Technical Cyber Defense Strategies Explained!

1,459 views

Published on

More info on http://techdays.be.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,459
On SlideShare
0
From Embeds
0
Number of Embeds
94
Actions
Shares
0
Downloads
35
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Technical Cyber Defense Strategies Explained!

  1. 1. Technical Cyber DefenseStrategies ExplainedMarcus Murray & Hasain AlshakartiTruesec Security Team, MVP-Enterprise Securityx2
  2. 2. Marcus Murray Hasain Alshakarti
  3. 3. WARNING! Session format = DISCUSSION!
  4. 4. Soo.. What does it take to be hack-proof?
  5. 5. Let´s start with the big picture!
  6. 6. We all know what a network looks like.. Web Srv Mail Srv DC File Srv Mail Srv Client Client
  7. 7. Internet Strategy ClientFront-end Web Srv Mail SrvBack-end DC SqlSrv FileSrv Client Client Admin User
  8. 8. Traditional internal Strategy Client AdminFront-end Web Srv Mail SrvBack-end DC SqlSrv FileSrv Client Client Admin User
  9. 9. Demo – Hacking SQL.. SqlSrv
  10. 10. Traditional Internet strategy World access Trusted access Admin access Client network Client (Internet)World Cloud Front-end Internet Front-endAccessible Client Client network Client Cloud back-end Internet back-end (Managed) Client Client Internal back-end Internal Front-end FileSrv
  11. 11. Apply Internet strategy internally World access Trusted access Admin access Client network Client network Client (Internet) (Managed)World Cloud Front-end Internet Front-end Secure Access LayerAccessible Client Cloud back-end Internet back-end Internal Front-end Internal back-end
  12. 12. Let´s add som future.. (today for some..) World access Trusted access Admin access Client network Client network Client (Internet) (Managed)World Cloud Front-end Internet Front-end Secure Access LayerAccessible Client Cloud back-end Internet back-end Internal Front-end Fabric controllers. Fabric controllers Internal back-end
  13. 13. Implementing Secure networking - DEMO• Ipsec domain isolation• Direct Access• Ipsec server isolation
  14. 14. Domain Isolation - Demo World access Trusted access Client Admin access Client network Client (Managed) File Srv Internal Sql Srv
  15. 15. Direct access - Demo World access Trusted access Client Admin access Client network (Managed) ClientWorld Secure Access Layer DA SrvAccessible File Srv Internal Sql Srv
  16. 16. Server isolation - Demo World access Trusted access Client Admin access Client network (Managed) ClientWorld Secure Access Layer DA SrvAccessible File Srv Internal Front-end Sql Srv Internal back-end
  17. 17. So, if the clients are on the ”internet” all the time.. • Physical access Client • Firewall User • Patching • Non-admin • Malware protection • Secure transport Web Srv
  18. 18. Physical access protection• Bitlocker• Protect from DMA access! – http://support.microsoft.com/k b/2516445
  19. 19. Local Firewall • Is there ANY reason why the Client client firewall must allow inbound traffic at any time? User Client User Web Srv
  20. 20. Patching, of course, but what about the 0-days? • Non-Admin Client • Early mitigations User • Patching strategy Client User Web Srv
  21. 21. Malware protection • Macro settings • Antivirus? Yes or No? • Remember applocker? Client User
  22. 22. Secure transports…. • Weak protocols… Client – Clear text – NTLM configurations User Client • Direct access! • IPSEC! User Web Srv
  23. 23. So, what about BYOD? World access Trusted access Admin access Client network Client network Client (Internet) (Managed)World Cloud Front-end Internet Front-end Secure Access LayerAccessible Client Cloud back-end Internet back-end Internal Front-end Internal back-end • Application classification • Data classification
  24. 24. ..and… adminclients • Should an adminuser/computer be Client on the ”internet”? • Should an admin user read email? Admin • Safe admin access – Non compromized computer – Trusted communication channel – Robust exposure of admin interface • Robust services DC • Limited number of administrators – Authentication – Authorization
  25. 25. And let´s talk about server services. • Robust service Client – Authentication – Authorization User • Firewall • Patching • privs • depencencies • Admin exposure Web Srv
  26. 26. Web server attack Web Srv
  27. 27. Marcus Murray Hasain Alshakarti
  28. 28. Thank you for listening! 

×