Michael McDonnellGIAC Certified Intrusion Analyst
Creative Commons License: You are free to share and remix but you must provide attribution and you must share alike.
Information SecurityInformation SecurityA Practical IntroductionA Practical Introduction
What does “Security” mean?
?
What is Information Security About?
InfoSec is about… VirusesViruses
InfoSec is about… HackersHackers
InfoSec is about… VandalismVandalism
InfoSec is about… BackupsBackups
InfoSec is about… TheftTheft
InfoSec is about… Computer “Uptime”
InfoSec is about… PhonesPhones
InfoSec is… about InformationInformation
Information Security as an OutcomeOutcome
"Our systems areare secure from hackers“
"We havehave blocked 17,342 viruses to date“
“Our systems are all online“
“Insiders cannotcannot steal our information”
“We have backups”
““We are Secure”We are Secure”
Information Security as a ProcessProcess
“We want to improveimprove security“
"We need to protect against moremore threats"
"We want to reducereduce risk"
"We want to increaseincrease customer confidence"
"We want to decreasedecrease the number of compromises"
““We want to be We want to be more Secure”more Secure”
InfoSec is… Risk ManagementRisk Management
IdentifyA
nalyzeM
easu
re
PlanImplement
What is at Risk?
ConfidentialityConfidentiality
IntegrityIntegrity
AvailabilityAvailability
Defence in DepthDefence in Depth lowers Risk
Firewalls do not make you secureAnti-virusAnti-virus does not make you secure
PoliciesPolicies do not make you secureVPNsVPNs do not make you secure
Guards do not make you securePasswordsPasswords do not make you secure
Together they all make you MOREMORE
secure
Threat: Denial of Service
Counter: Firewalls and Switches
An unpatched server was compromised and used to distributed 20 GB of videos with French language titles. The problem was discovered when the server was blocked for excessive bandwidthexcessive bandwidth usage.
??
Threat: Unintentional DoS
French Puppet Videos!
The server was distributing 20 GB of French Puppet VideosFrench Puppet Videos. The cleanup time was 7 hours. If they had just asked we would have probably found someone to host the videos for them!
Counter: Change ManagementChange Management
Counter: Monitoring
Threat: SQL Injection Attack
Counter: Vulnerability Scanning
Counter: Developer Training
Counter: Web Application Firewall
Threat: The Man-in-the-Middle
The Pineapple
1. Pretends to be YOURYOUR home wifi network.
2.2. RecordsRecords what you do on the Internet.
Counter: 2 Factor Authentication
YUBIKEY SecurID
Google 2FA
Threat: Insiders
Counter: DLP and DPI
Deep Packet Inspection (DPI): Firewalls inspect every packet on the network and rebuild the entire message.
Data Loss Prevention (DLP): Uses DPI and pattern matching to look for suspicious content being sent FROM your network.
Threat: Malvertisements
Why D.I.D? It never rainsrains… it pourspours
1. The OS Vendor stopped providing patches2. The server was hacked3. A hard disk failed4. A cooling fan died & it crashes every 2hr5. The software vendor wanted more money6. Hardware support had not been paid for
Final Threat: The A.P.T.
Advanced Persistent Threat
InfoSec is… Everyone’s Responsibility
ConfidentialityConfidentiality
IntegrityIntegrity
AvailabilityAvailability
