SlideShare ist ein Scribd-Unternehmen logo

Perimeter Defense in a World Without Walls

Als PPT, PDF herunterladen
D
Dan Houser

Perimeter Defense when you don't have a perimeter, and how to change the paradigm to protect hosts, and hide from the bad guys. Introduction of the Big Freakin' Haystack project (that, sadly, went nowhere).

Internet
1 von 38
©Copyright 2005 – Daniel D. Houser Perimeter Defense in aPerimeter Defense in a World Without WallsWorld Without Walls Central Ohio ISSACentral Ohio ISSA Dan Houser, CISSP, CISMDan Houser, CISSP, CISM March 16, 2005
2 OverviewOverview  Classic firewall perspectiveClassic firewall perspective  Where firewalls fall shortWhere firewalls fall short  Changes in the security spaceChanges in the security space  Suggestions for improving network securitySuggestions for improving network security  Strategic visionStrategic vision  Tactical focusTactical focus  Q&AQ&A This presentation is designed to be the visit through theThis presentation is designed to be the visit through the looking glass… Thinking about perimeter security with alooking glass… Thinking about perimeter security with a different perspective.different perspective.
3 Fortress mentalityFortress mentality NetworkNetwork implementation ofimplementation of physical barriersphysical barriers Designed withDesigned with overlapping, visible,overlapping, visible, impenetrableimpenetrable barriersbarriers Classic perimeter securityClassic perimeter security Atlantic Wall
4 Classic firewall/DMZ designClassic firewall/DMZ design ExternalExternal Throne Room Outer Courtyard Inner Courtyard
5 Assumptions of theAssumptions of the classic perimeter security modelclassic perimeter security model  Attackers are outside trying toAttackers are outside trying to break inbreak in  Attackers cannot breach the wallAttackers cannot breach the wall  Attackers are identified by guardsAttackers are identified by guards  Guards are loyalGuards are loyal  All contact comes through singleAll contact comes through single pathpath Unfortunately, these are all wrong.Unfortunately, these are all wrong.
6 RealityReality  Most attackers are insideMost attackers are inside  Attackers can breach the wallAttackers can breach the wall  Guards can’t identify allGuards can’t identify all attackersattackers  Guards can be subvertedGuards can be subverted  Communication over MANYCommunication over MANY pathspaths
7 Reality: Many communication pathsReality: Many communication paths Business partners Affiliates Subsidiaries Telecommuters On-site Consultants Support Technicians Off-site Consultants ?? ?? ?? Spybots Spyware / Adware Spyware / Adware
8 Red Queen raceRed Queen race ““You have to run faster and faster just to stayYou have to run faster and faster just to stay in the same place!”in the same place!” –– The Red Queen,The Red Queen, Alice in WonderlandAlice in Wonderland Image courtesy www.rushlimbaugh.com
9 CERT Statistics 1990 - 2Q2004 0 50000 100000 150000 200000 250000 300000 19 9 0 1 9 9 2 1 9 9 4 1 9 9 6 1 9 9 8 2 0 0 0 2 0 0 2 20 0 4 Incidents Information courtesy CERT®/CC, Statistics 1988-2004, http://www.cert.org/stats/cert_stats.html Red Queen raceRed Queen race
10  Web Services Security is changing the rules:Web Services Security is changing the rules:  Outsourced authentication (federated)Outsourced authentication (federated)  Extranet access to core systemsExtranet access to core systems  RPC calls over HTTP using XML & SOAPRPC calls over HTTP using XML & SOAP  Offshore services, data processingOffshore services, data processing  Highly connected networksHighly connected networks  Very tight business integrationVery tight business integration In short,In short, there is no network perimeterthere is no network perimeter Red Queen raceRed Queen race
11 New paradigms are neededNew paradigms are needed We must migrate from ground-basedWe must migrate from ground-based warfare to a model that fits informationwarfare to a model that fits information warfarewarfare ““He who does not learn from history is doomedHe who does not learn from history is doomed to repeat it.”to repeat it.”  The Maginot Line was bypassedThe Maginot Line was bypassed  The Atlantic Wall was pierced and defeatedThe Atlantic Wall was pierced and defeated  The Great Wall provided only partial protectionThe Great Wall provided only partial protection  The Alamo fell to a massive attackThe Alamo fell to a massive attack
12 New paradigm: Submarine warfareNew paradigm: Submarine warfare  In submarine warfare…In submarine warfare…  Everyone is an enemy until proven otherwiseEveryone is an enemy until proven otherwise  All contacts are tracked and loggedAll contacts are tracked and logged  Hardened autonomous systemsHardened autonomous systems  Rules of engagement govern all responseRules of engagement govern all response  Constant vigilanceConstant vigilance  Identify Friend or Foe (IFF) becomes vitalIdentify Friend or Foe (IFF) becomes vital  Hunter-killer units vital to protect strategic investmentsHunter-killer units vital to protect strategic investments – offensive as well as defensive players– offensive as well as defensive players  Environment “listeners” for ASW and trackingEnvironment “listeners” for ASW and tracking  Evade detection, hound and confuse the enemyEvade detection, hound and confuse the enemy
13 Harden all devices, not just DMZHarden all devices, not just DMZ  Use of hardened kernels forUse of hardened kernels for allall serversservers  Harden all systems and run minimal servicesHarden all systems and run minimal services Minimal installations on desktopsMinimal installations on desktops  Dumb terminals where availableDumb terminals where available  Provide Office tools to knowledge workers onlyProvide Office tools to knowledge workers only  Strip unneeded capabilities from kiosksStrip unneeded capabilities from kiosks  Remove the ability to install softwareRemove the ability to install software Analyze traffic, not just headersAnalyze traffic, not just headers  Application-based firewallsApplication-based firewalls  XML FilteringXML Filtering How does Submarine Warfare translateHow does Submarine Warfare translate into InfoWarfare?into InfoWarfare?
14 How does Submarine Warfare translateHow does Submarine Warfare translate into InfoWarfare?into InfoWarfare? Segregate boot camp from the theatre of operationsSegregate boot camp from the theatre of operations  VLAN development, test, DR & productionVLAN development, test, DR & production  Make change control yourMake change control your code firewallcode firewall  Only change control spans 2 security zonesOnly change control spans 2 security zones  Production support segregated from source codeProduction support segregated from source code  Endpoint compliance / Walled GardenEndpoint compliance / Walled Garden Core network becomes the DMZCore network becomes the DMZ  SinceSince most attacks are from withinmost attacks are from within , make, make cubicles a DMZcubicles a DMZ  Create hardened subnets for accounting, HR, IT,Create hardened subnets for accounting, HR, IT, operationsoperations  Publish intranets in the DMZPublish intranets in the DMZ
15Source: InformationSecurity Magazine, “Network Security: Submarine Warfare”, Dan Houser, 2003, http://tinyurl.com/nwk7 ` Network segmentation: Crunchy on the outside and the middle
16 Heavy use of crypto for IFF functionsHeavy use of crypto for IFF functions  Accelerators & HSM will be key technologiesAccelerators & HSM will be key technologies  Require all packets to be signed (e.g. Kerberos)Require all packets to be signed (e.g. Kerberos)  Certificate revocation for intrusion preventionCertificate revocation for intrusion prevention  Network PKI becomes mission critical at layer 2Network PKI becomes mission critical at layer 2  Emerging products for Layer2 auth – TNT/EndforceEmerging products for Layer2 auth – TNT/Endforce Network IDS is keyNetwork IDS is key  Analyzing packets for IFF analysis, heuristicsAnalyzing packets for IFF analysis, heuristics  ISP pre-filtered IDSISP pre-filtered IDS  Analog threat taggingAnalog threat tagging  Identifying and tracking intrudersIdentifying and tracking intruders  Isolating subnets with hostile trafficIsolating subnets with hostile traffic  Revoke certificates for hostile serversRevoke certificates for hostile servers  Vectoring CIRTVectoring CIRT How does Submarine Warfare translateHow does Submarine Warfare translate into InfoWarfare?into InfoWarfare?
17 Tiger teams and internal search & seizureTiger teams and internal search & seizure  Businesses can’t afford rogue serversBusinesses can’t afford rogue servers  Zero tolerance policy for hackingZero tolerance policy for hacking  Ethical hackers, capture the flag & war games: A&PEthical hackers, capture the flag & war games: A&P  Vulnerability assessment teamsVulnerability assessment teams Drill and war gamesDrill and war games  Red teams – capture the flagRed teams – capture the flag  Blue teams – learn from red teams, patchBlue teams – learn from red teams, patch vulnerabilitiesvulnerabilities Highly trained staff becomes coreHighly trained staff becomes core competencycompetency  TrainingTraining  EducationEducation  Employee retentionEmployee retention How does Submarine Warfare translateHow does Submarine Warfare translate into InfoWarfare?into InfoWarfare?
18 "All warfare is based on deception.". -Sun Tzu"All warfare is based on deception.". -Sun Tzu Confuse and harass attackers…Confuse and harass attackers… Make your real servers look bogusMake your real servers look bogus  Save all .ASP code as .CGI files, perl as .ASPSave all .ASP code as .CGI files, perl as .ASP  Configure responses from Apache that mimic IISConfigure responses from Apache that mimic IIS  Open dummy NetBIOS ports on Unix serversOpen dummy NetBIOS ports on Unix servers  Use unpredictable ports: run SSH on 19384Use unpredictable ports: run SSH on 19384  Call your database server “Firewall”Call your database server “Firewall”  Route bogus traffic to IDS networkRoute bogus traffic to IDS network How does Submarine Warfare translateHow does Submarine Warfare translate into InfoWarfare?into InfoWarfare?
19 Further deception techniquesFurther deception techniques  Perception managementPerception management  Low profile facilitiesLow profile facilities  Red Herring accountsRed Herring accounts  Minimalistic error messages (or fake error messages)Minimalistic error messages (or fake error messages)  Temporary blindness – ignoring misbehaving nodesTemporary blindness – ignoring misbehaving nodes  Deceptive websites: false configs & backdoorsDeceptive websites: false configs & backdoors See Fred Cohen’s Site: www.all.netSee Fred Cohen’s Site: www.all.net How does Submarine Warfare translateHow does Submarine Warfare translate into InfoWarfare?into InfoWarfare?
20 Internet attacks haveInternet attacks have changed…changed… Photo Courtesy NASA
21 Old school attackOld school attack  Lone interloper targets major firmLone interloper targets major firm  Studies publicly available informationStudies publicly available information  Hangs out at local pub, befriends sales teamHangs out at local pub, befriends sales team  Dumpster dives to obtain manuals, phone listsDumpster dives to obtain manuals, phone lists  Uses war-dialer to find modems & remote hostsUses war-dialer to find modems & remote hosts  Uses social engineering to obtain passwordsUses social engineering to obtain passwords  Dials up hosts, logs in, mayhem & mischiefDials up hosts, logs in, mayhem & mischief
22 ““Modern” attackModern” attack  Lone interloper targets IP rangeLone interloper targets IP range  Downloads script kiddy toolsDownloads script kiddy tools  Scans IP range looking for vulnerable hostsScans IP range looking for vulnerable hosts  Port scans hosts looking for exploitablePort scans hosts looking for exploitable servicesservices  Uses exploit tool, mayhem & mischiefUses exploit tool, mayhem & mischief Target selection now a target of opportunity…Target selection now a target of opportunity… indiscriminate attackindiscriminate attack
23 Worms hit 10,000 networks atWorms hit 10,000 networks at once…once… Photo Courtesy The Weather Channel
24 What we need is early warningWhat we need is early warning Photo Courtesy NASA
25 Hide in the open: Honeyd + arpdHide in the open: Honeyd + arpd  Low-interaction virtual honeypotLow-interaction virtual honeypot  honeyd with arpd creates virtual networkhoneyd with arpd creates virtual network  Create server that emulates address range: 10.x.x.x,Create server that emulates address range: 10.x.x.x, 192.168.x.x, public IP range192.168.x.x, public IP range  Listen on all portsListen on all ports  Emulate good hosts: MS-Exchange, Solaris/Oracle,Emulate good hosts: MS-Exchange, Solaris/Oracle, MS-SQL, RedHat/Apache/Tomcat, WinXP ProMS-SQL, RedHat/Apache/Tomcat, WinXP Pro  Emulate bad boxes: botnet servers, Warez server,Emulate bad boxes: botnet servers, Warez server, trojaned workstations, Win95 workstation, backdoortrojaned workstations, Win95 workstation, backdoor
26  Convert unused address space into decoyConvert unused address space into decoy tripwire nets - 16,320,000 decoys to 200 "real"tripwire nets - 16,320,000 decoys to 200 "real" serversservers  Stop swallowing packets: route unreachable hosts toStop swallowing packets: route unreachable hosts to the virtual honeynetthe virtual honeynet  190,000 decoys per “real” server = 99.9995%190,000 decoys per “real” server = 99.9995% detectiondetection  Any hits are malicious – route to IDS / IPSAny hits are malicious – route to IDS / IPS  Research attack profile.Research attack profile.  Block attackers for 1 hour, 2 hours, 24 hours, 1 week.Block attackers for 1 hour, 2 hours, 24 hours, 1 week.  You’ve gained breathing room to respond to realYou’ve gained breathing room to respond to real attacksattacks Hide in the open: Honeyd + arpdHide in the open: Honeyd + arpd
27 Router Real Network BFH Honeyd Emulator Honeycomb IDS Distributed Config IPS Hide in the open:Hide in the open: Big freakin’ haystackBig freakin’ haystack
28 Hide in the openHide in the open
29 The fun has just begun…The fun has just begun… LaBrea: SYN/ACK, TCP Window size = 0 (wait)LaBrea: SYN/ACK, TCP Window size = 0 (wait)  Load LaBrea to freeze a scan, run onLoad LaBrea to freeze a scan, run on randomrandom portport  Freezes Windows-based scanners up to 4 minutesFreezes Windows-based scanners up to 4 minutes  Scanning 10,000 hosts takesScanning 10,000 hosts takes 27 days27 days..  Detecting 100 unpublished hosts in Class A wouldDetecting 100 unpublished hosts in Class A would take approximately 112 yearstake approximately 112 years Disclaimer:Disclaimer: This may be illegal in your municipality. I am not a lawyer. Talk to one.This may be illegal in your municipality. I am not a lawyer. Talk to one.
30 Storm Surge ModeStorm Surge Mode : active re-configuration: active re-configuration  Suppose your “standard” BFH net emulates:Suppose your “standard” BFH net emulates: 25%25% Apache/Tomcat on RedHat 7Apache/Tomcat on RedHat 7 25%25% Microsoft SQL on Win2003 ServerMicrosoft SQL on Win2003 Server 25%25% Lotus Notes/Domino on Win2k ServerLotus Notes/Domino on Win2k Server 25%25% Oracle 9i on SolarisOracle 9i on Solaris  IDS telemetry reports spike in Win2k attacksIDS telemetry reports spike in Win2k attacks  BFH configuration changes:BFH configuration changes: 30%30% Microsoft SQL on Win2k ServerMicrosoft SQL on Win2k Server 30%30% Exchange on Win2k ServerExchange on Win2k Server 30%30% IIS on Win2k ServerIIS on Win2k Server 10%10% Allocated among 30 other server/workstation imagesAllocated among 30 other server/workstation images The fun has just begun…The fun has just begun…
31  Virtual honeynets: Make legitimate servers look likeVirtual honeynets: Make legitimate servers look like bogus servers.bogus servers.  Make all servers (fake & real) look identicalMake all servers (fake & real) look identical  BFH in your internal networkBFH in your internal network  Malware outbreaks see your network with 16 million hostsMalware outbreaks see your network with 16 million hosts  Ability to detect worms while slowing spread by 600xAbility to detect worms while slowing spread by 600x  If all Class A, B & C networks ran BFH:If all Class A, B & C networks ran BFH:  Emulation of 12,493,209,429,306 bogus hostsEmulation of 12,493,209,429,306 bogus hosts  Port scans & profiling a thing of the pastPort scans & profiling a thing of the past  Worms and script kiddies would be economicallyWorms and script kiddies would be economically infeasible.infeasible. The fun has just begun…The fun has just begun…
32 Where toWhere to get started?get started? SwitchingSwitching models willmodels will take time…take time… What do we doWhat do we do in thein the interim?interim?
33 Turning the tide: Resilient systemsTurning the tide: Resilient systems  Server & desktop hardened imagesServer & desktop hardened images  Security templates – lock down desktopsSecurity templates – lock down desktops  Server-based authentication – PKIServer-based authentication – PKI  Host-based intrusion detectionHost-based intrusion detection  Centralized loggingCentralized logging  Out-of-band server managementOut-of-band server management  Honeypots / honeynets / tarpitsHoneypots / honeynets / tarpits  Camouflage and deception in DMZCamouflage and deception in DMZ  Consider Layer 2 validation / Walled GardenConsider Layer 2 validation / Walled Garden
34 Turning the tide: PeopleTurning the tide: People  Security is a people problem, not a technical problemSecurity is a people problem, not a technical problem  Hire and train smart, security-minded people to run yourHire and train smart, security-minded people to run your networks and serversnetworks and servers  Reward security:Reward security:  Establish benchmarks & vulnerability metricsEstablish benchmarks & vulnerability metrics  Create confidentiality & integrity metrics & SLAsCreate confidentiality & integrity metrics & SLAs  Audit against the benchmarksAudit against the benchmarks  Include security as major salary/bonus modifierInclude security as major salary/bonus modifier  Job descriptions must incorporate security objectivesJob descriptions must incorporate security objectives  Train developers, architects & BAs on how to developTrain developers, architects & BAs on how to develop secure systemssecure systems  Equate security breaches & cracking tools like weaponsEquate security breaches & cracking tools like weapons or drugs in the workplace – a “zero tolerance” policy?or drugs in the workplace – a “zero tolerance” policy?
35 Turning the tide: ProcessTurning the tide: Process  Assess risk & vulnerability: BIAAssess risk & vulnerability: BIA  Include security in feature sets & requirementsInclude security in feature sets & requirements  Segregation of Developers, Testers & Production,Segregation of Developers, Testers & Production, and particularly Prod Support from source codeand particularly Prod Support from source code  Change management & access rightsChange management & access rights  Certification & AccreditationCertification & Accreditation  Engage security team in charter & proposal phaseEngage security team in charter & proposal phase  Bake security into the systems lifecycleBake security into the systems lifecycle  Require sponsor risk acceptance & authorizationRequire sponsor risk acceptance & authorization  Embed accreditation into change controlEmbed accreditation into change control  Include security in contract review and ROIInclude security in contract review and ROI  Configuration ManagementConfiguration Management →→ security patch listssecurity patch lists
36 SummarySummary  Use firewalls, but as one of many toolsUse firewalls, but as one of many tools  Start network security with people,Start network security with people, process and host securityprocess and host security  Think outside the box when developingThink outside the box when developing security architecturessecurity architectures  Be prepared to dump your perimeterBe prepared to dump your perimeter  Focus on malleable networkingFocus on malleable networking  Protect assets according to their valueProtect assets according to their value
37 Q&AQ&A Copyright FarWorks & Gary Larson
38 Contact informationContact information Dan Houser, CISSP, CISM, ISSAPDan Houser, CISSP, CISM, ISSAP dan.houser@gmail.comdan.houser@gmail.com See Submarine Warfare article:See Submarine Warfare article: http://tinyurl.com/nwk7http://tinyurl.com/nwk7 This slide available on my (lame) homepage:This slide available on my (lame) homepage: http://web.infosec-forum.org/Members/ddhouserhttp://web.infosec-forum.org/Members/ddhouser

Empfohlen

ECSA Cyber Security Conference 2011
ECSA Cyber Security Conference 2011ECSA Cyber Security Conference 2011
ECSA Cyber Security Conference 2011Filip Maertens
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORTSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
 
Safetower demo presetation1
Safetower demo presetation1Safetower demo presetation1
Safetower demo presetation1spate.safetower
 
Safetower demo presetationcompressed
Safetower demo presetationcompressedSafetower demo presetationcompressed
Safetower demo presetationcompressedspate.safetower
 
Total Defense Product Information
Total Defense Product InformationTotal Defense Product Information
Total Defense Product InformationZeeshan Humayun
 
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...AgileNetwork
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
 

Empfohlen

ECSA Cyber Security Conference 2011
ECSA Cyber Security Conference 2011ECSA Cyber Security Conference 2011
ECSA Cyber Security Conference 2011Filip Maertens
 
Web Application Detection with SNORT
Web Application Detection with SNORTWeb Application Detection with SNORT
Web Application Detection with SNORTSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
 
Safetower demo presetation1
Safetower demo presetation1Safetower demo presetation1
Safetower demo presetation1spate.safetower
 
Safetower demo presetationcompressed
Safetower demo presetationcompressedSafetower demo presetationcompressed
Safetower demo presetationcompressedspate.safetower
 
Total Defense Product Information
Total Defense Product InformationTotal Defense Product Information
Total Defense Product InformationZeeshan Humayun
 
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...AgileNetwork
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
 
Castle Presentation 08-12-04
Castle Presentation 08-12-04Castle Presentation 08-12-04
Castle Presentation 08-12-04Howard Hellman
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imhoW Fred Seigneur
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial CybersecurityWestermo Network Technologies
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of CybersecurityBenoit Callebaut
 
Advanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usAdvanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usPriyanka Aash
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperationsAntonio (Tony) Robinson
 
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...David Etue
 
Security Operations in the Cloud
Security Operations in the CloudSecurity Operations in the Cloud
Security Operations in the CloudArmor
 
Fortinet Tanıtım
Fortinet TanıtımFortinet Tanıtım
Fortinet TanıtımGüney Bilişim
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...Diego Kreutz
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation SecurityCybera Inc.
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSolarWinds
 
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...Hillel Kobrovski
 
Security of information asset
Security of information assetSecurity of information asset
Security of information assetUniversity of Central Punjab
 
Hacking Bourbon
Hacking BourbonHacking Bourbon
Hacking BourbonDan Houser
 
2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called Ethics2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called EthicsDan Houser
 

Weitere ähnliche Inhalte

Ähnlich wie Perimeter Defense in a World Without Walls

Castle Presentation 08-12-04
Castle Presentation 08-12-04Castle Presentation 08-12-04
Castle Presentation 08-12-04Howard Hellman
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imhoW Fred Seigneur
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of CybersecurityBenoit Callebaut
 
Advanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usAdvanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usPriyanka Aash
 
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...David Etue
 
Security Operations in the Cloud
Security Operations in the CloudSecurity Operations in the Cloud
Security Operations in the CloudArmor
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...Diego Kreutz
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation SecurityCybera Inc.
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSolarWinds
 
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...Hillel Kobrovski
 

Ähnlich wie Perimeter Defense in a World Without Walls (20)

Castle Presentation 08-12-04
Castle Presentation 08-12-04Castle Presentation 08-12-04
Castle Presentation 08-12-04
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imho
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
 
Advanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usAdvanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to us
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
 
Security Operations in the Cloud
Security Operations in the CloudSecurity Operations in the Cloud
Security Operations in the Cloud
 
Fortinet Tanıtım
Fortinet TanıtımFortinet Tanıtım
Fortinet Tanıtım
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation Security
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM Solutions
 
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
הילל קוברובסקי - אתגרי אבטחת מידע והגנת סייבר בחיבור מאובטח לעבודה מרחוק של ע...
 
Security of information asset
Security of information assetSecurity of information asset
Security of information asset
 

Mehr von Dan Houser

Hacking Bourbon
Hacking BourbonHacking Bourbon
Hacking BourbonDan Houser
 
2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called Ethics2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called EthicsDan Houser
 
Securing Big Data and the Grid
Securing Big Data and the GridSecuring Big Data and the Grid
Securing Big Data and the GridDan Houser
 
RSA2008: What Vendors Won’t Tell You About Federated Identity
RSA2008: What Vendors Won’t Tell You About Federated IdentityRSA2008: What Vendors Won’t Tell You About Federated Identity
RSA2008: What Vendors Won’t Tell You About Federated IdentityDan Houser
 
The Challenges & Risks of New Technology: Privacy Law & Policy
The Challenges & Risks of New Technology: Privacy Law & PolicyThe Challenges & Risks of New Technology: Privacy Law & Policy
The Challenges & Risks of New Technology: Privacy Law & PolicyDan Houser
 
Risk Based Planning for Mission Continuity
Risk Based Planning for Mission ContinuityRisk Based Planning for Mission Continuity
Risk Based Planning for Mission ContinuityDan Houser
 
Security Capability Model - InfoSec Forum VIII
Security Capability Model - InfoSec Forum VIIISecurity Capability Model - InfoSec Forum VIII
Security Capability Model - InfoSec Forum VIIIDan Houser
 
Certifications and Career Development for Security Professionals
Certifications and Career Development for Security ProfessionalsCertifications and Career Development for Security Professionals
Certifications and Career Development for Security ProfessionalsDan Houser
 
Advanced IAM - Surviving the IAM Audit
Advanced IAM - Surviving the IAM AuditAdvanced IAM - Surviving the IAM Audit
Advanced IAM - Surviving the IAM AuditDan Houser
 
Debunking Information Security myths
Debunking Information Security mythsDebunking Information Security myths
Debunking Information Security mythsDan Houser
 
Hacking a Major Security Conference
Hacking a Major Security ConferenceHacking a Major Security Conference
Hacking a Major Security ConferenceDan Houser
 
Building & Running A Successful Identity Program
Building & Running A Successful Identity ProgramBuilding & Running A Successful Identity Program
Building & Running A Successful Identity ProgramDan Houser
 
Case Study: Securing & Tokenizing Big Data
Case Study: Securing & Tokenizing Big DataCase Study: Securing & Tokenizing Big Data
Case Study: Securing & Tokenizing Big DataDan Houser
 
Crypto in the Real World: or How to Scare an IT Auditor
Crypto in the Real World: or How to Scare an IT AuditorCrypto in the Real World: or How to Scare an IT Auditor
Crypto in the Real World: or How to Scare an IT AuditorDan Houser
 

Mehr von Dan Houser (14)

Hacking Bourbon
Hacking BourbonHacking Bourbon
Hacking Bourbon
 
2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called Ethics2013 (ISC)² Congress: This Curious Thing Called Ethics
2013 (ISC)² Congress: This Curious Thing Called Ethics
 
Securing Big Data and the Grid
Securing Big Data and the GridSecuring Big Data and the Grid
Securing Big Data and the Grid
 
RSA2008: What Vendors Won’t Tell You About Federated Identity
RSA2008: What Vendors Won’t Tell You About Federated IdentityRSA2008: What Vendors Won’t Tell You About Federated Identity
RSA2008: What Vendors Won’t Tell You About Federated Identity
 
The Challenges & Risks of New Technology: Privacy Law & Policy
The Challenges & Risks of New Technology: Privacy Law & PolicyThe Challenges & Risks of New Technology: Privacy Law & Policy
The Challenges & Risks of New Technology: Privacy Law & Policy
 
Risk Based Planning for Mission Continuity
Risk Based Planning for Mission ContinuityRisk Based Planning for Mission Continuity
Risk Based Planning for Mission Continuity
 
Security Capability Model - InfoSec Forum VIII
Security Capability Model - InfoSec Forum VIIISecurity Capability Model - InfoSec Forum VIII
Security Capability Model - InfoSec Forum VIII
 
Certifications and Career Development for Security Professionals
Certifications and Career Development for Security ProfessionalsCertifications and Career Development for Security Professionals
Certifications and Career Development for Security Professionals
 
Advanced IAM - Surviving the IAM Audit
Advanced IAM - Surviving the IAM AuditAdvanced IAM - Surviving the IAM Audit
Advanced IAM - Surviving the IAM Audit
 
Debunking Information Security myths
Debunking Information Security mythsDebunking Information Security myths
Debunking Information Security myths
 
Hacking a Major Security Conference
Hacking a Major Security ConferenceHacking a Major Security Conference
Hacking a Major Security Conference
 
Building & Running A Successful Identity Program
Building & Running A Successful Identity ProgramBuilding & Running A Successful Identity Program
Building & Running A Successful Identity Program
 
Case Study: Securing & Tokenizing Big Data
Case Study: Securing & Tokenizing Big DataCase Study: Securing & Tokenizing Big Data
Case Study: Securing & Tokenizing Big Data
 
Crypto in the Real World: or How to Scare an IT Auditor
Crypto in the Real World: or How to Scare an IT AuditorCrypto in the Real World: or How to Scare an IT Auditor
Crypto in the Real World: or How to Scare an IT Auditor
 

Kürzlich hochgeladen

Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 

Kürzlich hochgeladen (20)

Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 

Perimeter Defense in a World Without Walls

  • 1. ©Copyright 2005 – Daniel D. Houser Perimeter Defense in aPerimeter Defense in a World Without WallsWorld Without Walls Central Ohio ISSACentral Ohio ISSA Dan Houser, CISSP, CISMDan Houser, CISSP, CISM March 16, 2005
  • 2. 2 OverviewOverview  Classic firewall perspectiveClassic firewall perspective  Where firewalls fall shortWhere firewalls fall short  Changes in the security spaceChanges in the security space  Suggestions for improving network securitySuggestions for improving network security  Strategic visionStrategic vision  Tactical focusTactical focus  Q&AQ&A This presentation is designed to be the visit through theThis presentation is designed to be the visit through the looking glass… Thinking about perimeter security with alooking glass… Thinking about perimeter security with a different perspective.different perspective.
  • 3. 3 Fortress mentalityFortress mentality NetworkNetwork implementation ofimplementation of physical barriersphysical barriers Designed withDesigned with overlapping, visible,overlapping, visible, impenetrableimpenetrable barriersbarriers Classic perimeter securityClassic perimeter security Atlantic Wall
  • 4. 4 Classic firewall/DMZ designClassic firewall/DMZ design ExternalExternal Throne Room Outer Courtyard Inner Courtyard
  • 5. 5 Assumptions of theAssumptions of the classic perimeter security modelclassic perimeter security model  Attackers are outside trying toAttackers are outside trying to break inbreak in  Attackers cannot breach the wallAttackers cannot breach the wall  Attackers are identified by guardsAttackers are identified by guards  Guards are loyalGuards are loyal  All contact comes through singleAll contact comes through single pathpath Unfortunately, these are all wrong.Unfortunately, these are all wrong.
  • 6. 6 RealityReality  Most attackers are insideMost attackers are inside  Attackers can breach the wallAttackers can breach the wall  Guards can’t identify allGuards can’t identify all attackersattackers  Guards can be subvertedGuards can be subverted  Communication over MANYCommunication over MANY pathspaths
  • 7. 7 Reality: Many communication pathsReality: Many communication paths Business partners Affiliates Subsidiaries Telecommuters On-site Consultants Support Technicians Off-site Consultants ?? ?? ?? Spybots Spyware / Adware Spyware / Adware
  • 8. 8 Red Queen raceRed Queen race ““You have to run faster and faster just to stayYou have to run faster and faster just to stay in the same place!”in the same place!” –– The Red Queen,The Red Queen, Alice in WonderlandAlice in Wonderland Image courtesy www.rushlimbaugh.com
  • 9. 9 CERT Statistics 1990 - 2Q2004 0 50000 100000 150000 200000 250000 300000 19 9 0 1 9 9 2 1 9 9 4 1 9 9 6 1 9 9 8 2 0 0 0 2 0 0 2 20 0 4 Incidents Information courtesy CERT®/CC, Statistics 1988-2004, http://www.cert.org/stats/cert_stats.html Red Queen raceRed Queen race
  • 10. 10  Web Services Security is changing the rules:Web Services Security is changing the rules:  Outsourced authentication (federated)Outsourced authentication (federated)  Extranet access to core systemsExtranet access to core systems  RPC calls over HTTP using XML & SOAPRPC calls over HTTP using XML & SOAP  Offshore services, data processingOffshore services, data processing  Highly connected networksHighly connected networks  Very tight business integrationVery tight business integration In short,In short, there is no network perimeterthere is no network perimeter Red Queen raceRed Queen race
  • 11. 11 New paradigms are neededNew paradigms are needed We must migrate from ground-basedWe must migrate from ground-based warfare to a model that fits informationwarfare to a model that fits information warfarewarfare ““He who does not learn from history is doomedHe who does not learn from history is doomed to repeat it.”to repeat it.”  The Maginot Line was bypassedThe Maginot Line was bypassed  The Atlantic Wall was pierced and defeatedThe Atlantic Wall was pierced and defeated  The Great Wall provided only partial protectionThe Great Wall provided only partial protection  The Alamo fell to a massive attackThe Alamo fell to a massive attack
  • 12. 12 New paradigm: Submarine warfareNew paradigm: Submarine warfare  In submarine warfare…In submarine warfare…  Everyone is an enemy until proven otherwiseEveryone is an enemy until proven otherwise  All contacts are tracked and loggedAll contacts are tracked and logged  Hardened autonomous systemsHardened autonomous systems  Rules of engagement govern all responseRules of engagement govern all response  Constant vigilanceConstant vigilance  Identify Friend or Foe (IFF) becomes vitalIdentify Friend or Foe (IFF) becomes vital  Hunter-killer units vital to protect strategic investmentsHunter-killer units vital to protect strategic investments – offensive as well as defensive players– offensive as well as defensive players  Environment “listeners” for ASW and trackingEnvironment “listeners” for ASW and tracking  Evade detection, hound and confuse the enemyEvade detection, hound and confuse the enemy
  • 13. 13 Harden all devices, not just DMZHarden all devices, not just DMZ  Use of hardened kernels forUse of hardened kernels for allall serversservers  Harden all systems and run minimal servicesHarden all systems and run minimal services Minimal installations on desktopsMinimal installations on desktops  Dumb terminals where availableDumb terminals where available  Provide Office tools to knowledge workers onlyProvide Office tools to knowledge workers only  Strip unneeded capabilities from kiosksStrip unneeded capabilities from kiosks  Remove the ability to install softwareRemove the ability to install software Analyze traffic, not just headersAnalyze traffic, not just headers  Application-based firewallsApplication-based firewalls  XML FilteringXML Filtering How does Submarine Warfare translateHow does Submarine Warfare translate into InfoWarfare?into InfoWarfare?
  • 14. 14 How does Submarine Warfare translateHow does Submarine Warfare translate into InfoWarfare?into InfoWarfare? Segregate boot camp from the theatre of operationsSegregate boot camp from the theatre of operations  VLAN development, test, DR & productionVLAN development, test, DR & production  Make change control yourMake change control your code firewallcode firewall  Only change control spans 2 security zonesOnly change control spans 2 security zones  Production support segregated from source codeProduction support segregated from source code  Endpoint compliance / Walled GardenEndpoint compliance / Walled Garden Core network becomes the DMZCore network becomes the DMZ  SinceSince most attacks are from withinmost attacks are from within , make, make cubicles a DMZcubicles a DMZ  Create hardened subnets for accounting, HR, IT,Create hardened subnets for accounting, HR, IT, operationsoperations  Publish intranets in the DMZPublish intranets in the DMZ
  • 15. 15Source: InformationSecurity Magazine, “Network Security: Submarine Warfare”, Dan Houser, 2003, http://tinyurl.com/nwk7 ` Network segmentation: Crunchy on the outside and the middle
  • 16. 16 Heavy use of crypto for IFF functionsHeavy use of crypto for IFF functions  Accelerators & HSM will be key technologiesAccelerators & HSM will be key technologies  Require all packets to be signed (e.g. Kerberos)Require all packets to be signed (e.g. Kerberos)  Certificate revocation for intrusion preventionCertificate revocation for intrusion prevention  Network PKI becomes mission critical at layer 2Network PKI becomes mission critical at layer 2  Emerging products for Layer2 auth – TNT/EndforceEmerging products for Layer2 auth – TNT/Endforce Network IDS is keyNetwork IDS is key  Analyzing packets for IFF analysis, heuristicsAnalyzing packets for IFF analysis, heuristics  ISP pre-filtered IDSISP pre-filtered IDS  Analog threat taggingAnalog threat tagging  Identifying and tracking intrudersIdentifying and tracking intruders  Isolating subnets with hostile trafficIsolating subnets with hostile traffic  Revoke certificates for hostile serversRevoke certificates for hostile servers  Vectoring CIRTVectoring CIRT How does Submarine Warfare translateHow does Submarine Warfare translate into InfoWarfare?into InfoWarfare?
  • 17. 17 Tiger teams and internal search & seizureTiger teams and internal search & seizure  Businesses can’t afford rogue serversBusinesses can’t afford rogue servers  Zero tolerance policy for hackingZero tolerance policy for hacking  Ethical hackers, capture the flag & war games: A&PEthical hackers, capture the flag & war games: A&P  Vulnerability assessment teamsVulnerability assessment teams Drill and war gamesDrill and war games  Red teams – capture the flagRed teams – capture the flag  Blue teams – learn from red teams, patchBlue teams – learn from red teams, patch vulnerabilitiesvulnerabilities Highly trained staff becomes coreHighly trained staff becomes core competencycompetency  TrainingTraining  EducationEducation  Employee retentionEmployee retention How does Submarine Warfare translateHow does Submarine Warfare translate into InfoWarfare?into InfoWarfare?
  • 18. 18 "All warfare is based on deception.". -Sun Tzu"All warfare is based on deception.". -Sun Tzu Confuse and harass attackers…Confuse and harass attackers… Make your real servers look bogusMake your real servers look bogus  Save all .ASP code as .CGI files, perl as .ASPSave all .ASP code as .CGI files, perl as .ASP  Configure responses from Apache that mimic IISConfigure responses from Apache that mimic IIS  Open dummy NetBIOS ports on Unix serversOpen dummy NetBIOS ports on Unix servers  Use unpredictable ports: run SSH on 19384Use unpredictable ports: run SSH on 19384  Call your database server “Firewall”Call your database server “Firewall”  Route bogus traffic to IDS networkRoute bogus traffic to IDS network How does Submarine Warfare translateHow does Submarine Warfare translate into InfoWarfare?into InfoWarfare?
  • 19. 19 Further deception techniquesFurther deception techniques  Perception managementPerception management  Low profile facilitiesLow profile facilities  Red Herring accountsRed Herring accounts  Minimalistic error messages (or fake error messages)Minimalistic error messages (or fake error messages)  Temporary blindness – ignoring misbehaving nodesTemporary blindness – ignoring misbehaving nodes  Deceptive websites: false configs & backdoorsDeceptive websites: false configs & backdoors See Fred Cohen’s Site: www.all.netSee Fred Cohen’s Site: www.all.net How does Submarine Warfare translateHow does Submarine Warfare translate into InfoWarfare?into InfoWarfare?
  • 20. 20 Internet attacks haveInternet attacks have changed…changed… Photo Courtesy NASA
  • 21. 21 Old school attackOld school attack  Lone interloper targets major firmLone interloper targets major firm  Studies publicly available informationStudies publicly available information  Hangs out at local pub, befriends sales teamHangs out at local pub, befriends sales team  Dumpster dives to obtain manuals, phone listsDumpster dives to obtain manuals, phone lists  Uses war-dialer to find modems & remote hostsUses war-dialer to find modems & remote hosts  Uses social engineering to obtain passwordsUses social engineering to obtain passwords  Dials up hosts, logs in, mayhem & mischiefDials up hosts, logs in, mayhem & mischief
  • 22. 22 ““Modern” attackModern” attack  Lone interloper targets IP rangeLone interloper targets IP range  Downloads script kiddy toolsDownloads script kiddy tools  Scans IP range looking for vulnerable hostsScans IP range looking for vulnerable hosts  Port scans hosts looking for exploitablePort scans hosts looking for exploitable servicesservices  Uses exploit tool, mayhem & mischiefUses exploit tool, mayhem & mischief Target selection now a target of opportunity…Target selection now a target of opportunity… indiscriminate attackindiscriminate attack
  • 23. 23 Worms hit 10,000 networks atWorms hit 10,000 networks at once…once… Photo Courtesy The Weather Channel
  • 24. 24 What we need is early warningWhat we need is early warning Photo Courtesy NASA
  • 25. 25 Hide in the open: Honeyd + arpdHide in the open: Honeyd + arpd  Low-interaction virtual honeypotLow-interaction virtual honeypot  honeyd with arpd creates virtual networkhoneyd with arpd creates virtual network  Create server that emulates address range: 10.x.x.x,Create server that emulates address range: 10.x.x.x, 192.168.x.x, public IP range192.168.x.x, public IP range  Listen on all portsListen on all ports  Emulate good hosts: MS-Exchange, Solaris/Oracle,Emulate good hosts: MS-Exchange, Solaris/Oracle, MS-SQL, RedHat/Apache/Tomcat, WinXP ProMS-SQL, RedHat/Apache/Tomcat, WinXP Pro  Emulate bad boxes: botnet servers, Warez server,Emulate bad boxes: botnet servers, Warez server, trojaned workstations, Win95 workstation, backdoortrojaned workstations, Win95 workstation, backdoor
  • 26. 26  Convert unused address space into decoyConvert unused address space into decoy tripwire nets - 16,320,000 decoys to 200 "real"tripwire nets - 16,320,000 decoys to 200 "real" serversservers  Stop swallowing packets: route unreachable hosts toStop swallowing packets: route unreachable hosts to the virtual honeynetthe virtual honeynet  190,000 decoys per “real” server = 99.9995%190,000 decoys per “real” server = 99.9995% detectiondetection  Any hits are malicious – route to IDS / IPSAny hits are malicious – route to IDS / IPS  Research attack profile.Research attack profile.  Block attackers for 1 hour, 2 hours, 24 hours, 1 week.Block attackers for 1 hour, 2 hours, 24 hours, 1 week.  You’ve gained breathing room to respond to realYou’ve gained breathing room to respond to real attacksattacks Hide in the open: Honeyd + arpdHide in the open: Honeyd + arpd
  • 27. 27 Router Real Network BFH Honeyd Emulator Honeycomb IDS Distributed Config IPS Hide in the open:Hide in the open: Big freakin’ haystackBig freakin’ haystack
  • 28. 28 Hide in the openHide in the open
  • 29. 29 The fun has just begun…The fun has just begun… LaBrea: SYN/ACK, TCP Window size = 0 (wait)LaBrea: SYN/ACK, TCP Window size = 0 (wait)  Load LaBrea to freeze a scan, run onLoad LaBrea to freeze a scan, run on randomrandom portport  Freezes Windows-based scanners up to 4 minutesFreezes Windows-based scanners up to 4 minutes  Scanning 10,000 hosts takesScanning 10,000 hosts takes 27 days27 days..  Detecting 100 unpublished hosts in Class A wouldDetecting 100 unpublished hosts in Class A would take approximately 112 yearstake approximately 112 years Disclaimer:Disclaimer: This may be illegal in your municipality. I am not a lawyer. Talk to one.This may be illegal in your municipality. I am not a lawyer. Talk to one.
  • 30. 30 Storm Surge ModeStorm Surge Mode : active re-configuration: active re-configuration  Suppose your “standard” BFH net emulates:Suppose your “standard” BFH net emulates: 25%25% Apache/Tomcat on RedHat 7Apache/Tomcat on RedHat 7 25%25% Microsoft SQL on Win2003 ServerMicrosoft SQL on Win2003 Server 25%25% Lotus Notes/Domino on Win2k ServerLotus Notes/Domino on Win2k Server 25%25% Oracle 9i on SolarisOracle 9i on Solaris  IDS telemetry reports spike in Win2k attacksIDS telemetry reports spike in Win2k attacks  BFH configuration changes:BFH configuration changes: 30%30% Microsoft SQL on Win2k ServerMicrosoft SQL on Win2k Server 30%30% Exchange on Win2k ServerExchange on Win2k Server 30%30% IIS on Win2k ServerIIS on Win2k Server 10%10% Allocated among 30 other server/workstation imagesAllocated among 30 other server/workstation images The fun has just begun…The fun has just begun…
  • 31. 31  Virtual honeynets: Make legitimate servers look likeVirtual honeynets: Make legitimate servers look like bogus servers.bogus servers.  Make all servers (fake & real) look identicalMake all servers (fake & real) look identical  BFH in your internal networkBFH in your internal network  Malware outbreaks see your network with 16 million hostsMalware outbreaks see your network with 16 million hosts  Ability to detect worms while slowing spread by 600xAbility to detect worms while slowing spread by 600x  If all Class A, B & C networks ran BFH:If all Class A, B & C networks ran BFH:  Emulation of 12,493,209,429,306 bogus hostsEmulation of 12,493,209,429,306 bogus hosts  Port scans & profiling a thing of the pastPort scans & profiling a thing of the past  Worms and script kiddies would be economicallyWorms and script kiddies would be economically infeasible.infeasible. The fun has just begun…The fun has just begun…
  • 32. 32 Where toWhere to get started?get started? SwitchingSwitching models willmodels will take time…take time… What do we doWhat do we do in thein the interim?interim?
  • 33. 33 Turning the tide: Resilient systemsTurning the tide: Resilient systems  Server & desktop hardened imagesServer & desktop hardened images  Security templates – lock down desktopsSecurity templates – lock down desktops  Server-based authentication – PKIServer-based authentication – PKI  Host-based intrusion detectionHost-based intrusion detection  Centralized loggingCentralized logging  Out-of-band server managementOut-of-band server management  Honeypots / honeynets / tarpitsHoneypots / honeynets / tarpits  Camouflage and deception in DMZCamouflage and deception in DMZ  Consider Layer 2 validation / Walled GardenConsider Layer 2 validation / Walled Garden
  • 34. 34 Turning the tide: PeopleTurning the tide: People  Security is a people problem, not a technical problemSecurity is a people problem, not a technical problem  Hire and train smart, security-minded people to run yourHire and train smart, security-minded people to run your networks and serversnetworks and servers  Reward security:Reward security:  Establish benchmarks & vulnerability metricsEstablish benchmarks & vulnerability metrics  Create confidentiality & integrity metrics & SLAsCreate confidentiality & integrity metrics & SLAs  Audit against the benchmarksAudit against the benchmarks  Include security as major salary/bonus modifierInclude security as major salary/bonus modifier  Job descriptions must incorporate security objectivesJob descriptions must incorporate security objectives  Train developers, architects & BAs on how to developTrain developers, architects & BAs on how to develop secure systemssecure systems  Equate security breaches & cracking tools like weaponsEquate security breaches & cracking tools like weapons or drugs in the workplace – a “zero tolerance” policy?or drugs in the workplace – a “zero tolerance” policy?
  • 35. 35 Turning the tide: ProcessTurning the tide: Process  Assess risk & vulnerability: BIAAssess risk & vulnerability: BIA  Include security in feature sets & requirementsInclude security in feature sets & requirements  Segregation of Developers, Testers & Production,Segregation of Developers, Testers & Production, and particularly Prod Support from source codeand particularly Prod Support from source code  Change management & access rightsChange management & access rights  Certification & AccreditationCertification & Accreditation  Engage security team in charter & proposal phaseEngage security team in charter & proposal phase  Bake security into the systems lifecycleBake security into the systems lifecycle  Require sponsor risk acceptance & authorizationRequire sponsor risk acceptance & authorization  Embed accreditation into change controlEmbed accreditation into change control  Include security in contract review and ROIInclude security in contract review and ROI  Configuration ManagementConfiguration Management →→ security patch listssecurity patch lists
  • 36. 36 SummarySummary  Use firewalls, but as one of many toolsUse firewalls, but as one of many tools  Start network security with people,Start network security with people, process and host securityprocess and host security  Think outside the box when developingThink outside the box when developing security architecturessecurity architectures  Be prepared to dump your perimeterBe prepared to dump your perimeter  Focus on malleable networkingFocus on malleable networking  Protect assets according to their valueProtect assets according to their value
  • 38. 38 Contact informationContact information Dan Houser, CISSP, CISM, ISSAPDan Houser, CISSP, CISM, ISSAP dan.houser@gmail.comdan.houser@gmail.com See Submarine Warfare article:See Submarine Warfare article: http://tinyurl.com/nwk7http://tinyurl.com/nwk7 This slide available on my (lame) homepage:This slide available on my (lame) homepage: http://web.infosec-forum.org/Members/ddhouserhttp://web.infosec-forum.org/Members/ddhouser