RVAsec 2015 Keynote - Layer 8 - RVA keynote 2015.pdf · © Copyright 2015, National Security...
74
Welcome To @RVAsec ‐ #rvasec G. Mark Hardy CISSP, CISM, CISA [email protected] +1 410.933.9333 @ g_mark © Copyright 2015, National Security Corporation. All rights reserved. 2
Transcript of RVAsec 2015 Keynote - Layer 8 - RVA keynote 2015.pdf · © Copyright 2015, National Security...
Welcome To
@RVAsec ‐ #rvasec
G. Mark HardyCISSP, CISM, CISA
[email protected]+1 410.933.9333
@ g_mark
© Copyright 2015, National Security Corporation. All rights reserved. 2
© Copyright 2015, National Security Corporation. All rights reserved. 3
Keynotes are different.
© Copyright 2015, National Security Corporation. All rights reserved. 4
It's Not About What You are DoingIt's Not About What You are Doing……
© Copyright 2015, National Security Corporation. All rights reserved. 5
It's Not About Your Pet Project…
© Copyright 2015, National Security Corporation. All rights reserved. 6
© Copyright 2015, National Security Corporation. All rights reserved. 7
Anyone remember Marcus Ranum's
keynote?
Compared to reality, Marcus is an optimist.
© Copyright 2015, National Security Corporation. All rights reserved. 8
© Copyright 2015, National Security Corporation. All rights reserved. 9
© Copyright 2015, National Security Corporation. All rights reserved. 10
Must be
thought‐provoking.
© Copyright 2015, National Security Corporation. All rights reserved. 11
© Copyright 2015, National Security Corporation. All rights reserved. 12
© Copyright 2015, National Security Corporation. All rights reserved. 13
© Copyright 2015, National Security Corporation. All rights reserved. 14
© Copyright 2015, National Security Corporation. All rights reserved. 15
© Copyright 2015, National Security Corporation. All rights reserved. 16
First full‐time
INFOSEC job…
© Copyright 2015, National Security Corporation. All rights reserved. 17
© Copyright 2015, National Security Corporation. All rights reserved. 18
I got to watch our
industry grow up…
My first computer ‐‐ 1975(egad!)
© Copyright 2015, National Security Corporation. All rights reserved. 19
Not that long ago: 1996
2‐letter .com
domainsLess than 100 of 676 had ever been registered.(And domains were FREE in the B.N.S. days)
© Copyright 2015, National Security Corporation. All rights reserved. 20
Just imagine …AA.com ‐ takenab.com ‐ availableac.com ‐ availablead.com ‐ availableae.com ‐ availableetc.
You get the point.
Do you?
It was a different ethos back then. You only take the ONE you really want.
(I was _going_ to take 007.com)
© Copyright 2015, National Security Corporation. All rights reserved. 21
© Copyright 2015, National Security Corporation. All rights reserved. 22
You're in WAY early
Do really cool stuff
Find really neat stuff
But never staked a claim
Felt Like I was in California in 1837
© Copyright 2015, National Security Corporation. All rights reserved. 23
Got overrun like Custer at Little Big Horn.
I Could Have Been A Contender!
© Copyright 2015, National Security Corporation. All rights reserved. 24
or I Could Have Been This Guy…
© Copyright 2015, National Security Corporation. All rights reserved. 25
Okay, never mind.
© Copyright 2015, National Security Corporation. All rights reserved. 26
© Copyright 2015, National Security Corporation. All rights reserved. 27
And now…
© Copyright 2015, National Security Corporation. All rights reserved. 28
A Different Era
© Copyright 2015, National Security Corporation. All rights reserved. 29
Programmers looked different…
Oh yeah, I'm supposed to talk about something related
to security…
© Copyright 2015, National Security Corporation. All rights reserved. 30
© Copyright 2015, National Security Corporation. All rights reserved. 31
Physical
Data
Network
Transport
Session
Presentation
Application
© Copyright 2015, National Security Corporation. All rights reserved. 32
Where is Tom Lehrerwhen you need him?
© Copyright 2015, National Security Corporation. All rights reserved. 33
OSI Model ends at 7
but...
© Copyright 2015, National Security Corporation. All rights reserved. 34
Our jobs don’t.
Security doesn’t.
Business doesn’t.
© Copyright 2015, National Security Corporation. All rights reserved. 35
We need to
go beyond…
© Copyright 2015, National Security Corporation. All rights reserved. 36
© Copyright 2015, National Security Corporation. All rights reserved. 37
© Copyright 2015, National Security Corporation. All rights reserved. 38
© Copyright 2015, National Security Corporation. All rights reserved. 39
© Copyright 2015, National Security Corporation. All rights reserved. 40
We “get” tech...
It's our comfort zone
© Copyright 2015, National Security Corporation. All rights reserved. 41
© Copyright 2015, National Security Corporation. All rights reserved. 42
© Copyright 2015, National Security Corporation. All rights reserved. 43
© Copyright 2015, National Security Corporation. All rights reserved. 44
© Copyright 2015, National Security Corporation. All rights reserved. 45
Honey Badger Doesn't Give A _______
© Copyright 2015, National Security Corporation. All rights reserved. 46
© Copyright 2015, National Security Corporation. All rights reserved. 47
Failure to get Layer 8...
© Copyright 2015, National Security Corporation. All rights reserved. 48
© Copyright 2015, National Security Corporation. All rights reserved. 49
I did not havesexual relationswith that woman…
(oops ‐‐wrong president)
There is no escape from politics
Resistance is futile
© Copyright 2015, National Security Corporation. All rights reserved. 51
What I’m NOT
saying about Layer 8
© Copyright 2015, National Security Corporation. All rights reserved. 52
This Guy is Uber Leet …
© Copyright 2015, National Security Corporation. All rights reserved. 53
© Copyright 2015, National Security Corporation. All rights reserved. 54
“Deceptionconsists of illusion,misdirection, and ridicule. But thegreatest ofthese isridicule.”
Politics
© Copyright 2015, National Security Corporation. All rights reserved. 55
DEFCON Server Forensic Challenge
© Copyright 2015, National Security Corporation. All rights reserved. 56
© Copyright 2015, National Security Corporation. All rights reserved. 57
P C
© Copyright 2015, National Security Corporation. All rights reserved. 58
Fornicate
© Copyright 2015, National Security Corporation. All rights reserved. 59
© Copyright 2015, National Security Corporation. All rights reserved. 60
What Layer 8 _is_• Attack surface
– Users
• Executives who don’t “get” security
• Vendor influence
• Legislation
– Rockefeller‐Snow (S. 1353, RIP!)
– Aaron’s Law Act of 2015 (H.R. 1918)
© Copyright 2015, National Security Corporation. All rights reserved. 61
Awareness‐ Go beyond
‐ Understanding
‐ Comprehension
‐ Formulate Strategy
‐ Take Action
‐ Produce Results
© Copyright 2015, National Security Corporation. All rights reserved. 62
© Copyright 2015, National Security Corporation. All rights reserved. 63
© Copyright 2015, National Security Corporation. All rights reserved. 64
© Copyright 2015, National Security Corporation. All rights reserved. 65
You Have An Obligation‐ Self?
‐ Career?
‐ Money?
‐ Power?
‐ Our Profession!
© Copyright 2015, National Security Corporation. All rights reserved. 66
No, screw it. It's money.
© Copyright 2015, National Security Corporation. All rights reserved. 67
What is your Vocation?
Your CALLING?
Your purpose?
© Copyright 2015, National Security Corporation. All rights reserved. 68
© Copyright 2015, National Security Corporation. All rights reserved. 69
© Copyright 2015, National Security Corporation. All rights reserved. 70
© Copyright 2015, National Security Corporation. All rights reserved. 71
G. Mark’s Corollary toMoore’s Law...
• Half of what you know about security will be obsolete in 18 months.
© Copyright 2015, National Security Corporation. All rights reserved. 72
Is SecurityYour
MagnificentObsession?
© Copyright 2015, National Security Corporation. All rights reserved. 73
© Copyright 2015, National Security Corporation. All rights reserved. 74
© Copyright 2015, National Security Corporation. All rights reserved. 75
Help Wanted
© Copyright 2015, National Security Corporation. All rights reserved. 76
© Copyright 2015, National Security Corporation. All rights reserved. 77
© Copyright 2015, National Security Corporation. All rights reserved. 78
© Copyright 2015, National Security Corporation. All rights reserved. 79
Who Will Be Hackitus?
© Copyright 2015, National Security Corporation. All rights reserved. 80
© Copyright 2015, National Security Corporation. All rights reserved. 81
Develop‐ Influence
‐ Awareness
‐ Interaction
‐ Play the game
© Copyright 2015, National Security Corporation. All rights reserved. 82
© Copyright 2015, National Security Corporation. All rights reserved. 83
© Copyright 2015, National Security Corporation. All rights reserved. 84
© Copyright 2015, National Security Corporation. All rights reserved. 85
© Copyright 2015, National Security Corporation. All rights reserved. 86
© Copyright 2015, National Security Corporation. All rights reserved. 87
© Copyright 2015, National Security Corporation. All rights reserved. 88
© Copyright 2015, National Security Corporation. All rights reserved. 89
© Copyright 2015, National Security Corporation. All rights reserved. 90
© Copyright 2015, National Security Corporation. All rights reserved. 91
Engage!
© Copyright 2015, National Security Corporation. All rights reserved. 93
© Copyright 2015, National Security Corporation. All rights reserved. 94
© Copyright 2015, National Security Corporation. All rights reserved. 95
Is this man a hero?
© Copyright 2015, National Security Corporation. All rights reserved. 96
Wrong Question
Is this man useful?
© Copyright 2015, National Security Corporation. All rights reserved. 97
Quiz: The enemy
of my enemy is
________?USEFUL!
© Copyright 2015, National Security Corporation. All rights reserved. 98
Learn, Discipline Yourself, Engage
‐ Learn how to play
‐ Learn the rules
‐ Learn how to break the rules
‐…and claim you’re following the rules
© Copyright 2015, National Security Corporation. All rights reserved. 99
‐ Learn how to change the rules and nothave to tell anyone the new rules
© Copyright 2015, National Security Corporation. All rights reserved. 100
‐ Learn how to win
© Copyright 2015, National Security Corporation. All rights reserved. 101
What Do You Win?
‐Money?
‐ Power?
‐ Sex, Drugs, &
Rock‐n‐roll?
© Copyright 2015, National Security Corporation. All rights reserved. 102
Yes,
ALL OF THAT!
But wait; there's more...
© Copyright 2015, National Security Corporation. All rights reserved. 103
© Copyright 2015, National Security Corporation. All rights reserved. 104
© Copyright 2015, National Security Corporation. All rights reserved. 105
Win one for the Gipper
‐ Not for your CISSP recertification
‐ Not for your employer
© Copyright 2015, National Security Corporation. All rights reserved. 106
You win because
you believe.
NEVER GIVE UP!
© Copyright 2015, National Security Corporation. All rights reserved. 107
You are transforming
the future.
© Copyright 2015, National Security Corporation. All rights reserved. 108
Do you realize
how much raw IQ
is in this room?
© Copyright 2015, National Security Corporation. All rights reserved. 109
© Copyright 2015, National Security Corporation. All rights reserved. 110
© Copyright 2015, National Security Corporation. All rights reserved. 111
WE ARE
© Copyright 2015, National Security Corporation. All rights reserved. 113
© Copyright 2015, National Security Corporation. All rights reserved. 114
© Copyright 2015, National Security Corporation. All rights reserved. 115
“Be the change
you seek
in this world.”
© Copyright 2015, National Security Corporation. All rights reserved. 116
On my business card:
If you’re one step ahead, you're a leader
If you’re two steps ahead, you're a visionary
If you’re three steps ahead, you're a heretic
Be a heretic.
Pwn Layer 8.
© Copyright 2015, National Security Corporation. All rights reserved. 118
We Have Defeated Evil…
Naziism,
Facism,
Saddam’s nuclear arsenal, and next up is ISIS…
All at a great cost…
© Copyright 2015, National Security Corporation. All rights reserved. 119
Our biggest enemy isn’t ISIS…
It's US.
© Copyright 2015, National Security Corporation. All rights reserved. 120
© Copyright 2015, National Security Corporation. All rights reserved. 121
US is more divided than it’s been since 1865.
This is more than slavery, gender inequality, racism, gay rights.
It’s about our ability to functionas a cohesive society.
Many see America as a dream
Many see America as a Threat
© Copyright 2015, National Security Corporation. All rights reserved. 124
This is NOT the future
This is OUR vision of the future
America is YOUR FUTURE
© Copyright 2015, National Security Corporation. All rights reserved. 127
© Copyright 2015, National Security Corporation. All rights reserved. 128
© Copyright 2015, National Security Corporation. All rights reserved. 129
© Copyright 2015, National Security Corporation. All rights reserved. 130
© Copyright 2015, National Security Corporation. All rights reserved. 131
“If voting really
made a difference,
they wouldn’t let
us do it.”
© Copyright 2015, National Security Corporation. All rights reserved. 132
© Copyright 2015, National Security Corporation. All rights reserved. 133
© Copyright 2015, National Security Corporation. All rights reserved. 134
© Copyright 2015, National Security Corporation. All rights reserved. 135
How should
we proceed?
© Copyright 2015, National Security Corporation. All rights reserved. 136
Reciprocity
Consistency
Social Proof
Liking
Authority
Scarcity
Learn Dr. Cialdini'sart of influence
© Copyright 2015, National Security Corporation. All rights reserved. 137
Why not?
Hackers as CIO
Hackers as CEO
Hackers as generals and
cabinet secretaries
Why not a Hacker as President?
© Copyright 2015, National Security Corporation. All rights reserved. 138
Imagine
Dan Kaminsky as President?
Yeah.
• Maybe not.
• (although I do like Dan)
• But you get the idea…
© Copyright 2015, National Security Corporation. All rights reserved. 141
We can pwn anything,
right? Right?
© Copyright 2015, National Security Corporation. All rights reserved. 142
“Mr. Hardy,
it seems from
our research
that you
might be a
hacker.”
© Copyright 2015, National Security Corporation. All rights reserved. 143
It can be done…
Let's Do It Right
© Copyright 2015, National Security Corporation. All rights reserved. 144
Anyone knowabout Cincinnatus?
© Copyright 2015, National Security Corporation. All rights reserved. 145
No way we can predict the future.
© Copyright 2015, National Security Corporation. All rights reserved. 146
So become the future.
You, for better or worse, are America's future.
You’re Grrrrr 8!
G. Mark HardyCISSP, CISM, CISA
[email protected]+1 410.933.9333
@ g_mark
© Copyright 2015, National Security Corporation. All rights reserved. 147
Multiple images in presentation copyright their legitimate owners.This is an uncompensated educational presentation.Fair use claimed under 17 U.S.C. 107Nyeahh!
Thank you!
