Viruși. Spam. Malware. Botnets. Phishing. Rootkits. Ce au toate în comun? Cum ne putem proteja? O detaliere a tendințelor din domeniu, cu soluții practice.
There is no doubt that Intrusion Detection Systems should be incorporated into any security infrastructure, however today’s IDS implementations are far from perfect. Security Managers should continue to add layers to their defense strategy and not place too much reliance on this technology, as it’s not easy to create a system that can effectively flag an attack without crashing under the weight of its own logs, operate relatively maintenance free and respond appropriately to benign anomalous events without raising too many false alarms.
This session discusses some of the most common techniques aimed at evading IDS detection order to easily attack the infrastructure sitting behind those systems.
Azure Site Recovery and System Center Tudor Damian
Azure Site Recovery is a cloud-based service that automates virtual machine fail-over across sites. The service integrates with Virtual Machine Manager which manages on-premises Hyper-V servers. Hyper-V Replica technology replicates virtual machine configuration and data across sites. Based on customer feedback, support for SAN replication is important. This session covers the scenarios in scope, solution architecture, and SAN integration using SMI-S.
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
Viruși. Spam. Malware. Botnets. Phishing. Rootkits. Ce au toate în comun? Cum ne putem proteja? O detaliere a tendințelor din domeniu, cu soluții practice.
There is no doubt that Intrusion Detection Systems should be incorporated into any security infrastructure, however today’s IDS implementations are far from perfect. Security Managers should continue to add layers to their defense strategy and not place too much reliance on this technology, as it’s not easy to create a system that can effectively flag an attack without crashing under the weight of its own logs, operate relatively maintenance free and respond appropriately to benign anomalous events without raising too many false alarms.
This session discusses some of the most common techniques aimed at evading IDS detection order to easily attack the infrastructure sitting behind those systems.
Azure Site Recovery and System Center Tudor Damian
Azure Site Recovery is a cloud-based service that automates virtual machine fail-over across sites. The service integrates with Virtual Machine Manager which manages on-premises Hyper-V servers. Hyper-V Replica technology replicates virtual machine configuration and data across sites. Based on customer feedback, support for SAN replication is important. This session covers the scenarios in scope, solution architecture, and SAN integration using SMI-S.
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Tudor Damian
The payoff of successful Digital Transformation can be essential for companies engaged in highly-competitive markets. Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success.
With the emergence of the Cloud, IT risk has suffered yet another radical transformation. The past couple of years have also brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness, especially when moving to the Cloud.
Based on real-life projects and experience from recent years, this session provides a quick insight into the role that the Cloud plays within Digital Transformation initiatives, touching on challenges companies usually face when dealing with governance, security, change management & cost-control. Examples and case studies included.
Security & Compliance in the Cloud [2019]Tudor Damian
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked. While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
With the emergence of the Cloud, IT risk has suffered yet another radical transformation. The past couple of years have also brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness, especially when moving to the Cloud.
Modern cybersecurity threats, and shiny new tools to help deal with themTudor Damian
With cybersecurity threats changing rapidly, we definitely need a new set of tools to be able to prevent and address them more efficiently: malware is becoming more complex and harder to detect, malicious insider attacks are on the rise and zero-day exploits make their way to the public much quicker than before. Join this session to see how Windows Server 2016 and Windows 10 can help organizations deal with this ever-changing security ecosystem by providing them with ways to better secure their environment and data. We’ll touch on topics such as malware & threat resistance, identity & access control, virtualization-based security, configurable code integrity, remote attestation and a few others.
The state of web applications (in)security @ ITDays 2016Tudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach, especially after some of last years' heavily publicized cyber breaches. Join this session for a high-level overview on the industry trends in the area of web application security, and find out why security is bound to become a hot topic in any organization developing or using web applications.
2016, A new era of OS and Cloud SecurityTudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach when it comes to security, especially after some of last years’ heavily publicized incidents. Join this session for a discussion on what Microsoft is doing to protect against these new security threats with fresh approaches taken both at the server & client OS level, as well as in Azure.
DefCamp #5, Bucharest, November 29th
Just as a chain is as weak as its weakest link, computer systems are as vulnerable as their weakest component – and that’s rarely the technology itself, it’s more often the people using it. This is precisely why it’s usually easier to exploit people’s natural inclination to trust than it is to discover ways to hack into computer systems. As the art of manipulating people into them giving up confidential information, Social Engineering has been a hot topic for many years. This session will discuss some of the most common Social Engineering techniques and countermeasures.
Upgrading your Private Cloud to Windows Server 2012 R2Tudor Damian
Learn about the functionality and processes that are available to enable you to move your private cloud deployments to Windows Server 2012 R2 with zero downtime. Understand the options that are available to you and the considerations that need to be made as you determine the best path for continuing to keep your environment on the best technology available for private clouds today. This session covers the end to end approach including Hyper-V, Clustering, Storage and SCVMM.
O scurta introducere in arhitectura Hyper-V R2 si Linux Integration Services v2.1, precum si o detaliere a unor solutii de management si instrumente utile in gazduirea sistemelor Linux sub Hyper-V - video screencast pe Vimeo: http://www.vimeo.com/15466169
Arhitecturi de virtualizare in medii EnterpriseTudor Damian
O analiza in detaliu a celor mai raspandite platforme de virtualizare (hypervisor, arhitectura, performanta): Hyper-V R2, ESX(i)/vSphere, XenServer si Virtuozzo/OpenVZ.
Prezentarea exploreaza atat modalitati prin care putem securiza mediile virtualizate, cat si moduri prin care putem folosi virtualizarea pentru a spori securitatea infrastructurii IT existente, de la crearea de ”honeypots” sau ”application sandboxing”, pana la izolarea rolurilor pe servere.
Câteva cuvinte despre mediile de lucru colaborativ, precum și despre impactul lor în procesul educațional. Contribuția comunităților online la dezvoltarea personală și profesională.
Care sunt elementele legate de hosting pe care ar trebui să le urmarim cu interes în următorii ani? O discuție deschisă despre cloud computing, platforme de hosting și virtualizare.
Digital Transformation in the Cloud: What They Don’t Always Tell You [2020]Tudor Damian
The payoff of successful Digital Transformation can be essential for companies engaged in highly-competitive markets. Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success.
With the emergence of the Cloud, IT risk has suffered yet another radical transformation. The past couple of years have also brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness, especially when moving to the Cloud.
Based on real-life projects and experience from recent years, this session provides a quick insight into the role that the Cloud plays within Digital Transformation initiatives, touching on challenges companies usually face when dealing with governance, security, change management & cost-control. Examples and case studies included.
Security & Compliance in the Cloud [2019]Tudor Damian
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked. While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
With the emergence of the Cloud, IT risk has suffered yet another radical transformation. The past couple of years have also brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness, especially when moving to the Cloud.
Modern cybersecurity threats, and shiny new tools to help deal with themTudor Damian
With cybersecurity threats changing rapidly, we definitely need a new set of tools to be able to prevent and address them more efficiently: malware is becoming more complex and harder to detect, malicious insider attacks are on the rise and zero-day exploits make their way to the public much quicker than before. Join this session to see how Windows Server 2016 and Windows 10 can help organizations deal with this ever-changing security ecosystem by providing them with ways to better secure their environment and data. We’ll touch on topics such as malware & threat resistance, identity & access control, virtualization-based security, configurable code integrity, remote attestation and a few others.
The state of web applications (in)security @ ITDays 2016Tudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach, especially after some of last years' heavily publicized cyber breaches. Join this session for a high-level overview on the industry trends in the area of web application security, and find out why security is bound to become a hot topic in any organization developing or using web applications.
2016, A new era of OS and Cloud SecurityTudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach when it comes to security, especially after some of last years’ heavily publicized incidents. Join this session for a discussion on what Microsoft is doing to protect against these new security threats with fresh approaches taken both at the server & client OS level, as well as in Azure.
DefCamp #5, Bucharest, November 29th
Just as a chain is as weak as its weakest link, computer systems are as vulnerable as their weakest component – and that’s rarely the technology itself, it’s more often the people using it. This is precisely why it’s usually easier to exploit people’s natural inclination to trust than it is to discover ways to hack into computer systems. As the art of manipulating people into them giving up confidential information, Social Engineering has been a hot topic for many years. This session will discuss some of the most common Social Engineering techniques and countermeasures.
Upgrading your Private Cloud to Windows Server 2012 R2Tudor Damian
Learn about the functionality and processes that are available to enable you to move your private cloud deployments to Windows Server 2012 R2 with zero downtime. Understand the options that are available to you and the considerations that need to be made as you determine the best path for continuing to keep your environment on the best technology available for private clouds today. This session covers the end to end approach including Hyper-V, Clustering, Storage and SCVMM.
O scurta introducere in arhitectura Hyper-V R2 si Linux Integration Services v2.1, precum si o detaliere a unor solutii de management si instrumente utile in gazduirea sistemelor Linux sub Hyper-V - video screencast pe Vimeo: http://www.vimeo.com/15466169
Arhitecturi de virtualizare in medii EnterpriseTudor Damian
O analiza in detaliu a celor mai raspandite platforme de virtualizare (hypervisor, arhitectura, performanta): Hyper-V R2, ESX(i)/vSphere, XenServer si Virtuozzo/OpenVZ.
Prezentarea exploreaza atat modalitati prin care putem securiza mediile virtualizate, cat si moduri prin care putem folosi virtualizarea pentru a spori securitatea infrastructurii IT existente, de la crearea de ”honeypots” sau ”application sandboxing”, pana la izolarea rolurilor pe servere.
Câteva cuvinte despre mediile de lucru colaborativ, precum și despre impactul lor în procesul educațional. Contribuția comunităților online la dezvoltarea personală și profesională.
Care sunt elementele legate de hosting pe care ar trebui să le urmarim cu interes în următorii ani? O discuție deschisă despre cloud computing, platforme de hosting și virtualizare.
19. o listă de prețuri
Produs Preț
Instalare adware 30 cenţi in US, până la 2 cenţi in alte ţări
Pachet malware, versiunea basic 1.000$ – 2.000$
Add-ons pentru pachete malware Preţuri variabile pornind de la 20$
Închiriere de “exploit” - o oră De la 0,99$ la 1$
Închiriere de “exploit” - 2,5 ore De la 1,60$ la 2$
Închiriere de “exploit” - 5 ore 4$
Troian nedetectabil 80$
Atac DDOS 100$ pe zi
Acces la 10.000 de PC-uri compromise 1.000$
Informaţii despre conturi bancare Preţuri variabile pornind de la 50$
Un milion de mesaje e-mail De la 8$ în sus
Informațiile se refera la anul 2007, sursa: TrendMicro
35. top 5 botnets in 2008
Numărul de boți Capacitatea de generare de
Botnet
estimat spam
Kraken 400.000 100 miliarde mesaje pe zi
Srizbi 315.000 60 miliarde mesaje pe zi
Rustock 150.000 30 miliarde mesaje pe zi
Cutwail 125.000 16 miliarde mesaje pe zi
Storm 85.000 3 miliarde mesaje pe zi
Surse: SecureWorks, Damballa
36. Smurf
Computer
Computer
Computer
ICMP Echo Network A
Replies from every
terminal in the
Broadcast Address
Network
ICMP Echo Workstation Workstation Workstation
Network B Replies from every
ICMP Echo
terminal in the
Network
Target system
ICMP Echo
Broadcast Address
Attacker
Laptop
Computer
ICMP Echo Replies from every
Network C terminal in the
Network
ICMP Echo
Broadcast Address
Computer Workstation
37. SynFlood Attack SynFlood
Half Open Connection
Half Open Conenction
Attacker Half Open Conenction
Half Open Conenction
Server
Legitimate Connection
Legitimate userr
38. DNS DoS
Query with spoofed IP DNS 1
Results from attackers query
Attack
er
DNS 2 Target
Query with spoofed IP Results from attackers query
Query with spoofed IP DNS 3
Results from attackers query
Query with spoofed IP
DNS 4 Results from attackers query
39. DDoS
Attacker’s Coomand
Attacker’s Commands
Attacker
Command Command
Client Software Client
Command
Server Software
Server Software Server Software Server Software Server Software
(Zombie) (Zombie)
(Zombie) (Zombie) (Zombie)
Packets
Packets
Packets
Packets
Packets
Target Host
119. engineers begin knowing a little bit about a lot
they learn less and less about more and more
until they know nothing about everything
120. architects begin knowing a lot about a little
they learn more and more about less and less
until they know everything about nothing
121. contractors begin knowing
everything about everything
but end up knowing nothing about anything
because of their association
with architects and engineers
136. Win7 & Windows Server 2008 R2
(DirectAccess), UAC, non-admin
login, NAP, Active Directory (Group
Policy), autentificare cu certificate
(X.509), IPSec, IPv6 (Teredo), DNSv6,
Firewall, BitLocker, BitLocker to Go