geek night 15.0 - touring the dark-side of the internet
TRANSCRIPT
• APTs (Advanced Persistent Threats)
• Virtualization & Cloud Security
• Security vs Privacy vs Anonymity
• People - Process - Product (Era of ‘Smart’ Things)
• Cloud - M2M - Sensors
• From Virtualization to Containerization
• Shift in DevOps – Demo of Web hosting through containers
• TOR – Being Anonymous on Internet
• Demo of TOR hidden service
100 TB Data Stolen & Exposed, Twitter Profiles Defaced, State-Sponsored
Personal Info of Employees, Corporate E-mails & Source Codes VPN security tokens & private keys Box Office Projections Copies of Unreleased Films GBs of Data Destroyed & Deleted
Initial Allegations on China & disgruntled Ex-employees of Sony.US claims it’s by Hacktivists of North Korea
Privacy fears over 'smart' Barbie that can listen to your kids
World’s First Interactive Doll
Uses Voice Recognition technology
Plays interactive games, tells jokes
Tailors conversations based on history
– November 2015
Users' account information, Home Wi-Fi networks, and Audio MP3 files recorded by the doll
Identity Theft – The Next Big Issue, Almost 157,000 People affected
3 employees of Wipro Call Centre, Kolkata got Arrested
Personal Info of Employees & Families, Thousands of Bank account details, Credit Card numbers Telecom Usage Data & Statistics
Demonstrated at Black Hat USA 2015,
Chrysler Recalled 1.4M Vehicles for Bug Fix
Reverse Engineered Car Firmware & Communications Protocol,
taking over Dashboard functions, Steering, Transmission and Brakes
Yeah even it happened….
An Italian Company, founded in 2003
Offensive Intrusion & Surveillance Technologies
Clients across a dozen of countriesin 6 different continents
Spy as a Service
A Torrent file with 400GB of internal documents, source code & email communications Leaked…
Let’s reconsider the technology behind security products
3 FORWARD FACING ONLY, LACK OUTBOUND PROTECTION
No contextual analysis of Internal Threats.
2 LACK OF REAL-TIME INLINE CONTENT ANALYSIS
No Byte-Range Data Packet Analysis for
Data Loss/ Theft Detection
Lame Firewall Policies
4 LACK OF ADVANCED ANALYTICS& ANOMALY DETECTION
No Analytics in existing UTMs, NGFWs.
No SSL packet inspection.
1 PRIMARILY BASED ON SIGNATURE & REPUTATION
Signature history cannot keep up with the
dynamic future of threats, No Sandboxing
What security researchers & companies are doing?
• Concept of the network perimeter evaporates (Co-located VMs)
- No Physical Segregation across VMs
• Lack of Persistence, Tougher Forensics
• Multi-Tenant Instance Isolation in SDDCs
• Randomized Memory mapping in Cloud Instances
• Homomorphic Encryption
SECURITY PRIVACY ANONYMITY
Refers to the ever-growing network of physical objects withconnectivity, communication and cognizance.
What is “Things” in IoT ?
By things it’s Smart Tablets Phones PC, Medical devices, POSTerminals, ATM, Handheld Scanners, blah blah blah….
But it’s much more
Cloud & Network Enabled Infrastructure, Supply Chain Things,Transactional Data, ERP Data, CRM Data, PLC Data, Public Data,Social Data
IoT automates life, allows to connect with people, machines and bots.
Things are getting ’Smart’er….
Cheap Hardware costs
Highly Available Data centers and Cloud Services
Improved Data Analytics
Manufacturing of Smart Devices
Improved protocols and easy communication
Sensors• Proximity , accelerometer, Moisture , Gyroscope,
Ambient Light, heartbeat sensor, pedometer
• You are under continuous surveillance
Connectivity• WiFi, Bluetooth, ZigBee, Z-Wave
• 6LowPAN, Thread, Sigfox, Neul , LoRaWAN
People & Process• Cloud services, Micro services
• One-tap Remote management
“A person employed in a portto load and unload ships.”
Open platform to Build, Ship, Run distributed applications fordevelopers and sysadmins.
Allows you to package an application with all of its dependenciesinto a standardized unit for software development.
You can separate your applications from your infrastructure &treat your infrastructure like a managed application.
Helps you ship code faster, test faster, deploy faster, and shortenthe cycle between writing code and running code.
To run different applications on asingle machine, we installed virtualmachines.
Virtualization allowed us to• Run multiple operating systems on one
physical machine
• Move and copy virtual machines by savingthe entire state of a virtual machine to files
An application along withnecessary binaries and librariesand an entire guest operatingsystem installed all of which maybe tens of GBs in size.
A program that allocates the host hardware's processor, memory & resources to each of VM or
Guest OS to be able to run its own programs.
Native hypervisors (Type-1) run on the host's hardwareto control it as well as manage the virtual machines on it.• E.g. Microsoft Hyper-V hypervisor, VMware ESX/ESXi, Oracle VM Server for
x86, KVM, or Citrix XenServer.
Hosted hypervisors (Type-2) run as a software on top ofan OS such as Windows, Linux or FreeBSD• E.g. Virtage hypervisor, VirtualBox and VMWare Workstation
Containers have similar resourceisolation and allocation benefitsas VMs but a differentarchitectural approach allowsthem to be much more portableand efficient.
Docker allows us toi. Run applications without installing
entire guest operating systems.
ii. Deploy ready-to-run, portablesoftware, easier migration, andfaster restarts.
Containers wrap up a piece ofsoftware in a complete filesystemthat contains everything it needsto run: code, runtime, systemtools, system libraries.
But share the kernel with othercontainers.
They run as an isolated process inuserspace on the host operatingsystem.
They’re also not tied to anyspecific infrastructure – Dockercontainers run on any computer,on any infrastructure and in anycloud.
Docker Engine handles virtualization parameterssuch as allocation of the file system whenlaunched. whereas the hypervisor needs to firstimport the virtual machine,then power it up.
A system administrator needs to maintain thehypervisor for VM. However, the Docker engine islightweight container running on host OS.
Accelerate Developer Onboarding, dynamicallychange your application from adding newcapabilities to quickly changing problem areas.
Eliminate Environment Inconsistencies(“it works on my system”)
Microsoft Azure
Amazon web services
Google Cloud platform
Oracle Cloud
RedHat Enterprise Linux
IBM Bluemix
Docker uses a client-server architecture.
Docker client: The primary user interface to Docker.- It accepts commands from the user and communicates
back & forth with a Docker daemon.
Docker daemon: Runs on a host machine & does building,running, and distributing Docker containers.
Other Docker Resources
• Docker images: read-only templates from which Docker containersare launched.(e.g. Ubuntu operating system with Apache server)
• Docker registries: public or private stores from which you upload ordownload images
• Docker containers: everything that is needed for an application torun.
The Onion Router – Gateway to Anonymity
A free software and an open network that simply makes you anonymous online.
Conceals its users’ identity and their online activity fromsurveillance and traffic analysis.
Used by Activists, Whistle Blowers, Journalists, SensitiveBusinesses, Bloggers, Military
Illicit Uses: Selling Drugs and Weapons, Silk Route, ChildPornography
So to hide your privacy, hide behind a Onion
The Onion Router
Layers of Encryption, Peeled of at every subsequent node
Each relay node knows only which node gave it data & which node it is giving data to
Separate set of encryption keys for each node along the complete circuit
No observer at any single point can tell where the data came from or where it's going
Using Tor Browser to Connect to Internet
Hosting Tor Hidden Service in 3 minutes
(https://xxxxyyyyzzzz.onion)
We tend to Over-estimate the effect of a technology in the short run
and Under-estimate the effect in the long run.
- Amara’s Law
“It ain't what you don't know that gets you into trouble.
It's what you know for sure that just ain't so.”
@Abhinav_BIswas