Die Anatomie eines Angriffs
Wolfgang Kandek, Qualys
wkandek@qualys.com
@wkandek
23. September 2015 Hamburg
Verizon Data Breach Investigation Report
Verizon Data Breach Investigation Report
Verizon Data Breach Investigation Report
Verizon Data Breach Investigation Report
2122 Data Breaches
2122 Data Breaches
Finanzdaten, Produktdaten,
Persönliche Daten,
Benutzernamen/Passwörter
Schwachstellen
> 99% über 1 Jahr alt
> 99%
Aber 40 in 2014
Aber 40 in 2014
Und 50% innerhalb von 2 Wochen
> 99%
Malware
auf dem
Computer
Exploit für
bekannte
Schwachstelle
Geziehlte
E-mail
Spear
Phishing
Profil auf
Social
Media
Exploi...
Demo
1. CTO (punk fan), ticket punk rock show, öffnet Word Datei,
Script funktioniert nicht
2. Angestellter, Stellenangebot, öf...
Demo
Demo
Phishing
Training
Phishing
Training
10%->2%
Schwachstellen
Patch
Schwachstellen
Patch
95%/99%
> 99%
> 99%
Schwachstellen
Patch
95%/99%
Priorität auf Exploits
MS15-020, MS15-051
0-days
Härten
> 99%
Dann:
Passwörter
Schliesslich:
Breach Detection
Danke
Wolfgang Kandek
wkandek@qualys.com
@wkandek
http://www.qualys.com
Referenzen
• Mr Robot – bei iTunes und Amazon
https://de.wikipedia.org/wiki/Mr._Robot(Fernsehserie)
• Verizon DBIR 2015
ht...
Nächste SlideShare
Wird geladen in …5
×

Anatomie eines Angriffs

396 Aufrufe

Veröffentlicht am

Demo eines Angriffs - das eingebaute video entält aber nicht die DarkComet sektion...

Veröffentlicht in: Technologie
0 Kommentare
0 Gefällt mir
Statistik
Notizen
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Keine Downloads
Aufrufe
Aufrufe insgesamt
396
Auf SlideShare
0
Aus Einbettungen
0
Anzahl an Einbettungen
3
Aktionen
Geteilt
0
Downloads
5
Kommentare
0
Gefällt mir
0
Einbettungen 0
Keine Einbettungen

Keine Notizen für die Folie
  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • PCI Compliance:
    A secure connection between the customer’s browser and the web server
    Validation that the Website operators are a legitimate, legally accountable organization
    Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.
    Verify the use of encryption (for example, SSL/TLS or IPSEC) wherever cardholder data is transmitted or received over open, public networks
    Verify that strong encryption is used during data transmission
    For SSL implementations: - Verify that the server supports the latest patched versions. - Verify that HTTPS appears as a part of the browser Universal Record Locator (URL). - Verify that no cardholder data is required when HTTPS does not appear in the URL.
    Select a sample of transactions as they are received and observe transactions as they occur to verify that cardholder data is encrypted during transit.
    Verify that only trusted SSL/TLS keys/certificates are accepted.
    Verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

    Typically, compliant entities have a year grace period to meet the new requirement.

    Transmission confidentiality and Integrity (SC-8)
    The information system protects the [FedRAMP Assignment: confidentiality AND integrity] of transmitted information.


  • Anatomie eines Angriffs

    1. 1. Die Anatomie eines Angriffs Wolfgang Kandek, Qualys wkandek@qualys.com @wkandek 23. September 2015 Hamburg
    2. 2. Verizon Data Breach Investigation Report
    3. 3. Verizon Data Breach Investigation Report
    4. 4. Verizon Data Breach Investigation Report
    5. 5. Verizon Data Breach Investigation Report
    6. 6. 2122 Data Breaches
    7. 7. 2122 Data Breaches Finanzdaten, Produktdaten, Persönliche Daten, Benutzernamen/Passwörter
    8. 8. Schwachstellen
    9. 9. > 99% über 1 Jahr alt
    10. 10. > 99%
    11. 11. Aber 40 in 2014
    12. 12. Aber 40 in 2014 Und 50% innerhalb von 2 Wochen
    13. 13. > 99%
    14. 14. Malware auf dem Computer Exploit für bekannte Schwachstelle Geziehlte E-mail Spear Phishing Profil auf Social Media Exploit für 0-day Schwachstelle Bekannter Worm/Virus Infizierter USB Drive Betroffene Computer finden Command and Control Benutzer- namen/ Passwörter Daten Verlust Marke Finanz Sonstige
    15. 15. Demo
    16. 16. 1. CTO (punk fan), ticket punk rock show, öffnet Word Datei, Script funktioniert nicht 2. Angestellter, Stellenangebot, öffnet Word Datei, Script funktioniert 3. COO (Griechenlandspezialist), Journalist, Zeitungsartikel, keine Zeit/Interesse 4. Angestellter, Informationsgesuch über privates Projekt, Word Datei nicht geöffnet 5. Angestellter, Informationen über eine Anstellung, Word Datei geöffnet, infiziert, aber nicht die nötigen Zugriffsrechte 6. Systemverwalter, Angebot einer Mitgliedschaft, Word Datei geöffnet, Script funktioniert, infiziert...
    17. 17. Demo
    18. 18. Demo
    19. 19. Phishing Training
    20. 20. Phishing Training 10%->2%
    21. 21. Schwachstellen Patch
    22. 22. Schwachstellen Patch 95%/99%
    23. 23. > 99%
    24. 24. > 99%
    25. 25. Schwachstellen Patch 95%/99% Priorität auf Exploits MS15-020, MS15-051
    26. 26. 0-days Härten
    27. 27. > 99%
    28. 28. Dann: Passwörter
    29. 29. Schliesslich: Breach Detection
    30. 30. Danke Wolfgang Kandek wkandek@qualys.com @wkandek http://www.qualys.com
    31. 31. Referenzen • Mr Robot – bei iTunes und Amazon https://de.wikipedia.org/wiki/Mr._Robot(Fernsehserie) • Verizon DBIR 2015 http://www.verizonenterprise.com/DBIR/ • Chevron https://www.rsaconference.com/events/us15/agenda/sessions/1983/ building-a-next-generation-security-architecture • BSI https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikatio nen/Lageberichte/Lagebericht2014.pdf • Härten https://www.virusbtn.com/pdf/conference_slides/2013/Niemela- VB2013.pdf

    ×