Anatomie eines Angriffs

353 Aufrufe

Veröffentlicht am

Demo eines Angriffs - das eingebaute video entält aber nicht die DarkComet sektion...

Veröffentlicht in: Technologie
0 Kommentare
0 Gefällt mir
Statistik
Notizen
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Keine Downloads
Aufrufe
Aufrufe insgesamt
353
Auf SlideShare
0
Aus Einbettungen
0
Anzahl an Einbettungen
7
Aktionen
Geteilt
0
Downloads
5
Kommentare
0
Gefällt mir
0
Einbettungen 0
Keine Einbettungen

Keine Notizen für die Folie
  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • Anatomie eines Angriffs

    1. 1. Die Anatomie eines Angriffs Wolfgang Kandek, Qualys wkandek@qualys.com @wkandek 23. September 2015 Hamburg
    2. 2. Verizon Data Breach Investigation Report
    3. 3. Verizon Data Breach Investigation Report
    4. 4. Verizon Data Breach Investigation Report
    5. 5. Verizon Data Breach Investigation Report
    6. 6. 2122 Data Breaches
    7. 7. 2122 Data Breaches Finanzdaten, Produktdaten, Persönliche Daten, Benutzernamen/Passwörter
    8. 8. Schwachstellen
    9. 9. > 99% über 1 Jahr alt
    10. 10. > 99%
    11. 11. Aber 40 in 2014
    12. 12. Aber 40 in 2014 Und 50% innerhalb von 2 Wochen
    13. 13. > 99%
    14. 14. Malware auf dem Computer Exploit für bekannte Schwachstelle Geziehlte E-mail Spear Phishing Profil auf Social Media Exploit für 0-day Schwachstelle Bekannter Worm/Virus Infizierter USB Drive Betroffene Computer finden Command and Control Benutzer- namen/ Passwörter Daten Verlust Marke Finanz Sonstige
    15. 15. Demo
    16. 16. 1. CTO (punk fan), ticket punk rock show, öffnet Word Datei, Script funktioniert nicht 2. Angestellter, Stellenangebot, öffnet Word Datei, Script funktioniert 3. COO (Griechenlandspezialist), Journalist, Zeitungsartikel, keine Zeit/Interesse 4. Angestellter, Informationsgesuch über privates Projekt, Word Datei nicht geöffnet 5. Angestellter, Informationen über eine Anstellung, Word Datei geöffnet, infiziert, aber nicht die nötigen Zugriffsrechte 6. Systemverwalter, Angebot einer Mitgliedschaft, Word Datei geöffnet, Script funktioniert, infiziert...
    17. 17. Demo
    18. 18. Demo
    19. 19. Phishing Training
    20. 20. Phishing Training 10%->2%
    21. 21. Schwachstellen Patch
    22. 22. Schwachstellen Patch 95%/99%
    23. 23. > 99%
    24. 24. > 99%
    25. 25. Schwachstellen Patch 95%/99% Priorität auf Exploits MS15-020, MS15-051
    26. 26. 0-days Härten
    27. 27. > 99%
    28. 28. Dann: Passwörter
    29. 29. Schliesslich: Breach Detection
    30. 30. Danke Wolfgang Kandek wkandek@qualys.com @wkandek http://www.qualys.com
    31. 31. Referenzen • Mr Robot – bei iTunes und Amazon https://de.wikipedia.org/wiki/Mr._Robot(Fernsehserie) • Verizon DBIR 2015 http://www.verizonenterprise.com/DBIR/ • Chevron https://www.rsaconference.com/events/us15/agenda/sessions/1983/ building-a-next-generation-security-architecture • BSI https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikatio nen/Lageberichte/Lagebericht2014.pdf • Härten https://www.virusbtn.com/pdf/conference_slides/2013/Niemela- VB2013.pdf

    ×