dc970 presents: defense in depth
TRANSCRIPT
![Page 1: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/1.jpg)
DEFENSE-IN-DEPTH TO SECURE YOUR ORGANIZATION@DC970October 20, 2015
![Page 2: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/2.jpg)
AGENDA Who is DC970? Defense-in-Depth Components Trends Discussion
![Page 3: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/3.jpg)
WHO IS DC970 DEF CON is one of the world’s largest hacker
conferences Occurs annually in Las Vegas 16,000+ attended in 2014; 20,000+ in 2015
DC970 is a local meet up with similar interest Meets the 3rd Thursday of the month at Wild Boar Café – 7pm
One of a handful of groups around Northern Colorado Not on Meetup.com --- Should we be?
![Page 4: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/4.jpg)
DEFENSE – IN – DEPTH Full scope: Personnel, Procedural, Technical and Physical Expect any single layer to fail/be defeated (e.g. 0-day) Add layers to mitigate impact of any single layer failing Could be 3 or 30 layers Medieval Castle, Military base Warcraft/AOE/CnC strategy – e.g. All zergs Again: Expect and Accept losses at any layer
![Page 5: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/5.jpg)
OLD SCHOOL DEFENSE
![Page 6: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/6.jpg)
![Page 7: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/7.jpg)
C-I-A TRIAD
![Page 8: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/8.jpg)
COMPONENTS Perimeter FW IPS Anti-virus Web Proxy Filters Hardened OS Patch Management Two/Three-factor
authentication
![Page 9: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/9.jpg)
COMPONENTS Application Sandboxing Multiple DMZs (e.g.
untrusted client subnet) NAP / NAC (network
sandbox) Physical security Password policies
(long/complex password
requirements) Log correlation Supply Chain
![Page 10: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/10.jpg)
STATE OF THE UNION Industry reports from multiple vendors Microsoft – Security Intelligence
Report Symantec – Internet Security Threat
Report Verizon – Data Breach Investigations
Report
![Page 11: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/11.jpg)
SYMANTEC – 2012 From DC970’s first presentation in 2013…
31% of attacks targeted at businesses with fewer than 250 employees
32% of mobile threats are designed to steal information 69% of all email is spam 5291 new vulnerabilities discovered in 2012 (14.5/daily) One ‘watering hole’ attack infected 500 orgs in one day
![Page 12: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/12.jpg)
DBIR 2015 - PATCHING 99.9% exploits were compromised more
than a year after the CVE released 2008 number was 71% E.g. MS08-067 = CVE-2008-4250
DBIR 2015, p19
![Page 13: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/13.jpg)
DBIR 2015 – PHISHING 23% of recipients open
messages 11% click on attachments
First click: Average 82 seconds Overall: 50% of ‘clickers’ click
within one hour of the attack
DBIR 2015 p.12
![Page 14: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/14.jpg)
DBIR 2015 - OTHER Mobile devices NOT a preferred vector in data breaches No ‘one size fits all’ approach to security
Size Industry Sector
![Page 15: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/15.jpg)
DBIR 2015 – OOPS! Accidental C-I-A breach 30% - Misdelivery of sensitive info to incorrect recipients 17% - Published to public web server 12% - Improper disposal of info (personal, medical, etc…) Total of 60% attributed to sysadmin error 35% of systems are vulnerable to USB-initiated attacks
DBIR 2015 p51
![Page 16: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/16.jpg)
E-COMMERCE WEB APP HACK Why?—Because the threat actor
made changes in the payment application code to capture and send data when processed.
Why?—They bypassed authentication to upload a backdoor to the server via Remote File Inclusion (RFI)
Why?—Because the JBoss version was outdated and vulnerable to a widely known attack.
Why?—Because the server software hadn’t been updated in
years. Why?—This is where it gets tricky. Because...they thought their
third-party vendor would do it? Because...they thought they had,
but failed to check implementation? Because...they had insufficient processes in place to manage their risk?
DBIR 2015 p55
![Page 17: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/17.jpg)
RECOMMENDATION Educate your organization’s users Patching!
Qualys BrowserCheck Filtered internet access
OpenDNS Account Security
Password Manager Don’t reuse passwords
![Page 18: DC970 Presents: Defense in Depth](https://reader033.vdocuments.net/reader033/viewer/2022042604/58759b161a28ab6d198b5235/html5/thumbnails/18.jpg)
WOULD YOU LIKE TO SEE MORE? If DC970 came back, what topic / demo would
you like to see?