Michael McDonnell GIAC Certified Intrusion Analyst [email protected] Creative Commons License:...
-
Upload
sydney-nichols -
Category
Documents
-
view
218 -
download
0
Transcript of Michael McDonnell GIAC Certified Intrusion Analyst [email protected] Creative Commons License:...
![Page 1: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/1.jpg)
Michael McDonnellGIAC Certified Intrusion Analyst
Creative Commons License: You are free to share and remix but you must provide attribution and you must share alike.
Information SecurityInformation SecurityA Practical IntroductionA Practical Introduction
![Page 2: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/2.jpg)
What does “Security” mean?
?
![Page 3: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/3.jpg)
What is Information Security About?
![Page 4: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/4.jpg)
InfoSec is about… VirusesViruses
![Page 5: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/5.jpg)
InfoSec is about… HackersHackers
![Page 6: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/6.jpg)
InfoSec is about… VandalismVandalism
![Page 7: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/7.jpg)
InfoSec is about… BackupsBackups
![Page 8: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/8.jpg)
InfoSec is about… TheftTheft
![Page 9: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/9.jpg)
InfoSec is about… Computer “Uptime”
![Page 10: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/10.jpg)
InfoSec is about… PhonesPhones
![Page 11: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/11.jpg)
InfoSec is… about InformationInformation
![Page 12: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/12.jpg)
Information Security as an OutcomeOutcome
"Our systems areare secure from hackers“
"We havehave blocked 17,342 viruses to date“
“Our systems are all online“
“Insiders cannotcannot steal our information”
“We have backups”
““We are Secure”We are Secure”
![Page 13: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/13.jpg)
Information Security as a ProcessProcess
“We want to improveimprove security“
"We need to protect against moremore threats"
"We want to reducereduce risk"
"We want to increaseincrease customer confidence"
"We want to decreasedecrease the number of compromises"
““We want to be We want to be more Secure”more Secure”
![Page 14: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/14.jpg)
InfoSec is… Risk ManagementRisk Management
IdentifyA
nalyzeM
easu
re
PlanImplement
![Page 15: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/15.jpg)
What is at Risk?
ConfidentialityConfidentiality
IntegrityIntegrity
AvailabilityAvailability
![Page 16: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/16.jpg)
Defence in DepthDefence in Depth lowers Risk
Firewalls do not make you secureAnti-virusAnti-virus does not make you secure
PoliciesPolicies do not make you secureVPNsVPNs do not make you secure
Guards do not make you securePasswordsPasswords do not make you secure
Together they all make you MOREMORE
secure
![Page 17: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/17.jpg)
Threat: Denial of Service
![Page 18: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/18.jpg)
Counter: Firewalls and Switches
![Page 19: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/19.jpg)
An unpatched server was compromised and used to distributed 20 GB of videos with French language titles. The problem was discovered when the server was blocked for excessive bandwidthexcessive bandwidth usage.
??
Threat: Unintentional DoS
![Page 20: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/20.jpg)
French Puppet Videos!
The server was distributing 20 GB of French Puppet VideosFrench Puppet Videos. The cleanup time was 7 hours. If they had just asked we would have probably found someone to host the videos for them!
![Page 21: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/21.jpg)
Counter: Change ManagementChange Management
![Page 22: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/22.jpg)
Counter: Monitoring
![Page 23: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/23.jpg)
Threat: SQL Injection Attack
![Page 24: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/24.jpg)
Counter: Vulnerability Scanning
![Page 25: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/25.jpg)
Counter: Developer Training
![Page 26: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/26.jpg)
Counter: Web Application Firewall
![Page 27: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/27.jpg)
Threat: The Man-in-the-Middle
The Pineapple
1. Pretends to be YOURYOUR home wifi network.
2.2. RecordsRecords what you do on the Internet.
![Page 28: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/28.jpg)
Counter: 2 Factor Authentication
YUBIKEY SecurID
Google 2FA
![Page 29: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/29.jpg)
Threat: Insiders
![Page 30: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/30.jpg)
Counter: DLP and DPI
Deep Packet Inspection (DPI): Firewalls inspect every packet on the network and rebuild the entire message.
Data Loss Prevention (DLP): Uses DPI and pattern matching to look for suspicious content being sent FROM your network.
![Page 31: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/31.jpg)
Threat: Malvertisements
![Page 32: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/32.jpg)
Why D.I.D? It never rainsrains… it pourspours
1. The OS Vendor stopped providing patches2. The server was hacked3. A hard disk failed4. A cooling fan died & it crashes every 2hr5. The software vendor wanted more money6. Hardware support had not been paid for
![Page 33: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/33.jpg)
Final Threat: The A.P.T.
Advanced Persistent Threat
![Page 34: Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca Creative Commons License: You are free to share and remix but you must provide.](https://reader035.fdocuments.us/reader035/viewer/2022062314/56649ea25503460f94ba5d42/html5/thumbnails/34.jpg)
InfoSec is… Everyone’s Responsibility
ConfidentialityConfidentiality
IntegrityIntegrity
AvailabilityAvailability