1. EVADE THE BREACHBY CHANGING THE WAY YOU THINK ABOUT INFORMATION SECURITY
MAJOR HAYDEN
RACKSPACE
@majorhayden
FOR ACCRUENT INSIGHTS 2014, AUSTIN, TEXAS
PHOTO CREDIT: CURTIS GREGORY PERRY [bit.ly/1k5ajws]
2. ABOUT MAJOR
• Born in Austin
• At Rackspace since 2006
• Focused on Linux engineering, software
development and information security
• Two kids and four chinchillas
3. THIS IS A CHINCHILLA
THEY ARE AMAZING PETS AND I COULD TALK ABOUT THEM FOR A LONG TIME
8. SECURITY HAS
NO FINISH LINE
INSPIRED BY KEITH PALMGREN'S "13 ABSOLUTE TRUTHS OF SECURITY"
9. Reports that say...that something hasn't
happened are always interesting to me,
because as we know,
there are known knowns;
!
there are things that we know that we know.
We also know there are known unknowns;
!
that is to say
we know there are some things we do not know.
But there are also unknown unknowns,
the ones we don't know we don't know.
—Donald Rumsfeld, United States Secretary of Defense
PUBLIC DOMAIN PHOTO BY THE UNITED STATES ARMY
10. THREE DEFENSIVE LAYERS
PreventativeMake yourself a hard target
DetectiveKnow when danger is on your doorstep
CorrectiveRemove the threat and repair the damage
PROCESSIMPROVEMENT
!
FEEDBACKLOOP
11. We can apply these
layers to something
we all know well
12. How do we protect
our homes?
PHOTO CREDIT: DPREVITE [bit.ly/1mC8QBi]
13. PHOTO CREDIT: DPREVITE [bit.ly/1mC8QBi]
We lock our doors
We put our lights on timers
We close the blinds
We install security cameras
We join the neighborhood watch
We set our security alarm
We have our alarm monitored
We buy homeowner's insurance
!
We buy firearms*
*
14. PHOTO CREDIT: DPREVITE [bit.ly/1mC8QBi]
We lock our doors
We put our lights on timers
We close the blinds
We install security cameras
We join the neighborhood watch
We set our security alarm
We have our alarm monitored
We buy homeowner's insurance
!
We buy firearms
PREVENTATIVE
15. PHOTO CREDIT: DPREVITE [bit.ly/1mC8QBi]
We lock our doors
We put our lights on timers
We close the blinds
We install security cameras
We join the neighborhood watch
We set our security alarm
We have our alarm monitored
We buy homeowner's insurance
!
We buy firearms
DETECTIVE
16. PHOTO CREDIT: DPREVITE [bit.ly/1mC8QBi]
We lock our doors
We put our lights on timers
We close the blinds
We install security cameras
We join the neighborhood watch
We set our security alarm
We have our alarm monitored
We buy homeowner's insurance
!
We buy firearms
CORRECTIVE
24. "Target gave network
access to a third-party
vendor, a small
Pennsylvania HVAC
company, which did not
appear to follow
broadly accepted
information security
practices. The vendor’s
weak security allowed
the attackers to
gain a foothold
in Target’s network."
25. "Target
appears to have
failed to respond
to multiple automated
warnings from the
company’s
anti-intrusion
software that the
attackers were
installing malware
on Target’s system."
26. "Attackers who
infiltrated Target’s
network with a
vendor credential
appear to have
successfully moved from
less sensitive areas of
Target’s network to
areas storing consumer
data, suggesting that
Target failed to properly
isolate its most sensitive
network assets."
27. "Target
appears to have
failed to respond
to multiple warnings
from the company’s
anti-intrusion
software regarding the
escape routes the
attackers planned
to use to
exfiltrate data
from Target’s network."
34. HEARTBLEED:
A QUICK SUMMARY
• Small coding error allows attackers to steal
chunks of memory from remote servers
• Attackers repeatedly send requests to get
different data from the server
• Announcement of the vulnerability was
handled extremely poorly
• Much of the internet is still still vulnerable
almost a month after the announcements
36. Rackspace
has joined many other
companies in support of the
Core Infrastructure Initiative
that provides funding for
open source projects that
need assistance
37. LET'S WRAP IT UP
PHOTO CREDIT: TANAKAWHO [bit.ly/1mxiEd3]
38. Three takeaways:
(Or, if you fell asleep
during the last half hour,
here's what I was talking about)