Technical Cyber Defense Strategies Explained!
-
Upload
microsoft-technet-belgium-and-luxembourg -
Category
Documents
-
view
998 -
download
2
description
Transcript of Technical Cyber Defense Strategies Explained!
![Page 1: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/1.jpg)
Technical Cyber Defense Strategies Explained
Marcus Murray & Hasain AlshakartiTruesec Security Team, MVP-Enterprise Security x2
![Page 2: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/2.jpg)
Marcus Murray Hasain Alshakarti
![Page 3: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/3.jpg)
WARNING!Session format
=DISCUSSION!
![Page 4: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/4.jpg)
Soo.. What does it take to be hack-proof?
![Page 5: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/5.jpg)
Let´s start with the big picture!
![Page 6: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/6.jpg)
We all know what a network looks like..
Web Srv Mail Srv
File SrvDC Mail Srv
ClientClient
Attacker
![Page 7: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/7.jpg)
Internet Strategy
Web Srv Mail Srv
SqlSrvDC FileSrv
Client
UserAdmin
Client
Attacker
Front-end
Back-end
Client
![Page 8: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/8.jpg)
Traditional internal Strategy
Web Srv Mail Srv
SqlSrvDC FileSrv
Client
UserAdmin
Client
AttackerFront-end
Back-end
Admin
Client
![Page 9: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/9.jpg)
Demo – Hacking SQL..
SqlSrv Attacker
![Page 10: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/10.jpg)
Traditional Internet strategy
FileSrv
Client
Attacker
Internet Front-end
Internal Front-end
Client network(Internet)
Internet back-end
Internal back-end
Cloud Front-end
Cloud back-end
WorldAccessible
Client network(Managed)
Trusted access
World access
Admin access
Client
Client
Client Client
![Page 11: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/11.jpg)
Apply Internet strategy internally
Internet Front-end
Internal Front-end
Client network(Managed)
Secure Access Layer
Client network(Internet)
Internet back-end
Internal back-end
Cloud Front-end
Cloud back-end
WorldAccessible
Trusted access
World access
Admin access
Client
Client
Attacker
![Page 12: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/12.jpg)
Let´s add som future.. (today for some..)
Internet Front-end
Internal Front-end
Client network(Managed)
Secure Access Layer
Client network(Internet)
Internet back-end
Internal back-end
Cloud Front-end
Cloud back-end
WorldAccessible
Trusted access
World access
Admin access
Client
Client
Attacker
Fabric controllersFabric controllers.
![Page 13: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/13.jpg)
Implementing Secure networking - DEMO
• Ipsec domain isolation• Direct Access• Ipsec server isolation
![Page 14: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/14.jpg)
Domain Isolation - Demo
Internal
Client network(Managed)
Trusted access
World access
Admin accessClient
Attacker
Client
File Srv
Sql Srv
Attacker
![Page 15: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/15.jpg)
Direct access - Demo
Internal
Client network(Managed)
Secure Access LayerWorldAccessible
Trusted access
World access
Admin accessClient
Attacker
Client
DA Srv
File Srv
Sql Srv
![Page 16: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/16.jpg)
Server isolation - Demo
Internal Front-end
Client network(Managed)
Secure Access Layer
Internal back-end
WorldAccessible
Trusted access
World access
Admin accessClient
Attacker
Client
DA Srv
File Srv
Sql Srv
![Page 17: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/17.jpg)
So, if the clients are on the ”internet” all the time..
• Physical access• Firewall• Patching• Non-admin• Malware protection• Secure transport
Client
User
Web Srv
Attacker
![Page 18: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/18.jpg)
Physical access protection
• Bitlocker• Protect from DMA access!
– http://support.microsoft.com/kb/2516445
![Page 19: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/19.jpg)
Local Firewall
• Is there ANY reason why the client firewall must allow inbound traffic at any time?
Client
User
Web Srv
AttackerClient
User
![Page 20: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/20.jpg)
Patching, of course, but what about the 0-days?
• Non-Admin• Early mitigations• Patching strategy
Client
User
Web Srv
AttackerClient
User
![Page 21: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/21.jpg)
Malware protection
• Macro settings• Antivirus? Yes or No?• Remember applocker?
Attacker
Client
User
![Page 22: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/22.jpg)
Secure transports….
• Weak protocols…– Clear text– NTLM configurations
• Direct access!• IPSEC!
Client
User
Web Srv
AttackerClient
User
![Page 23: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/23.jpg)
So, what about BYOD?
Internet Front-end
Internal Front-end
Client network(Managed)
Secure Access Layer
Client network(Internet)
Internet back-end
Internal back-end
Cloud Front-end
Cloud back-end
WorldAccessible
Trusted access
World access
Admin access
Client
Client
Attacker
• Application classification• Data classification
![Page 24: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/24.jpg)
..and… adminclients
• Should an adminuser/computer be on the ”internet”?
• Should an admin user read email?
• Safe admin access– Non compromized computer– Trusted communication channel– Robust exposure of admin interface
• Robust services• Limited number of administrators
– Authentication– Authorization
Client
Admin
DC
Attacker
![Page 25: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/25.jpg)
And let´s talk about server services.
• Robust service– Authentication– Authorization
• Firewall• Patching• privs• depencencies• Admin exposure
Client
User
Web Srv
Attacker
![Page 26: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/26.jpg)
Web server attack
Web SrvAttacker
![Page 27: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/27.jpg)
Marcus Murray Hasain Alshakarti
![Page 28: Technical Cyber Defense Strategies Explained!](https://reader033.fdocuments.us/reader033/viewer/2022061201/54799a2ab4af9f894e8b4586/html5/thumbnails/28.jpg)
Thank you for listening!