Mark Arena - Cyber Threat Intelligence #uisgcon9UISGCON
This document discusses cyber threat intelligence and how it can be collected and produced. It defines intelligence as taking data and using knowledge and experience to determine what is factual and probable about past and future events, and communicating this information to decision makers. It provides examples of assessing the probability of threats based on known vulnerabilities and exploits. It also outlines various data sources that can be used to collect intelligence both within an organization and on the open internet. These include network flow data, endpoint monitoring, and searching open sources. It stresses the importance of knowing the motivations and techniques of different attackers in order to effectively defend an organization.
Kimberly Zenz - Financial Options for Cyber Criminals #uisgcon9UISGCON
This document discusses various financial options available to cyber criminals for laundering money obtained through illicit means. It notes that while electronic currencies were initially popular due to perceived anonymity, law enforcement has had success tracking transactions through exchanges and cracking down on leaders like Liberty Reserve. No option is foolproof as international cooperation on anti-money laundering has strengthened. Ultimately, cyber criminals must stay under the radar and accept that risk remains higher than pursuing crimes without this financial element.
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9UISGCON
This document summarizes an IBM Security Systems mid-year 2013 trend and risk report. It discusses how the IBM X-Force monitors the threat landscape and researches new attack techniques to educate customers. It outlines key trends in the first half of 2013 including a rise in targeted attacks exploiting trust relationships, watering hole attacks compromising websites, and attacks on foreign branch sites. Mobile threats like Android malware are also growing. The report concludes with recommendations to prioritize security basics like patching and educate users.
Владимир Стыран - Пентест следующего поколения, который ваша компания не може...UISGCON
This document discusses the differences between penetration testing and vulnerability assessments, and why clients often receive poor quality tests. It notes that penetration tests are meant to be deeply interactive, focusing on achieving specific goals through exploitation, while vulnerability assessments only superficially identify issues. It also explains that clients contribute to poor tests by lacking understanding of the purpose and proper scope of each method, and not performing adequate quality control of testers. The document provides recommendations for how clients can improve tests by learning testing standards, clearly defining objectives, and incentivizing testers to achieve goals through payment structures.
The FBI operates international offices in 78 countries through its International Operations Division to coordinate domestic and foreign investigations and support partner agencies. The document discusses the FBI's Cyber Division which works with cyber agents, cyber action teams, and private/government partners to combat cybercrime threats. Specifically in Ukraine, the FBI works with the SBU and MVD to investigate JabberZeus coders and pursue related spin-off investigations in both countries. The FBI aims to understand, resource, and prosecute cyber threats like account takeovers while informing network defenders.
Mark Arena - Cyber Threat Intelligence #uisgcon9UISGCON
This document discusses cyber threat intelligence and how it can be collected and produced. It defines intelligence as taking data and using knowledge and experience to determine what is factual and probable about past and future events, and communicating this information to decision makers. It provides examples of assessing the probability of threats based on known vulnerabilities and exploits. It also outlines various data sources that can be used to collect intelligence both within an organization and on the open internet. These include network flow data, endpoint monitoring, and searching open sources. It stresses the importance of knowing the motivations and techniques of different attackers in order to effectively defend an organization.
Kimberly Zenz - Financial Options for Cyber Criminals #uisgcon9UISGCON
This document discusses various financial options available to cyber criminals for laundering money obtained through illicit means. It notes that while electronic currencies were initially popular due to perceived anonymity, law enforcement has had success tracking transactions through exchanges and cracking down on leaders like Liberty Reserve. No option is foolproof as international cooperation on anti-money laundering has strengthened. Ultimately, cyber criminals must stay under the radar and accept that risk remains higher than pursuing crimes without this financial element.
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9UISGCON
This document summarizes an IBM Security Systems mid-year 2013 trend and risk report. It discusses how the IBM X-Force monitors the threat landscape and researches new attack techniques to educate customers. It outlines key trends in the first half of 2013 including a rise in targeted attacks exploiting trust relationships, watering hole attacks compromising websites, and attacks on foreign branch sites. Mobile threats like Android malware are also growing. The report concludes with recommendations to prioritize security basics like patching and educate users.
Владимир Стыран - Пентест следующего поколения, который ваша компания не може...UISGCON
This document discusses the differences between penetration testing and vulnerability assessments, and why clients often receive poor quality tests. It notes that penetration tests are meant to be deeply interactive, focusing on achieving specific goals through exploitation, while vulnerability assessments only superficially identify issues. It also explains that clients contribute to poor tests by lacking understanding of the purpose and proper scope of each method, and not performing adequate quality control of testers. The document provides recommendations for how clients can improve tests by learning testing standards, clearly defining objectives, and incentivizing testers to achieve goals through payment structures.
The FBI operates international offices in 78 countries through its International Operations Division to coordinate domestic and foreign investigations and support partner agencies. The document discusses the FBI's Cyber Division which works with cyber agents, cyber action teams, and private/government partners to combat cybercrime threats. Specifically in Ukraine, the FBI works with the SBU and MVD to investigate JabberZeus coders and pursue related spin-off investigations in both countries. The FBI aims to understand, resource, and prosecute cyber threats like account takeovers while informing network defenders.
[Short 10-30] Дмиртий Петращук - Виртуализация и PCI DSS 2.0
1. ВИРТУАЛИЗАЦИЯ И
PCI DSS 2.0
Соответствие PCI DSS в виртуальной среде
Дмитрий Петращук, CISSP, QSA
2. О чем пойдет речь
• Новые аспекты PCI DSS 2.0
• Виды виртуализации
• Новые риски в виртуальной среде
• Требования стандарта, вызывающие самые большие
сложности при внедрении
• На что нужно обращать внимание
• Методы и инструменты для удовлетворения
требованиям
3. Что нового в PCI DSS 2.0
• Оценка рисков
• Требования к виртуализации
• Требования к хостинг-провайдерам
• Повышение требований к качеству отчета аудитора
• Стандартизировано ранжирование уязвимостей по
CVSS
• Более гибкие требования по обнаружению
неавторизованных точек WiFi
• Ежегодный мониторинг соответствия сервис-
провайдеров
• Множественные косметические улучшения
5. Новые риски
• Гипервизор
• Новые привилегии
Пользователь – Администратор системы – Администратор гипервизора
• Физические контроли уже не действуют
• В одной виртуальной среде объединяются разные
уровни доверия
• Один сервер – одна функция
• Простота появления новых сетевых связей
• Данные в образах, снимках, неактивных VM
• Уязвимости виртуальной платформы
• Усложнение мониторинга и контроля
6. Актуальные требования стандарта
• 1.1.3 Requirements for a firewall at each Internet connection and between any DMZ and the
internal network zone.
• 2.1 Always change vendor-supplied defaults before installing a system on the network.
• 2.2 Develop configuration standards for all system components.
• 2.2.1 Implement only one primary function per server
• 2.2.2 Disable all unnecessary and insecure services and protocols
• 2.2.3 Configure system security parameters to prevent misuse.
• 2.2.4 Remove all unnecessary functionality, such as
scripts, drivers, features, subsystems, file systems, and unnecessary web servers.
• 2.3 Encrypt all non-console administrative access. Use technologies such as SSH, VPN, or
SSL/TLS for web based management and other non-console administrative access
• 3.1 Keep cardholder data storage to a minimum. Develop a data retention and disposal
policy. Limit storage amount and retention time to that which is required for
business, legal, and/or regulatory purposes, as documented in the data retention policy.
• 3.5 Protect cryptographic keys used for encryption of cardholder data against both disclosure
and misuse
• 5.1 Deploy anti-virus software on all systems commonly affected by malicious software
7. Актуальные требования стандарта
• 6.1 Ensure that all system components and software have the latest vendor-supplied security
patches installed. Install critical security patches within one month of release.
• 6.2 Establish a process to identify newly discovered security vulnerabilities
• 6.3.2 Separate development/test and production environments
• 6.3.5 Removal of test data and accounts before production systems become active
• 6.4 Follow change control procedures for all changes to system components
• 7.1.1 Restriction of access rights to privileged user IDs to least privileges necessary to perform job
responsibilities
• 8.1 Assign all users a unique ID before allowing them to access system components or cardholder
data
• 8.5 Ensure proper user authentication and password management for non-consumer users and
administrators on all system components
• 9.6 Physically secure all paper and electronic media that contain cardholder data
• 9.7 Maintain strict control over the internal or external distribution of any kind of media that contains
cardholder data
• 9.8 Ensure management approves any and all media containing cardholder data that is moved from
a secured area (especially when media is distributed to individuals)
• 9.9 Maintain strict control over the storage and accessibility of media that contains cardholder data
• 9.10 Destroy media containing cardholder data when it is no longer needed for business or legal
reasons
8. Актуальные требования стандарта
• 10.2 Implement automated audit trails for all system components
• 10.4 Synchronize all critical system clocks and times
• 10.5 Secure audit trails so they cannot be altered
• 10.6 Review logs for all system components at least daily
• 11.5 Deploy file-integrity monitoring software to alert personnel to
unauthorized modification of critical system files, configuration files, or
content files; and configure the software to perform critical file
comparisons at least weekly
• 12.1.1 Establish, publish, maintain and disseminate a security policy
that addresses all PCI DSS requirements.
• 12.3 Develop usage policies for critical employee-facing technologies
9. Не забывайте
• В охват PCI DSS входят все VM,
расположенные на одном
супервизоре с VM обрабатывающей
карточные данные + гипервизор
• Не объединять на одном гипервизоре сети с разным
уровнем доверия (например, DMZ и процессинг)
• Разделять сетевые потоки:
данные - контрольный трафик – управление
• Правило: одна VM – одна функция
• Тщательно документировать и стандартизировать
инфраструктуру
• Ограничивать физический и логический доступ
• Инфраструктуру можно перенести в облако, а
ответственность за соблюдение требований нельзя
10. Можно и нужно использовать
• Информацию
• Navigating the PCI DSS v2.0
https://www.pcisecuritystandards.org/documents/navigating_dss_v20.pdf
• PCI DSS Virtualization Guidelines v2.0
https://www.pcisecuritystandards.org/documents/Virtualization_InfoSupp_v2.pdf
• VMware Infrastructure 3.5 Security Hardening http://www.vmware.com/vmtn/resources/726
• Managing VMware Virtual Center Roles and Permissions
http://www.vmware.com/vmtn/resources/826
• ESX STIG (Secure Technology Implementation Guide)
http://iase.disa.mil/stigs/stig/esx_server_stig_v1r1_final.pdf
• VI:ops Virtualization Security Community http://viops.vmware.com/home/community/security
• Hyper-V How To: Harden Your VM Security
http://blogs.technet.com/tonyso/archive/2008/09/23/hyper-v-how-to-harden-your-vm-
security.aspx
• McAfee Virtualization Portal http://www.mcafee.com/virtualization
• SW&HW
• Виртуализированные версии систем защиты (FW, IPS, SIEM)
• Специальные средства:
• Консультантов