting, prioritizing and mounting your "attack" on the CFP, and steps for strong execution as a speaker.
Case Study: Securing & Tokenizing Big DataDan Houser
Case study of massive Hadoop deployment by Cardinal Health to achieve both strong security & substantive analytical utility.
This was distributed publicly in 2014 in Krakow, Poland, and at multiple big data conferences 2014-2015. This is being hosted on SlideShare for posterity.
Crypto in the Real World: or How to Scare an IT AuditorDan Houser
Real world cryptography & theoretical cryptography are not the same. Bad ciphers, weak keys, cleartext keys, bad SSL, TLS, SSH permutations, and snake-oil crypto can undermine all your hard security work. This presentation provides real-world examples of broken crypto, and how to detect bad crypto, in the real world.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
2. 2
OverviewOverview
Classic firewall perspectiveClassic firewall perspective
Where firewalls fall shortWhere firewalls fall short
Changes in the security spaceChanges in the security space
Suggestions for improving network securitySuggestions for improving network security
Strategic visionStrategic vision
Tactical focusTactical focus
Q&AQ&A
This presentation is designed to be the visit through theThis presentation is designed to be the visit through the
looking glass… Thinking about perimeter security with alooking glass… Thinking about perimeter security with a
different perspective.different perspective.
3. 3
Fortress mentalityFortress mentality
NetworkNetwork
implementation ofimplementation of
physical barriersphysical barriers
Designed withDesigned with
overlapping, visible,overlapping, visible,
impenetrableimpenetrable
barriersbarriers
Classic perimeter securityClassic perimeter security
Atlantic Wall
5. 5
Assumptions of theAssumptions of the
classic perimeter security modelclassic perimeter security model
Attackers are outside trying toAttackers are outside trying to
break inbreak in
Attackers cannot breach the wallAttackers cannot breach the wall
Attackers are identified by guardsAttackers are identified by guards
Guards are loyalGuards are loyal
All contact comes through singleAll contact comes through single
pathpath
Unfortunately, these are all wrong.Unfortunately, these are all wrong.
6. 6
RealityReality
Most attackers are insideMost attackers are inside
Attackers can breach the wallAttackers can breach the wall
Guards can’t identify allGuards can’t identify all
attackersattackers
Guards can be subvertedGuards can be subverted
Communication over MANYCommunication over MANY
pathspaths
7. 7
Reality: Many communication pathsReality: Many communication paths
Business partners
Affiliates Subsidiaries
Telecommuters
On-site Consultants Support Technicians
Off-site Consultants
??
??
??
Spybots
Spyware / Adware
Spyware / Adware
8. 8
Red Queen raceRed Queen race
““You have to run faster and faster just to stayYou have to run faster and faster just to stay
in the same place!”in the same place!”
–– The Red Queen,The Red Queen, Alice in WonderlandAlice in Wonderland
Image courtesy www.rushlimbaugh.com
10. 10
Web Services Security is changing the rules:Web Services Security is changing the rules:
Outsourced authentication (federated)Outsourced authentication (federated)
Extranet access to core systemsExtranet access to core systems
RPC calls over HTTP using XML & SOAPRPC calls over HTTP using XML & SOAP
Offshore services, data processingOffshore services, data processing
Highly connected networksHighly connected networks
Very tight business integrationVery tight business integration
In short,In short, there is no network perimeterthere is no network perimeter
Red Queen raceRed Queen race
11. 11
New paradigms are neededNew paradigms are needed
We must migrate from ground-basedWe must migrate from ground-based
warfare to a model that fits informationwarfare to a model that fits information
warfarewarfare
““He who does not learn from history is doomedHe who does not learn from history is doomed
to repeat it.”to repeat it.”
The Maginot Line was bypassedThe Maginot Line was bypassed
The Atlantic Wall was pierced and defeatedThe Atlantic Wall was pierced and defeated
The Great Wall provided only partial protectionThe Great Wall provided only partial protection
The Alamo fell to a massive attackThe Alamo fell to a massive attack
12. 12
New paradigm: Submarine warfareNew paradigm: Submarine warfare
In submarine warfare…In submarine warfare…
Everyone is an enemy until proven otherwiseEveryone is an enemy until proven otherwise
All contacts are tracked and loggedAll contacts are tracked and logged
Hardened autonomous systemsHardened autonomous systems
Rules of engagement govern all responseRules of engagement govern all response
Constant vigilanceConstant vigilance
Identify Friend or Foe (IFF) becomes vitalIdentify Friend or Foe (IFF) becomes vital
Hunter-killer units vital to protect strategic investmentsHunter-killer units vital to protect strategic investments
– offensive as well as defensive players– offensive as well as defensive players
Environment “listeners” for ASW and trackingEnvironment “listeners” for ASW and tracking
Evade detection, hound and confuse the enemyEvade detection, hound and confuse the enemy
13. 13
Harden all devices, not just DMZHarden all devices, not just DMZ
Use of hardened kernels forUse of hardened kernels for allall serversservers
Harden all systems and run minimal servicesHarden all systems and run minimal services
Minimal installations on desktopsMinimal installations on desktops
Dumb terminals where availableDumb terminals where available
Provide Office tools to knowledge workers onlyProvide Office tools to knowledge workers only
Strip unneeded capabilities from kiosksStrip unneeded capabilities from kiosks
Remove the ability to install softwareRemove the ability to install software
Analyze traffic, not just headersAnalyze traffic, not just headers
Application-based firewallsApplication-based firewalls
XML FilteringXML Filtering
How does Submarine Warfare translateHow does Submarine Warfare translate
into InfoWarfare?into InfoWarfare?
14. 14
How does Submarine Warfare translateHow does Submarine Warfare translate
into InfoWarfare?into InfoWarfare?
Segregate boot camp from the theatre of operationsSegregate boot camp from the theatre of operations
VLAN development, test, DR & productionVLAN development, test, DR & production
Make change control yourMake change control your code firewallcode firewall
Only change control spans 2 security zonesOnly change control spans 2 security zones
Production support segregated from source codeProduction support segregated from source code
Endpoint compliance / Walled GardenEndpoint compliance / Walled Garden
Core network becomes the DMZCore network becomes the DMZ
SinceSince most attacks are from withinmost attacks are from within , make, make
cubicles a DMZcubicles a DMZ
Create hardened subnets for accounting, HR, IT,Create hardened subnets for accounting, HR, IT,
operationsoperations
Publish intranets in the DMZPublish intranets in the DMZ
15. 15Source: InformationSecurity Magazine, “Network Security: Submarine Warfare”, Dan Houser, 2003, http://tinyurl.com/nwk7
`
Network segmentation:
Crunchy on the outside and the middle
16. 16
Heavy use of crypto for IFF functionsHeavy use of crypto for IFF functions
Accelerators & HSM will be key technologiesAccelerators & HSM will be key technologies
Require all packets to be signed (e.g. Kerberos)Require all packets to be signed (e.g. Kerberos)
Certificate revocation for intrusion preventionCertificate revocation for intrusion prevention
Network PKI becomes mission critical at layer 2Network PKI becomes mission critical at layer 2
Emerging products for Layer2 auth – TNT/EndforceEmerging products for Layer2 auth – TNT/Endforce
Network IDS is keyNetwork IDS is key
Analyzing packets for IFF analysis, heuristicsAnalyzing packets for IFF analysis, heuristics
ISP pre-filtered IDSISP pre-filtered IDS
Analog threat taggingAnalog threat tagging
Identifying and tracking intrudersIdentifying and tracking intruders
Isolating subnets with hostile trafficIsolating subnets with hostile traffic
Revoke certificates for hostile serversRevoke certificates for hostile servers
Vectoring CIRTVectoring CIRT
How does Submarine Warfare translateHow does Submarine Warfare translate
into InfoWarfare?into InfoWarfare?
17. 17
Tiger teams and internal search & seizureTiger teams and internal search & seizure
Businesses can’t afford rogue serversBusinesses can’t afford rogue servers
Zero tolerance policy for hackingZero tolerance policy for hacking
Ethical hackers, capture the flag & war games: A&PEthical hackers, capture the flag & war games: A&P
Vulnerability assessment teamsVulnerability assessment teams
Drill and war gamesDrill and war games
Red teams – capture the flagRed teams – capture the flag
Blue teams – learn from red teams, patchBlue teams – learn from red teams, patch
vulnerabilitiesvulnerabilities
Highly trained staff becomes coreHighly trained staff becomes core
competencycompetency
TrainingTraining
EducationEducation
Employee retentionEmployee retention
How does Submarine Warfare translateHow does Submarine Warfare translate
into InfoWarfare?into InfoWarfare?
18. 18
"All warfare is based on deception.". -Sun Tzu"All warfare is based on deception.". -Sun Tzu
Confuse and harass attackers…Confuse and harass attackers…
Make your real servers look bogusMake your real servers look bogus
Save all .ASP code as .CGI files, perl as .ASPSave all .ASP code as .CGI files, perl as .ASP
Configure responses from Apache that mimic IISConfigure responses from Apache that mimic IIS
Open dummy NetBIOS ports on Unix serversOpen dummy NetBIOS ports on Unix servers
Use unpredictable ports: run SSH on 19384Use unpredictable ports: run SSH on 19384
Call your database server “Firewall”Call your database server “Firewall”
Route bogus traffic to IDS networkRoute bogus traffic to IDS network
How does Submarine Warfare translateHow does Submarine Warfare translate
into InfoWarfare?into InfoWarfare?
19. 19
Further deception techniquesFurther deception techniques
Perception managementPerception management
Low profile facilitiesLow profile facilities
Red Herring accountsRed Herring accounts
Minimalistic error messages (or fake error messages)Minimalistic error messages (or fake error messages)
Temporary blindness – ignoring misbehaving nodesTemporary blindness – ignoring misbehaving nodes
Deceptive websites: false configs & backdoorsDeceptive websites: false configs & backdoors
See Fred Cohen’s Site: www.all.netSee Fred Cohen’s Site: www.all.net
How does Submarine Warfare translateHow does Submarine Warfare translate
into InfoWarfare?into InfoWarfare?
21. 21
Old school attackOld school attack
Lone interloper targets major firmLone interloper targets major firm
Studies publicly available informationStudies publicly available information
Hangs out at local pub, befriends sales teamHangs out at local pub, befriends sales team
Dumpster dives to obtain manuals, phone listsDumpster dives to obtain manuals, phone lists
Uses war-dialer to find modems & remote hostsUses war-dialer to find modems & remote hosts
Uses social engineering to obtain passwordsUses social engineering to obtain passwords
Dials up hosts, logs in, mayhem & mischiefDials up hosts, logs in, mayhem & mischief
22. 22
““Modern” attackModern” attack
Lone interloper targets IP rangeLone interloper targets IP range
Downloads script kiddy toolsDownloads script kiddy tools
Scans IP range looking for vulnerable hostsScans IP range looking for vulnerable hosts
Port scans hosts looking for exploitablePort scans hosts looking for exploitable
servicesservices
Uses exploit tool, mayhem & mischiefUses exploit tool, mayhem & mischief
Target selection now a target of opportunity…Target selection now a target of opportunity…
indiscriminate attackindiscriminate attack
23. 23
Worms hit 10,000 networks atWorms hit 10,000 networks at
once…once…
Photo Courtesy The Weather Channel
24. 24
What we need is early warningWhat we need is early warning
Photo Courtesy NASA
25. 25
Hide in the open: Honeyd + arpdHide in the open: Honeyd + arpd
Low-interaction virtual honeypotLow-interaction virtual honeypot
honeyd with arpd creates virtual networkhoneyd with arpd creates virtual network
Create server that emulates address range: 10.x.x.x,Create server that emulates address range: 10.x.x.x,
192.168.x.x, public IP range192.168.x.x, public IP range
Listen on all portsListen on all ports
Emulate good hosts: MS-Exchange, Solaris/Oracle,Emulate good hosts: MS-Exchange, Solaris/Oracle,
MS-SQL, RedHat/Apache/Tomcat, WinXP ProMS-SQL, RedHat/Apache/Tomcat, WinXP Pro
Emulate bad boxes: botnet servers, Warez server,Emulate bad boxes: botnet servers, Warez server,
trojaned workstations, Win95 workstation, backdoortrojaned workstations, Win95 workstation, backdoor
26. 26
Convert unused address space into decoyConvert unused address space into decoy
tripwire nets - 16,320,000 decoys to 200 "real"tripwire nets - 16,320,000 decoys to 200 "real"
serversservers
Stop swallowing packets: route unreachable hosts toStop swallowing packets: route unreachable hosts to
the virtual honeynetthe virtual honeynet
190,000 decoys per “real” server = 99.9995%190,000 decoys per “real” server = 99.9995%
detectiondetection
Any hits are malicious – route to IDS / IPSAny hits are malicious – route to IDS / IPS
Research attack profile.Research attack profile.
Block attackers for 1 hour, 2 hours, 24 hours, 1 week.Block attackers for 1 hour, 2 hours, 24 hours, 1 week.
You’ve gained breathing room to respond to realYou’ve gained breathing room to respond to real
attacksattacks
Hide in the open: Honeyd + arpdHide in the open: Honeyd + arpd
29. 29
The fun has just begun…The fun has just begun…
LaBrea: SYN/ACK, TCP Window size = 0 (wait)LaBrea: SYN/ACK, TCP Window size = 0 (wait)
Load LaBrea to freeze a scan, run onLoad LaBrea to freeze a scan, run on randomrandom
portport
Freezes Windows-based scanners up to 4 minutesFreezes Windows-based scanners up to 4 minutes
Scanning 10,000 hosts takesScanning 10,000 hosts takes 27 days27 days..
Detecting 100 unpublished hosts in Class A wouldDetecting 100 unpublished hosts in Class A would
take approximately 112 yearstake approximately 112 years
Disclaimer:Disclaimer:
This may be illegal in your municipality. I am not a lawyer. Talk to one.This may be illegal in your municipality. I am not a lawyer. Talk to one.
30. 30
Storm Surge ModeStorm Surge Mode : active re-configuration: active re-configuration
Suppose your “standard” BFH net emulates:Suppose your “standard” BFH net emulates:
25%25% Apache/Tomcat on RedHat 7Apache/Tomcat on RedHat 7
25%25% Microsoft SQL on Win2003 ServerMicrosoft SQL on Win2003 Server
25%25% Lotus Notes/Domino on Win2k ServerLotus Notes/Domino on Win2k Server
25%25% Oracle 9i on SolarisOracle 9i on Solaris
IDS telemetry reports spike in Win2k attacksIDS telemetry reports spike in Win2k attacks
BFH configuration changes:BFH configuration changes:
30%30% Microsoft SQL on Win2k ServerMicrosoft SQL on Win2k Server
30%30% Exchange on Win2k ServerExchange on Win2k Server
30%30% IIS on Win2k ServerIIS on Win2k Server
10%10% Allocated among 30 other server/workstation imagesAllocated among 30 other server/workstation images
The fun has just begun…The fun has just begun…
31. 31
Virtual honeynets: Make legitimate servers look likeVirtual honeynets: Make legitimate servers look like
bogus servers.bogus servers.
Make all servers (fake & real) look identicalMake all servers (fake & real) look identical
BFH in your internal networkBFH in your internal network
Malware outbreaks see your network with 16 million hostsMalware outbreaks see your network with 16 million hosts
Ability to detect worms while slowing spread by 600xAbility to detect worms while slowing spread by 600x
If all Class A, B & C networks ran BFH:If all Class A, B & C networks ran BFH:
Emulation of 12,493,209,429,306 bogus hostsEmulation of 12,493,209,429,306 bogus hosts
Port scans & profiling a thing of the pastPort scans & profiling a thing of the past
Worms and script kiddies would be economicallyWorms and script kiddies would be economically
infeasible.infeasible.
The fun has just begun…The fun has just begun…
32. 32
Where toWhere to
get started?get started?
SwitchingSwitching
models willmodels will
take time…take time…
What do we doWhat do we do
in thein the
interim?interim?
33. 33
Turning the tide: Resilient systemsTurning the tide: Resilient systems
Server & desktop hardened imagesServer & desktop hardened images
Security templates – lock down desktopsSecurity templates – lock down desktops
Server-based authentication – PKIServer-based authentication – PKI
Host-based intrusion detectionHost-based intrusion detection
Centralized loggingCentralized logging
Out-of-band server managementOut-of-band server management
Honeypots / honeynets / tarpitsHoneypots / honeynets / tarpits
Camouflage and deception in DMZCamouflage and deception in DMZ
Consider Layer 2 validation / Walled GardenConsider Layer 2 validation / Walled Garden
34. 34
Turning the tide: PeopleTurning the tide: People
Security is a people problem, not a technical problemSecurity is a people problem, not a technical problem
Hire and train smart, security-minded people to run yourHire and train smart, security-minded people to run your
networks and serversnetworks and servers
Reward security:Reward security:
Establish benchmarks & vulnerability metricsEstablish benchmarks & vulnerability metrics
Create confidentiality & integrity metrics & SLAsCreate confidentiality & integrity metrics & SLAs
Audit against the benchmarksAudit against the benchmarks
Include security as major salary/bonus modifierInclude security as major salary/bonus modifier
Job descriptions must incorporate security objectivesJob descriptions must incorporate security objectives
Train developers, architects & BAs on how to developTrain developers, architects & BAs on how to develop
secure systemssecure systems
Equate security breaches & cracking tools like weaponsEquate security breaches & cracking tools like weapons
or drugs in the workplace – a “zero tolerance” policy?or drugs in the workplace – a “zero tolerance” policy?
35. 35
Turning the tide: ProcessTurning the tide: Process
Assess risk & vulnerability: BIAAssess risk & vulnerability: BIA
Include security in feature sets & requirementsInclude security in feature sets & requirements
Segregation of Developers, Testers & Production,Segregation of Developers, Testers & Production,
and particularly Prod Support from source codeand particularly Prod Support from source code
Change management & access rightsChange management & access rights
Certification & AccreditationCertification & Accreditation
Engage security team in charter & proposal phaseEngage security team in charter & proposal phase
Bake security into the systems lifecycleBake security into the systems lifecycle
Require sponsor risk acceptance & authorizationRequire sponsor risk acceptance & authorization
Embed accreditation into change controlEmbed accreditation into change control
Include security in contract review and ROIInclude security in contract review and ROI
Configuration ManagementConfiguration Management →→ security patch listssecurity patch lists
36. 36
SummarySummary
Use firewalls, but as one of many toolsUse firewalls, but as one of many tools
Start network security with people,Start network security with people,
process and host securityprocess and host security
Think outside the box when developingThink outside the box when developing
security architecturessecurity architectures
Be prepared to dump your perimeterBe prepared to dump your perimeter
Focus on malleable networkingFocus on malleable networking
Protect assets according to their valueProtect assets according to their value
38. 38
Contact informationContact information
Dan Houser, CISSP, CISM, ISSAPDan Houser, CISSP, CISM, ISSAP
dan.houser@gmail.comdan.houser@gmail.com
See Submarine Warfare article:See Submarine Warfare article:
http://tinyurl.com/nwk7http://tinyurl.com/nwk7
This slide available on my (lame) homepage:This slide available on my (lame) homepage:
http://web.infosec-forum.org/Members/ddhouserhttp://web.infosec-forum.org/Members/ddhouser