VIPER Labs - VOIP Security - SANS SummitShah Sheikh
The document discusses penetration testing of VoIP networks. It describes a VoIP security research lab that investigates attack vectors against VoIP systems. When conducting internal VoIP assessments, the objectives are to understand the call requirements, VLAN configuration, and gain access to the voice VLAN to test for vulnerabilities. Sniffing tools can reveal the voice VLAN ID and credentials. VLAN hopping poses a risk if an attacker can access the voice VLAN from their PC. A case study found an attacker was able to hop VLANs in a hotel network and potentially monitor other guests' phone calls due to poor network segmentation. Proper firewalling of voice networks and limiting remote access to voice VLANs are important lessons learned.
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
This document discusses NextNine's centralized OT security management solution for distributed ICS/SCADA environments. It provides an overview of NextNine's experience in industrial cybersecurity, describes some notable industrial cyber attacks that have occurred, and outlines the challenges of securing multi-site ICS/SCADA environments. The document also presents NextNine's solution for centralized OT security management across distributed systems through a virtual security engine and security center.
Does your system run the risk of being attacked?
There is an increasing risk world-wide of sophisticated cyber-attacks being targeted towards critical infrastructure. A successful attack on these networks could have a substantial impact on our society, causing great economic loss or worse. Regardless of if you are upgrading an existing network or building a new one, the security of it should be a major consideration.
Micro-segmentation is a combination of firewalls, subnetting, and using VPNs to create an extremely secure network by locking down each individual device. A system which has implemented micro-segmentation enjoy benefits such as maintaining application security, reduce the attack surface and complying with regulations.
Solving the Visibility Gap for Effective SecurityLancope, Inc.
Network visibility is a vital component of an effective security strategy, but many organizations lack the ability to identify threat activity in their environment. At Cisco, we have assessed the networks of thousands of organizations, and in nearly every instance, we discovered undocumented hosts, risky user behavior, or malicious activity.
Whether it is rogue servers, unauthorized connections, or ongoing data breaches, we’ve harnessed the power of network visibility to identify a variety of suspicious and malicious activity. Now let us share our knowledge with you.
Join Jeff Moncrief, Systems Engineering Manager at Cisco, to learn:
- The reality of how vulnerable enterprise networks are from endpoint to edge
- The security benefits of end-to-end network visibility
- Common problems solved with network visibility
- Stories of real-life threats hidden on networks we’ve assessed
- How to turn your network into a security sensor to gain critical visibility and threat detection capabilities
Isf 2015 continuous diagnostics monitoring may 2015abhi75
Northrop Grumman presented on applying continuous monitoring and cyber best practices to the Texas Cybersecurity Framework. They discussed features of a proposed dynamic cyber dashboard for Texas that would provide interactive visual analytics on security controls, vulnerabilities, threats and compliance. The dashboard would use advanced analytics, predictive modeling and a quality of protection metric to continuously measure cyber risk.
Palo alto networks next generation firewallsCastleforce
The document summarizes Palo Alto Networks next-generation firewalls which can identify applications, users, and content to provide visibility and granular control. This helps address challenges of uncontrolled use of internet applications in enterprises. The firewalls can see through ports and protocols to classify over 900 applications using techniques like App-ID, User-ID, and Content-ID. This gives IT unprecedented control over network activities.
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...sequi_inc
This document discusses industrial control systems (ICS) and legacy protocols used in ICS. It describes characteristics of ICS including long operational lifespans, use of both routable and legacy protocols, and vulnerabilities in legacy protocols like DNP3 and Modbus that lack authentication. Common attacks on ICS like man-in-the-middle attacks are also outlined. The document proposes that IEEE 1711-2010 can help secure legacy protocols by adding encryption and authentication without requiring changes to existing ICS software or equipment. It provides an overview of how a hardware device could implement IEEE 1711-2010 to retrofit security onto existing ICS networks using legacy protocols.
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
The document discusses penetration testing of VoIP networks. It describes a VoIP security research lab that investigates attack vectors against VoIP systems. When conducting internal VoIP assessments, the objectives are to understand the call requirements, VLAN configuration, and gain access to the voice VLAN to test for vulnerabilities. Sniffing tools can reveal the voice VLAN ID and credentials. VLAN hopping poses a risk if an attacker can access the voice VLAN from their PC. A case study found an attacker was able to hop VLANs in a hotel network and potentially monitor other guests' phone calls due to poor network segmentation. Proper firewalling of voice networks and limiting remote access to voice VLANs are important lessons learned.
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
This document discusses NextNine's centralized OT security management solution for distributed ICS/SCADA environments. It provides an overview of NextNine's experience in industrial cybersecurity, describes some notable industrial cyber attacks that have occurred, and outlines the challenges of securing multi-site ICS/SCADA environments. The document also presents NextNine's solution for centralized OT security management across distributed systems through a virtual security engine and security center.
Does your system run the risk of being attacked?
There is an increasing risk world-wide of sophisticated cyber-attacks being targeted towards critical infrastructure. A successful attack on these networks could have a substantial impact on our society, causing great economic loss or worse. Regardless of if you are upgrading an existing network or building a new one, the security of it should be a major consideration.
Micro-segmentation is a combination of firewalls, subnetting, and using VPNs to create an extremely secure network by locking down each individual device. A system which has implemented micro-segmentation enjoy benefits such as maintaining application security, reduce the attack surface and complying with regulations.
Solving the Visibility Gap for Effective SecurityLancope, Inc.
Network visibility is a vital component of an effective security strategy, but many organizations lack the ability to identify threat activity in their environment. At Cisco, we have assessed the networks of thousands of organizations, and in nearly every instance, we discovered undocumented hosts, risky user behavior, or malicious activity.
Whether it is rogue servers, unauthorized connections, or ongoing data breaches, we’ve harnessed the power of network visibility to identify a variety of suspicious and malicious activity. Now let us share our knowledge with you.
Join Jeff Moncrief, Systems Engineering Manager at Cisco, to learn:
- The reality of how vulnerable enterprise networks are from endpoint to edge
- The security benefits of end-to-end network visibility
- Common problems solved with network visibility
- Stories of real-life threats hidden on networks we’ve assessed
- How to turn your network into a security sensor to gain critical visibility and threat detection capabilities
Isf 2015 continuous diagnostics monitoring may 2015abhi75
Northrop Grumman presented on applying continuous monitoring and cyber best practices to the Texas Cybersecurity Framework. They discussed features of a proposed dynamic cyber dashboard for Texas that would provide interactive visual analytics on security controls, vulnerabilities, threats and compliance. The dashboard would use advanced analytics, predictive modeling and a quality of protection metric to continuously measure cyber risk.
Palo alto networks next generation firewallsCastleforce
The document summarizes Palo Alto Networks next-generation firewalls which can identify applications, users, and content to provide visibility and granular control. This helps address challenges of uncontrolled use of internet applications in enterprises. The firewalls can see through ports and protocols to classify over 900 applications using techniques like App-ID, User-ID, and Content-ID. This gives IT unprecedented control over network activities.
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...sequi_inc
This document discusses industrial control systems (ICS) and legacy protocols used in ICS. It describes characteristics of ICS including long operational lifespans, use of both routable and legacy protocols, and vulnerabilities in legacy protocols like DNP3 and Modbus that lack authentication. Common attacks on ICS like man-in-the-middle attacks are also outlined. The document proposes that IEEE 1711-2010 can help secure legacy protocols by adding encryption and authentication without requiring changes to existing ICS software or equipment. It provides an overview of how a hardware device could implement IEEE 1711-2010 to retrofit security onto existing ICS networks using legacy protocols.
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
Watch the TechWiseTV Episode: http://cs.co/9001Bvqpz
Watch the workshop replay: http://bit.ly/2bAsxby
See how the latest evolution of Cisco TrustSec helps protect critical assets by extending and enforcing policies anywhere in your network. Go in-depth with how Cisco TrustSec simplifies your network security with software-defined segmentation.
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
Every time a new information technology finds its way into production, it seems as though we end up repeating the same process – security vulnerabilities will be discovered and disclosed in that technology, and users and vendors will deny that the risks are significant. Only after major attacks occur do we really start to see efforts to address the inherent risks in a systematic way.
We’re falling into this exact same trap again with Industrial Control and SCADA systems, but in this case the problem is worse, because the inherent nature of control systems prevents us from applying many of the strategies that have been used to protect other kinds of computer networks.
Join Lancope’s Director of Security Research, Tom Cross, for a look at the five stages of grief that organizations seem to pass through as they come to terms with security risks, and how far we’ve come regarding Industrial Control Systems.
Hear about:
The state of Control Systems security vulnerabilities
Attack activity that is prompting a change in perspective
The unique, long-term challenges associated with protecting SCADA networks
How anomaly detection can play a key role in protecting SCADA systems now
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including:
• Core features and functionality
• Market positioning and differentiators
• Technology integration for effective incident response
This document provides instructions for quickly installing and setting up a FireEye appliance. The FireEye appliance can identify malware attacks on a network, block attacks, and alert administrators. Setup instructions are provided for using either the front panel LCD or a serial console. The steps include mounting the appliance, connecting network cables, powering on, and configuring basic network and security settings using a menu interface. Additional documentation is referenced for more complete configuration and usage information.
The document provides an overview of wireless network security, outlining common issues, threats, and security measures for wireless networks. It discusses standards and protocols like WEP, WPA, and WPA2 and provides practical tips for securing a wireless network, such as enabling encryption, changing default settings, and using firewalls. The document also briefly discusses future trends in wireless network security.
Firewall is a device or set of instruments designed to permit or deny network transmissions based upon a set of rules and regulation is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass or during the sensitive data transmission. Distributed firewalls allow enforcement of security policies on a network without restricting its topology on an inside or outside point of view. Use of a policy language and centralized delegating its semantics to all members of the networks domain support application of firewall technology for organizations, which network devices communicate over insecure channels and still allow a logical separation of hosts in- and outside the trusted domain. We introduce the general concepts of such distributed firewalls, its requirements and implications and introduce its suitability to common threats on the Internet, as well as give a short discussion on contemporary implementations.
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
This shared slides is containing some of the basic information about Router Hardening project which my team and I did in our network security class project and we used it to present our project's process and procedures. Our project scenario was to harden the network and routers for hypothetical organization so we decided to do it for a bank and we called it ANS bank referring to first letters of the team members.
Today connected devices are everywhere, where we expect a massive growth over the upcoming years. What are connected devices (IOT)? It connects people to machines, machines to machines and shares data both people and machines create. However, why should you care about security?
This presentation walks you through why connected devices (IOT) are being targeted, what typically goes wrong during development making these devices vulnerable to attacks and whats next...
Robust Cyber Security for Power UtilitiesNir Cohen
The security of critical networks is at the center of attention of industry and government regulators alike. Check Point and RAD offer a joint end-to-end cyber security solution that protects any utility operational technology (OT) network by eliminating RTU and SCADA equipment vulnerabilities, as well as defends against cyber-attacks on the network’s control and data planes. This solution brief explains how the joint solution enables compliance with NERC-CIP directives, provides deep visibility and control of ICS/SCADA communications, and allows secure remote access into OT networks.
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
This document discusses hackers and security from the perspective of a penetration tester. It begins by distinguishing between hackers and crackers, noting that hackers are highly skilled individuals seeking knowledge, while crackers seek financial gain or to cause damage. It then discusses common misconceptions around security, noting that security is an architecture rather than appliances or policies. Several examples are given of exploiting popular security products and technologies. The document warns that the UAE is a vulnerable target given weaknesses in infrastructure and disaster recovery plans. It then describes hypothetical penetration tests against several large organizations in the UAE, highlighting vulnerabilities discovered. The document concludes by discussing mobile app security risks and advertising an upcoming security conference exhibition.
1) Fortinet's software-defined security framework provides security that integrates with underlying cloud and SDN platforms through virtual appliances, platform orchestration, and centralized management.
2) The framework allows for scale-out of virtual firewalls across hypervisors and auto-provisioning of firewall rules for workloads in public clouds.
3) Fortinet partners with VMware, Cisco, and OpenStack to provide security solutions that support virtualization, SDN controllers, and public cloud platforms.
Overview on the state of WIFI security for WEP, WPA/WPA2, WPA3. Looking at their protocols, weaknesses and attacks.
The presentation finishes with a live demo on 2 attacks: Karma Attack and Evil Portal Attack
Top 9 Critical Findings - Dramatically Improve Your Organization's SecurityPraetorian
As an information security consulting company, Praetorian has a unique ability to observe security programs across a wide range of companies. Based on the vulnerability patterns seen across organizations, a top ten list of common critical findings was created. The purpose of this presentation is to examine each of those critical findings and provide recommendations for mitigation. Examples from actual engagements are used to emphasize risk through real world scenarios. Some information from the screenshots provided has been redacted to protect confidentiality.
Praetorian's goal is to help our clients understand minimize their overall security exposure and liability. Through our services, your organization can obtain an accurate, independent security assessment.
This document discusses how unidirectional security gateways can maximize security and minimize compliance costs for industrial control systems. It argues that firewalls are porous and all firewalls forward attacks, while unidirectional gateways break the bidirectional channel required for most attacks. The document provides several examples of how unidirectional gateways can be applied in industrial environments and claims they provide stronger security than firewalls while also helping to reduce costs associated with NERC CIP compliance standards.
Breaking Closed Systems with Code-Signing and Mitigation TechniquesPriyanka Aash
Code signing is abundant in the enterprises and consumer space. This session will review the current landscape showing attacks against several open (Windows, Android, Mac) and closed (IOS, automotive operating) systems and show anomalies found by Venafi Labs focused on the theft and misuse of code signing certificates to breach organizations and propose a solution on how to address the issues.
(Source: RSA USA 2016-San Francisco)
More and more IoT vulnerabilities are found and showcased at security events. From connected thermostats to power plants!
Insecurity became the favorite subject for creating catchy IoT headlines: "Connected killer toaster", "Fridges changed into spamming machines","Privacy concerns around connected home".
We will explore the five challenges one has to face when building a secure IoT solution:
- hardware security: how to avoid rogue firmwares and keep your security keys safe?
- upgrade strategy: you can't secure what you can't update!
- secure transport: no security without secure transports.
- security credentials distribution: how to distribute security keys to a fleet with millions of devices?
- cloud vulnerability mitigation, how to keep your fleet of devices safe from the next Heartbleed?
Current enterprise infrastructure provides solutions for handling application security but are they really matching the IoT challenge? Could running a PKI client on a low power wireless sensor node be an option?
Despite those difficulties, we will show how a modern IoT device management standard like Lightweight M2M with DTLS is the way for building a secur-first IoT solutions. It provides a solution for upgrading your device, distributing your security keys and comes with a full range of cryptography cipher suites, from PSK algorithm for very constrained devices to high level of security using X.509 certificates.
Furthermore for adding security to your solution we will present you ready to use opensource libraries for implementing secure IoT servers and devices. The way for quickly releasing your next catchy connected product.!
Ultimately we will showcase Wakaama and Leshan, the Eclipse IoT Lightweight M2M implementation maybe your next best friend in the troubled water of Internet-Of-Things security!
This document outlines the benefits of outsourcing cybersecurity services to Syrinx Technologies through their Virtual CSO program. It discusses common security roadblocks organizations face related to cost, policy implementation, and risk perception. The Virtual CSO program provides business benefits like flexibility and no payroll costs, and technical benefits such as policy development, penetration testing, security awareness training, and compliance consulting. Clients can customize their solutions to fit their budgets. The summary encourages organizations to assess their security needs and work with Syrinx Technologies to develop an action plan and yearly program.
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
Watch the TechWiseTV Episode: http://cs.co/9001Bvqpz
Watch the workshop replay: http://bit.ly/2bAsxby
See how the latest evolution of Cisco TrustSec helps protect critical assets by extending and enforcing policies anywhere in your network. Go in-depth with how Cisco TrustSec simplifies your network security with software-defined segmentation.
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
Every time a new information technology finds its way into production, it seems as though we end up repeating the same process – security vulnerabilities will be discovered and disclosed in that technology, and users and vendors will deny that the risks are significant. Only after major attacks occur do we really start to see efforts to address the inherent risks in a systematic way.
We’re falling into this exact same trap again with Industrial Control and SCADA systems, but in this case the problem is worse, because the inherent nature of control systems prevents us from applying many of the strategies that have been used to protect other kinds of computer networks.
Join Lancope’s Director of Security Research, Tom Cross, for a look at the five stages of grief that organizations seem to pass through as they come to terms with security risks, and how far we’ve come regarding Industrial Control Systems.
Hear about:
The state of Control Systems security vulnerabilities
Attack activity that is prompting a change in perspective
The unique, long-term challenges associated with protecting SCADA networks
How anomaly detection can play a key role in protecting SCADA systems now
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including:
• Core features and functionality
• Market positioning and differentiators
• Technology integration for effective incident response
This document provides instructions for quickly installing and setting up a FireEye appliance. The FireEye appliance can identify malware attacks on a network, block attacks, and alert administrators. Setup instructions are provided for using either the front panel LCD or a serial console. The steps include mounting the appliance, connecting network cables, powering on, and configuring basic network and security settings using a menu interface. Additional documentation is referenced for more complete configuration and usage information.
The document provides an overview of wireless network security, outlining common issues, threats, and security measures for wireless networks. It discusses standards and protocols like WEP, WPA, and WPA2 and provides practical tips for securing a wireless network, such as enabling encryption, changing default settings, and using firewalls. The document also briefly discusses future trends in wireless network security.
Firewall is a device or set of instruments designed to permit or deny network transmissions based upon a set of rules and regulation is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass or during the sensitive data transmission. Distributed firewalls allow enforcement of security policies on a network without restricting its topology on an inside or outside point of view. Use of a policy language and centralized delegating its semantics to all members of the networks domain support application of firewall technology for organizations, which network devices communicate over insecure channels and still allow a logical separation of hosts in- and outside the trusted domain. We introduce the general concepts of such distributed firewalls, its requirements and implications and introduce its suitability to common threats on the Internet, as well as give a short discussion on contemporary implementations.
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
This shared slides is containing some of the basic information about Router Hardening project which my team and I did in our network security class project and we used it to present our project's process and procedures. Our project scenario was to harden the network and routers for hypothetical organization so we decided to do it for a bank and we called it ANS bank referring to first letters of the team members.
Today connected devices are everywhere, where we expect a massive growth over the upcoming years. What are connected devices (IOT)? It connects people to machines, machines to machines and shares data both people and machines create. However, why should you care about security?
This presentation walks you through why connected devices (IOT) are being targeted, what typically goes wrong during development making these devices vulnerable to attacks and whats next...
Robust Cyber Security for Power UtilitiesNir Cohen
The security of critical networks is at the center of attention of industry and government regulators alike. Check Point and RAD offer a joint end-to-end cyber security solution that protects any utility operational technology (OT) network by eliminating RTU and SCADA equipment vulnerabilities, as well as defends against cyber-attacks on the network’s control and data planes. This solution brief explains how the joint solution enables compliance with NERC-CIP directives, provides deep visibility and control of ICS/SCADA communications, and allows secure remote access into OT networks.
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
This document discusses hackers and security from the perspective of a penetration tester. It begins by distinguishing between hackers and crackers, noting that hackers are highly skilled individuals seeking knowledge, while crackers seek financial gain or to cause damage. It then discusses common misconceptions around security, noting that security is an architecture rather than appliances or policies. Several examples are given of exploiting popular security products and technologies. The document warns that the UAE is a vulnerable target given weaknesses in infrastructure and disaster recovery plans. It then describes hypothetical penetration tests against several large organizations in the UAE, highlighting vulnerabilities discovered. The document concludes by discussing mobile app security risks and advertising an upcoming security conference exhibition.
1) Fortinet's software-defined security framework provides security that integrates with underlying cloud and SDN platforms through virtual appliances, platform orchestration, and centralized management.
2) The framework allows for scale-out of virtual firewalls across hypervisors and auto-provisioning of firewall rules for workloads in public clouds.
3) Fortinet partners with VMware, Cisco, and OpenStack to provide security solutions that support virtualization, SDN controllers, and public cloud platforms.
Overview on the state of WIFI security for WEP, WPA/WPA2, WPA3. Looking at their protocols, weaknesses and attacks.
The presentation finishes with a live demo on 2 attacks: Karma Attack and Evil Portal Attack
Top 9 Critical Findings - Dramatically Improve Your Organization's SecurityPraetorian
As an information security consulting company, Praetorian has a unique ability to observe security programs across a wide range of companies. Based on the vulnerability patterns seen across organizations, a top ten list of common critical findings was created. The purpose of this presentation is to examine each of those critical findings and provide recommendations for mitigation. Examples from actual engagements are used to emphasize risk through real world scenarios. Some information from the screenshots provided has been redacted to protect confidentiality.
Praetorian's goal is to help our clients understand minimize their overall security exposure and liability. Through our services, your organization can obtain an accurate, independent security assessment.
This document discusses how unidirectional security gateways can maximize security and minimize compliance costs for industrial control systems. It argues that firewalls are porous and all firewalls forward attacks, while unidirectional gateways break the bidirectional channel required for most attacks. The document provides several examples of how unidirectional gateways can be applied in industrial environments and claims they provide stronger security than firewalls while also helping to reduce costs associated with NERC CIP compliance standards.
Breaking Closed Systems with Code-Signing and Mitigation TechniquesPriyanka Aash
Code signing is abundant in the enterprises and consumer space. This session will review the current landscape showing attacks against several open (Windows, Android, Mac) and closed (IOS, automotive operating) systems and show anomalies found by Venafi Labs focused on the theft and misuse of code signing certificates to breach organizations and propose a solution on how to address the issues.
(Source: RSA USA 2016-San Francisco)
More and more IoT vulnerabilities are found and showcased at security events. From connected thermostats to power plants!
Insecurity became the favorite subject for creating catchy IoT headlines: "Connected killer toaster", "Fridges changed into spamming machines","Privacy concerns around connected home".
We will explore the five challenges one has to face when building a secure IoT solution:
- hardware security: how to avoid rogue firmwares and keep your security keys safe?
- upgrade strategy: you can't secure what you can't update!
- secure transport: no security without secure transports.
- security credentials distribution: how to distribute security keys to a fleet with millions of devices?
- cloud vulnerability mitigation, how to keep your fleet of devices safe from the next Heartbleed?
Current enterprise infrastructure provides solutions for handling application security but are they really matching the IoT challenge? Could running a PKI client on a low power wireless sensor node be an option?
Despite those difficulties, we will show how a modern IoT device management standard like Lightweight M2M with DTLS is the way for building a secur-first IoT solutions. It provides a solution for upgrading your device, distributing your security keys and comes with a full range of cryptography cipher suites, from PSK algorithm for very constrained devices to high level of security using X.509 certificates.
Furthermore for adding security to your solution we will present you ready to use opensource libraries for implementing secure IoT servers and devices. The way for quickly releasing your next catchy connected product.!
Ultimately we will showcase Wakaama and Leshan, the Eclipse IoT Lightweight M2M implementation maybe your next best friend in the troubled water of Internet-Of-Things security!
This document outlines the benefits of outsourcing cybersecurity services to Syrinx Technologies through their Virtual CSO program. It discusses common security roadblocks organizations face related to cost, policy implementation, and risk perception. The Virtual CSO program provides business benefits like flexibility and no payroll costs, and technical benefits such as policy development, penetration testing, security awareness training, and compliance consulting. Clients can customize their solutions to fit their budgets. The summary encourages organizations to assess their security needs and work with Syrinx Technologies to develop an action plan and yearly program.
This document summarizes a presentation on regulations updates and penetration testing. The presentation covered recent changes to regulations like the ID Theft Red Flags Rule and PCI standards. It discussed why organizations should perform penetration tests, including to satisfy legal requirements and improve security. Potential vulnerabilities to check for were provided, like default passwords. The presentation included case studies of penetration tests performed and how access was gained through issues like unpatched systems. It emphasized that many security issues can be addressed through better password management, policies and procedures, and patch management.
PCI Compliance - What does it mean to me?syrinxtech
This document outlines the key points of a presentation on the Payment Card Industry Data Security Standard (PCI DSS). It introduces PCI DSS and its history, provides definitions of important terminology, describes the 12 requirements of the standard across 6 goals for securing payment card data, and discusses roles and responsibilities for compliance. The presentation covers building a secure network, protecting stored card data, maintaining vulnerability management, access controls, monitoring systems, and security policies.
Microsoft Windows 7 provides enhanced security features such as AppLocker and Internet Explorer 8 to control applications and protect users. It also improves data protection with BitLocker and BitLocker To Go to encrypt data on devices and removable drives. Windows 7 builds on the security foundation of Windows Vista with features such as User Account Control and the Security Development Lifecycle.
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
Subjects covered will include mobile devices OS security, state of malware on mobile devices, data loss prevention, VPN and remote access, 802.1x and certificate deployment, profiling, posture, web security, MDMs and others. For more information please visit our website: http://www.cisco.com/web/CA/index.html
Virtual Private Networks (VPNs) allow private networks to be connected securely over the public Internet. There are two main methods for implementing VPNs - using IPSec at the network level or SSL at the transport level. IPSec VPNs require client software installation on each workstation while SSL VPNs only require a web browser with SSL support, making SSL VPNs easier to use. VPNs offer benefits over dedicated leased lines such as lower cost, easier setup, and flexibility, but are less secure, reliable, and performant than isolated private networks.
Virtual Private Networks (VPNs) allow private networks to be connected securely over the public Internet. There are two main methods for implementing VPNs - using IPSec at the network level or SSL at the transport level. IPSec VPNs require client software installation on each workstation while SSL VPNs only require a web browser with SSL support, making SSL VPNs easier to use. VPNs offer benefits over dedicated leased lines such as lower cost, easier setup, and flexibility, but can be less reliable, secure, and performant than isolated private networks.
A joint presentation of Gary Williams of Schneider Electric and Michael Coden of NextNine at the 10th Annual Conference of the American Petroleum institute. The presentation discusses benefits, disadvantages, and architectures for allowing 3rd party access.
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...NetworkCollaborators
This document discusses the need for automation and programmability in network security as networks become more complex due to trends like cloud computing, mobility, and the Internet of Things. It outlines some of the challenges facing service providers in securing their networks and customers. It then describes different approaches service providers are taking to automate security using NFV and SDN technologies. Finally, it discusses how to secure the various components of an automated NFV architecture including the controller, infrastructure, network services, applications, management/orchestration, APIs, and communications.
This document discusses the need for automation and programmability in network security as networks become more complex due to trends like cloud computing, mobility, and the Internet of Things. It outlines some of the challenges facing service providers like increasing threats and changing customer expectations. It then describes how service providers are approaching network functions virtualization and automation in different ways, either led by use cases, infrastructure, or orchestration. Lastly, it discusses how Cisco is addressing security across virtualized infrastructure, applications, orchestration, communications and more through techniques like encryption, authentication, and integrating network security solutions.
Learn what makes SCADAguardian (the Nozomi Networks flagship technology) so unique and powerful. From enterprise IT, to OT, we enable scalable security strategies for ICS.
A modern approach to safeguarding your ICS and SCADA systemsAlane Moran
Tempered Networks' presentation at the recent Rockwell Automation Fair 2016 helps viewers understand why it's so challenging and complex to connect and secure industrial IoT and SCADA systems. The future of networking and security must be based on 'host identity' not spoofable IP addresses.
Net Motion Mobility Overview - Field Serviceksholes
This document provides an overview of Mobility XE, a mobile VPN product from NetMotion Wireless. It addresses challenges mobile workers face including connectivity, application performance, and support. Mobility XE enhances productivity by making VPN and application sessions persistent during mobility and optimizing bandwidth. It provides security using AES encryption, authentication methods like Active Directory, and controls like device authentication. The management console allows centralized visibility and control of all device connections, applications, and networks used.
Mobile device security presents challenges as confidential data is most vulnerable when stored on or transmitted to mobile devices. Key risks include stolen devices or information, unauthorized access to networks or applications, and virus propagation. Effective security requires securing devices, encrypting data, implementing access controls, securing wireless interfaces like Bluetooth and WLAN, and establishing perimeter defenses like VPNs. Enterprises also need centralized management of policies, configurations, and user compliance to securely support employee mobility.
The document discusses securing the management plane of Cisco routers. It describes 9 steps to secure the management plane: 1) follow a router security policy, 2) secure physical access, 3) use strong encrypted passwords, 4) control access to the router, 5) secure management access using AAA, 6) use secure management protocols like SSH, 7) implement system logging, 8) backup configurations periodically, and 9) disable unneeded services. It also discusses authenticating users locally and with RADIUS/TACACS+ servers.
Black Hat USA 2022 - Arsenal Labs - Vehicle Control Systems - Red vs BlueChris Sistrunk
This document provides an overview of a presentation on vehicle control systems security given by Chris Sistrunk and Shishir Gupta of Mandiant. It begins with introductions of the presenters and their backgrounds in ICS/OT security. It then discusses common vehicle operating systems like QNX, attacks on telematics units and other embedded systems, and methods for forensic analysis of infected devices including using rpdbg.py. Defense techniques like the NIST incident response process and considerations for DFIR on embedded systems are also covered.
The document summarizes the CounterACT security platform which provides network visibility, access control, and compliance capabilities. It can detect all devices on a network, control user access based on policies, and help maintain regulatory compliance. The platform offers non-disruptive deployment, scalability for all network sizes, and easy management through a centralized console.
This document contains the resume of Manjesh N, who is seeking a position as a Network Security Engineer. It outlines his skills and experience in networking, security, and various certifications. His experience includes over 8 years providing technical support for networking and security products from Arbor, SonicWALL, and Dell. He has extensive hands-on experience with firewalls, routers, switches, and other networking devices.
The document outlines an agenda for a Red Hat security seminar covering emerging technologies like the Xen hypervisor and virtualization, security features in Red Hat like SELinux and its role in building security openly, and questions from attendees about Red Hat's security certifications and standards work. Hands-on labs were also planned to demonstrate technologies discussed.
Cisco Trustsec & Security Group TaggingCisco Canada
This presentation covers the protocols and functions that create a trusted network. We will discuss the best practices when deploying this tagging ability using campus switches including migration techniques from non-SGT capable to devices to a fully SGT capable network deployment. For more information please visit our website here: http://www.cisco.com/web/CA/index.html
Squire Technologes: Session Border Controller (SVI_SBC) Presentation. Highlighting the key features and functionality of the SVI_SBC. The Session Border Controller provides a mature, proven carrier grade technology packed with feature rich capabilities allowing operators to rapidly deploy services. A flexible licensing model allows clients to meet budget requirements and scale as and when future growth dictates.
Capability includes: SIP Trunks, Skype for Business, IMS / 4G Services, WebRTC Gateway, Lawful Intercept and Billing.
The proposed solution provides a secure and resilient network architecture for JVVNL that connects various offices to a centralized IT center and data center. Key elements include MPLS WAN connectivity with failover, network and application security appliances, load balancing, and link load balancing to ensure high availability of critical applications and data. Centralized management and monitoring is also included for effective oversight of IT projects and infrastructure.
This session will detail how you can bring distributed knowledge
and actionable alerts for your automation assets through remote
access and monitoring services to minimize downtime and
increase asset utilization by leveraging your connected plant.
Remote Access and Monitoring of Connected IoT Assets
Remote Access Security
1. VA SCAN 2011: Security Without Borders Securing Remote Access to IT Resources Presented By: Bryan Miller Adjunct Faculty, Computer Science & Information Systems Virginia Commonwealth University
2. Speaker Introduction Wikipedia: Remote Access Technologies Attack Vectors Audit Tools Mobile Device Issues Hardening Recommendations Policies & Procedures (P&P) Wrap-Up 10/6/2011 Securing Remote Access to IT Resources 2 Agenda
3. B.S. Information Systems – VCU M.S. Computer Science – VCU VCU Network Engineer – 1987 – 1993 President, Syrinx Technologies, 2007 Adjunct Faculty Member in Information Systems and Computer Science @ VCU, FTEMS lecturer CISSP, former Cisco CCIE in R/S Published author with over 25 years in the industry 10/6/2011 Securing Remote Access to IT Resources 3 Speaker Introduction
5. Dial-In/PPP – Point-to-Point Protocol – 1994 Layer 2 of the OSI model Provides authentication, encryption & compression Used by ISPs for dial-up Internet access PPTP - Point-to-Point Tunneling Protocol – 1999 Provides VPN access over GRE tunnel using PPP Does not provide encryption or authentication MSCHAP-v2 used for authentication is vulnerable to dictionary attacks 10/6/2011 Securing Remote Access to IT Resources 5
6. L2TP – Layer 2 Tunneling Protocol - 1999 Tunneling protocol used with VPN’s Does not provide encryption Still used today by some cable providers IPSec VPN Site-Site Dedicated VPN, typically over the Internet No client configuration Remote Access Requires configuration of VPN client Can be a challenge to update large numbers of clients Configuration files must be protected! Split Tunneling Issues 10/6/2011 Securing Remote Access to IT Resources 6
7. SSL VPN Browser-based access to applications No VPN client to load on endpoints Provides user-friendly front end with low maintenance No configuration files to protect Single Sign On (SSO) One password to rule them all Various authentication methods Kerberos, smart card, two-factor, Windows AD integration, LDAP Often provides web-based front-end to common applications 10/6/2011 Securing Remote Access to IT Resources 7
8. Authentication Options RADIUS – Remote Authentication Dial-In User Service Implements “AAA” – Authentication, Authorization & Accounting Client-server protocol over UDP Used in VPNs, Wireless, 802.1x, etc. TACACS(+) – Terminal Access Controller Access-Control System (Plus) Cisco proprietary protocol using TCP Access control for networking devices 10/6/2011 Securing Remote Access to IT Resources 8
9. 802.1x IEEE standard for port-based, Network Access Control (NAC) Provides authentication mechanisms for devices wishing to connect to a LAN or WLAN Typically requires an authentication server running RADIUS Most modern operating systems support 802.1x, including iPhone and iPod Touch Vulnerable to MITM attacks 10/6/2011 Securing Remote Access to IT Resources 9
10. Network Access Control (NAC) Technology which restricts access to the network based on identity or security posture To confuse the issue, Cisco’s NAC product is actually known as Network Admission Control Can be used to force clients to conform to security policies before granting network access A/V Patches Registry Settings Can be difficult to implement in “legacy” networks 10/6/2011 Securing Remote Access to IT Resources 10
12. Dial-In Yes, this still works! Automated program dials 1000’s of phone numbers per day Usually finds “forgotten” out-of-band modem Wireless Please don’t use WEP, no longer compliant with PCI Rogue APs are still a problem – make sure your P&P documents address this Watch those hotspots! Extranet Mutual protection is the only way to go! 10/6/2011 Securing Remote Access to IT Resources 12
13. VPN Protect those configuration files (try Google) Use appropriate complexity for PSKs SSL in web sites Test the cipher strengths – applicable to PCI Disable the weak ones Outdated out-of-band management tools Are you still using Telnet? 10/6/2011 Securing Remote Access to IT Resources 13
16. SSL Cipher Strength THCSSLCheck SSLDigger OpenSSL Web Servers Nikto Nessus 10/6/2011 Securing Remote Access to IT Resources 16 SSLDigger Output: 192.168.1.1: EXP-RC2-CBC-MD5 – (40) EXP-RC4-MD5 – (40) EXP1024-DES-CBC-SHA – (56) EXP1024-RC4-SHA – (56) DES-CBC-SHA – (56) () – Number of bits of encryption This tool is great for checking PCI compliance!
17. Dial-In PhoneSweep PPTP asleap Wireless 802.11 Aircrack-ng NetStumbler Bluetooth Bluesnarf BlueAuditor 10/6/2011 Securing Remote Access to IT Resources 17 From: http://www.willhackforsushi.com/Asleap.html
18. Port Scanners nMap SuperScan 4 RAPS (Remote Access Perimeter Scanner) 10/6/2011 Securing Remote Access to IT Resources 18 RAPS Output: 192.168.0.187 Port 5900 - VNC, Version 3.8 192.168.0.9 Port 3389 - Terminal Server 192.168.10.57 Port 5631 - pcAnywhere, Host: A1 192.168.10.56 Port 1720 - NetMeeting 10.2.0.139 Port 1494 – Citrix Server 10.2.1.20 Port 6000 – X Server, Version 11.0 10.2.1.21 Port 6000 – X Server, NO LOGIN REQUIRED, Version 11.0 What’s the difference between 10.2.1.20 and 10.2.1.21?
20. Who owns the device Are employee-owned devices allowed Applications Email sync VPN configurations Encryption 10/6/2011 Securing Remote Access to IT Resources 20
21. Security settings Backup/restore issues Profile management Management/Reporting Wireless/Bluetooth issues E-discovery What happens if the device is lost/stolen? Remote wipe? 10/6/2011 Securing Remote Access to IT Resources 21
23. Laptops At a minimum, encrypt the hard drive TrueCrypt PGP Disk BitLocker Biometrics Wireless Two-factor authentication 802.1x VPN 10/6/2011 Securing Remote Access to IT Resources 23
24. Labs, public access Network Access Control (NAC) 802.1x Remote Devices Use SSH instead of Telnet for out-of-band access Limit source IP address whenever possible Always require HTTPS when available Change all default SNMP community strings and other passwords Don’t allow access to common remote control programs from the outside Citrix, VNC, PCAnywhere, DameWare, Terminal Services 10/6/2011 Securing Remote Access to IT Resources 24
25. General Recommendations Make sure you have secure build configurations for all infrastructure devices Whenever possible, limit the source of resource requests to the smallest number possible SNMP, SSH With VPNs, configure access lists to limit exposure 10/6/2011 Securing Remote Access to IT Resources 25
26. General Recommendations With VPNs, configure access lists to limit exposure Don’t allow free range of internal networks Identify the user as soon as possible and apply access policies Remove all unnecessary protocols, apps, etc. Perform periodic penetration tests to ensure that all low hanging fruit have been removed 10/6/2011 Securing Remote Access to IT Resources 26
28. Be sure to start with documented, enforceable policies Without upper management buy-in, don’t bother trying to enforce the policies Make sure you have a mobile device management policy Update and re-educate every year 10/6/2011 Securing Remote Access to IT Resources 27
30. Remote access is one of the oldest IT technologies in use today It is well understood -- but occasionally implemented without security in mind Be sure to test often and update configurations and P&P documents as necessary Remember there are more potential attackers outside your security perimeter than inside 10/6/2011 Securing Remote Access to IT Resources 30