Abhinav Biswas Alapati Sarath

• APTs (Advanced Persistent Threats)

• Virtualization & Cloud Security

• Security vs Privacy vs Anonymity

• People - Process - Product (Era of ‘Smart’ Things)

• Cloud - M2M - Sensors

• From Virtualization to Containerization

• Shift in DevOps – Demo of Web hosting through containers

• TOR – Being Anonymous on Internet

• Demo of TOR hidden service

100 TB Data Stolen & Exposed, Twitter Profiles Defaced, State-Sponsored

Personal Info of Employees, Corporate E-mails & Source Codes VPN security tokens & private keys Box Office Projections Copies of Unreleased Films GBs of Data Destroyed & Deleted

Initial Allegations on China & disgruntled Ex-employees of Sony.US claims it’s by Hacktivists of North Korea

Privacy fears over 'smart' Barbie that can listen to your kids

World’s First Interactive Doll

Uses Voice Recognition technology

Plays interactive games, tells jokes

Tailors conversations based on history

– November 2015

Users' account information, Home Wi-Fi networks, and Audio MP3 files recorded by the doll

Identity Theft – The Next Big Issue, Almost 157,000 People affected

3 employees of Wipro Call Centre, Kolkata got Arrested

Personal Info of Employees & Families, Thousands of Bank account details, Credit Card numbers Telecom Usage Data & Statistics

Demonstrated at Black Hat USA 2015,

Chrysler Recalled 1.4M Vehicles for Bug Fix

Reverse Engineered Car Firmware & Communications Protocol,

taking over Dashboard functions, Steering, Transmission and Brakes

Yeah even it happened….

An Italian Company, founded in 2003

Offensive Intrusion & Surveillance Technologies

Clients across a dozen of countriesin 6 different continents

Spy as a Service

A Torrent file with 400GB of internal documents, source code & email communications Leaked…

Advanced Persistent Threats (APT)

Lure Redirect ExploitKit

DropperFile

CallHome

DataTheft

Recon

To protect our Systems, Networks & Data Centers

Let’s reconsider the technology behind security products

3 FORWARD FACING ONLY, LACK OUTBOUND PROTECTION

No contextual analysis of Internal Threats.

2 LACK OF REAL-TIME INLINE CONTENT ANALYSIS

No Byte-Range Data Packet Analysis for

Data Loss/ Theft Detection

Lame Firewall Policies

4 LACK OF ADVANCED ANALYTICS& ANOMALY DETECTION

No Analytics in existing UTMs, NGFWs.

No SSL packet inspection.

1 PRIMARILY BASED ON SIGNATURE & REPUTATION

Signature history cannot keep up with the

dynamic future of threats, No Sandboxing

What security researchers & companies are doing?

• Concept of the network perimeter evaporates (Co-located VMs)

- No Physical Segregation across VMs

• Lack of Persistence, Tougher Forensics

• Multi-Tenant Instance Isolation in SDDCs

• Randomized Memory mapping in Cloud Instances

• Homomorphic Encryption

SECURITY PRIVACY ANONYMITY

With the Era of ‘Smart’ Things.…

What is IOT Exactly?

Refers to the ever-growing network of physical objects withconnectivity, communication and cognizance.

What is “Things” in IoT ?

By things it’s Smart Tablets Phones PC, Medical devices, POSTerminals, ATM, Handheld Scanners, blah blah blah….

But it’s much more

Cloud & Network Enabled Infrastructure, Supply Chain Things,Transactional Data, ERP Data, CRM Data, PLC Data, Public Data,Social Data

IoT automates life, allows to connect with people, machines and bots.

Things are getting ’Smart’er….

Cheap Hardware costs

Highly Available Data centers and Cloud Services

Improved Data Analytics

Manufacturing of Smart Devices

Improved protocols and easy communication

Sensors• Proximity , accelerometer, Moisture , Gyroscope,

Ambient Light, heartbeat sensor, pedometer

• You are under continuous surveillance

Connectivity• WiFi, Bluetooth, ZigBee, Z-Wave

• 6LowPAN, Thread, Sigfox, Neul , LoRaWAN

People & Process• Cloud services, Micro services

• One-tap Remote management

“A person employed in a portto load and unload ships.”

Open platform to Build, Ship, Run distributed applications fordevelopers and sysadmins.

Allows you to package an application with all of its dependenciesinto a standardized unit for software development.

You can separate your applications from your infrastructure &treat your infrastructure like a managed application.

Helps you ship code faster, test faster, deploy faster, and shortenthe cycle between writing code and running code.

To run different applications on asingle machine, we installed virtualmachines.

Virtualization allowed us to• Run multiple operating systems on one

physical machine

• Move and copy virtual machines by savingthe entire state of a virtual machine to files

An application along withnecessary binaries and librariesand an entire guest operatingsystem installed all of which maybe tens of GBs in size.

A program that allocates the host hardware's processor, memory & resources to each of VM or

Guest OS to be able to run its own programs.

Native hypervisors (Type-1) run on the host's hardwareto control it as well as manage the virtual machines on it.• E.g. Microsoft Hyper-V hypervisor, VMware ESX/ESXi, Oracle VM Server for

x86, KVM, or Citrix XenServer.

Hosted hypervisors (Type-2) run as a software on top ofan OS such as Windows, Linux or FreeBSD• E.g. Virtage hypervisor, VirtualBox and VMWare Workstation

Containers have similar resourceisolation and allocation benefitsas VMs but a differentarchitectural approach allowsthem to be much more portableand efficient.

Docker allows us toi. Run applications without installing

entire guest operating systems.

ii. Deploy ready-to-run, portablesoftware, easier migration, andfaster restarts.

Containers wrap up a piece ofsoftware in a complete filesystemthat contains everything it needsto run: code, runtime, systemtools, system libraries.

But share the kernel with othercontainers.

They run as an isolated process inuserspace on the host operatingsystem.

They’re also not tied to anyspecific infrastructure – Dockercontainers run on any computer,on any infrastructure and in anycloud.

Docker Engine handles virtualization parameterssuch as allocation of the file system whenlaunched. whereas the hypervisor needs to firstimport the virtual machine,then power it up.

A system administrator needs to maintain thehypervisor for VM. However, the Docker engine islightweight container running on host OS.

Accelerate Developer Onboarding, dynamicallychange your application from adding newcapabilities to quickly changing problem areas.

Eliminate Environment Inconsistencies(“it works on my system”)

Microsoft Azure

Amazon web services

Google Cloud platform

Oracle Cloud

RedHat Enterprise Linux

IBM Bluemix

Docker uses a client-server architecture.

Docker client: The primary user interface to Docker.- It accepts commands from the user and communicates

back & forth with a Docker daemon.

Docker daemon: Runs on a host machine & does building,running, and distributing Docker containers.

Other Docker Resources

• Docker images: read-only templates from which Docker containersare launched.(e.g. Ubuntu operating system with Apache server)

• Docker registries: public or private stores from which you upload ordownload images

• Docker containers: everything that is needed for an application torun.

Installation of Docker

Web Hosting through Containers

Smart Dust

I IDeep Web & Dark Web

WikiLeaks

The Onion Router – Gateway to Anonymity

A free software and an open network that simply makes you anonymous online.

Conceals its users’ identity and their online activity fromsurveillance and traffic analysis.

Used by Activists, Whistle Blowers, Journalists, SensitiveBusinesses, Bloggers, Military

Illicit Uses: Selling Drugs and Weapons, Silk Route, ChildPornography

So to hide your privacy, hide behind a Onion

The Onion Router

Layers of Encryption, Peeled of at every subsequent node

Each relay node knows only which node gave it data & which node it is giving data to

Separate set of encryption keys for each node along the complete circuit

No observer at any single point can tell where the data came from or where it's going

The .onion domain

Tor Browser

Orbot

Using Tor Browser to Connect to Internet

Hosting Tor Hidden Service in 3 minutes

(https://xxxxyyyyzzzz.onion)

We tend to Over-estimate the effect of a technology in the short run

and Under-estimate the effect in the long run.

- Amara’s Law

“It ain't what you don't know that gets you into trouble.

It's what you know for sure that just ain't so.”

AbhinavBiswas@ecil.gov.in

@Abhinav_BIswas