It security
-
Upload
peter-cochrane -
Category
Technology
-
view
490 -
download
3
description
Transcript of It security
![Page 1: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/1.jpg)
The IT Security ChallengePeter Cochrane
ca-global.orgcochrane.org.uk
COCHRANEa s s o c i a t e s
![Page 2: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/2.jpg)
Attack Surface =
The Planet
![Page 3: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/3.jpg)
Target Profile =
Vast
![Page 4: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/4.jpg)
Attackers =
Relentless
![Page 5: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/5.jpg)
Scale > WWIII
![Page 6: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/6.jpg)
Rewards = Huge
![Page 7: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/7.jpg)
Solutions?
“keeping at least one move ahead”
![Page 8: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/8.jpg)
Digital Camouflage
“everything is on-line and accessible, but it doesn’t
have to be obvious/explicit”
![Page 9: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/9.jpg)
Encryption
“is never 100% secure”
![Page 10: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/10.jpg)
Hidden in Pictures
‘steganography’
![Page 11: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/11.jpg)
Disassociation
“of everything at all levels is very confusing
for the enemy”
![Page 12: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/12.jpg)
Fractalization
“repeated patterns that look almost the same are very
difficult to deal with”
![Page 13: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/13.jpg)
Path Encoding
“dynamically fast or slow path changes by message, part message or the byte”
![Page 14: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/14.jpg)
Path Diversity& Dependence
“routings are agreed and dynamically randomised to act as a path hiding &
authentication mechanisms with split data, coding and
decoding information”
![Page 15: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/15.jpg)
Form Diversity
“all are flowers, but not all are the same”
![Page 16: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/16.jpg)
A priori Knowledge
“something only you know”
![Page 17: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/17.jpg)
Smoke Screens & False Trails
![Page 18: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/18.jpg)
Cryptic Messages & Replies
![Page 19: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/19.jpg)
Split Media
“perhaps the ultimate jigsaw”
![Page 20: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/20.jpg)
No Hierarchy
“flat structures give few if any clues”
![Page 21: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/21.jpg)
Location Spreading & Encoding
“multi-location & addressed components required to
rebuild the whole”
![Page 22: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/22.jpg)
Snares, Traps & Honey Pots
“we don’t have to be totally passive - we can be nasty”
![Page 23: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/23.jpg)
Damaging Response & Retaliation
“return fire could take down servers, sites, machines, but risks escalation in return”
![Page 24: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/24.jpg)
Cochrane’s Laws of Security
1) Resources are deployed inversely proportional to actual risk
2) Perceived risk never = actual risk
3) Security people are never their own customer
4) Cracking systems is 100x more fun than defending them
5) Security standards are an oxymoron
6) There is always a threat
7) The biggest threat is always in a direction you’re not looking
8) You need two security groups - one to defend & one to attack
![Page 25: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/25.jpg)
9) People expect 100% electronic security
10) Nothing is 100% secure
11) Security and operational requirements are mutually exclusive
12) Hackers are smarter than you - they are younger!
13) Legislation is always > X years behind
14) As life becomes faster and chaotic - it becomes less secure -
but the good news is - half lives are getting shorter too!
15) People are the number 1 risk factor - machines are perverse - but
they aint devious - yet!
Cochrane’s Laws of Security
![Page 26: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/26.jpg)
ID Extras !
Something you: - are - exhibit - know - posses - share
![Page 27: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/27.jpg)
We cannot afford to relax, ever!
![Page 28: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/28.jpg)
Most Importantly - always ask the right questions:
- does it need to be secure?- how secure?- what is the risk?- what is the cost?- who is the attacker?- where are they?- what is their capability?
![Page 29: It security](https://reader036.fdocuments.us/reader036/viewer/2022070303/54b74fca4a795912518b466c/html5/thumbnails/29.jpg)
Thank You
COCHRANEa s s o c i a t e s
ca-global.orgcochrane.org.uk