justin david pineda, c|eh lyceum of the philippines ... · legal & regulations – ra 8750, ra...
TRANSCRIPT
![Page 1: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/1.jpg)
Justin David Pineda, C|EH Lyceum of the Philippines University (LPU) Batangas City, Batangas February 2, 2105 http://justinspeaks.wordpress.com
![Page 2: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/2.jpg)
Present: Sr. Application Security
Specialist, The Coca-Cola Company
Faculty (Part-time), Asia Pacific College
Past
Security Analyst, Silversky
![Page 3: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/3.jpg)
The need for information security Summary of security threats 2014 Balancing security in the industry Demand for information security
professionals Security certifications
![Page 4: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/4.jpg)
![Page 5: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/5.jpg)
![Page 6: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/6.jpg)
![Page 7: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/7.jpg)
Software Development – Creating a secure application
Network Administration– Deployment of firewalls, intrusion detection systems
Think about a security problem that must be solved and apply your CS skills.
![Page 8: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/8.jpg)
![Page 9: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/9.jpg)
![Page 10: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/10.jpg)
![Page 11: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/11.jpg)
![Page 12: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/12.jpg)
![Page 13: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/13.jpg)
![Page 14: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/14.jpg)
![Page 15: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/15.jpg)
![Page 16: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/16.jpg)
![Page 17: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/17.jpg)
![Page 18: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/18.jpg)
![Page 19: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/19.jpg)
![Page 20: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/20.jpg)
April 2014
![Page 21: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/21.jpg)
Security bug in OpenSSL cryptography library.
Results from improper input validation. Registered under CVE-2014-0160. Discovered by Canadian Cyber Incident
Response Centre. Approx. half a million web servers are
affected.
![Page 22: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/22.jpg)
Heartbeat – extension for keep alive of secure communications
Problem: No bounds checking Status of different versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are
vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable
![Page 23: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/23.jpg)
![Page 24: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/24.jpg)
![Page 25: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/25.jpg)
September 2014
![Page 26: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/26.jpg)
Security bug used in UNIX bash shell Allows attacker to execute arbitrary
commands remotely to vulnerable versions. Registered under CVE-2014-627.
![Page 27: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/27.jpg)
Affected systems:
Linux, BSD, and Mac OS X distributions
All unpatched Bash versions between 1.14 through 4.3 (i.e. all releases until now) are at risk.
Test on your system: env 'VAR=() { :;}; echo Bash is vulnerable!'
'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
![Page 28: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/28.jpg)
![Page 29: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/29.jpg)
Update Bash version.
![Page 30: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/30.jpg)
![Page 31: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/31.jpg)
Companies are starting to move their infrastructure in the cloud.
Caveats:
You lack control of the infrastructure.
You rely on a third-party implementation.
![Page 32: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/32.jpg)
Reality: Smart devices are getting smaller and smaller yet more powerful than before.
Caveats: How will companies react?
Should they suppress the use of these devices?
What are the threats of these smart devices?
![Page 33: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/33.jpg)
Issues on taking response when a security issue is reported.
For example, BayanPatrol, Hulicam etc. What should be the process for incident
response?
![Page 34: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/34.jpg)
Very strict security policies
no USB’s or any removable media
limited websites that can be visited
not allowed to send non-work related e-mails using company e-mail
![Page 35: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/35.jpg)
Need to change password every 30 days Password complexity Reusing of passwords are prohibited (min
days of password change required)
![Page 36: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/36.jpg)
![Page 37: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/37.jpg)
![Page 38: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/38.jpg)
![Page 39: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/39.jpg)
![Page 40: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/40.jpg)
Relatively young in the PH High demand for security professionals Supply is relatively low compared to other IT
roles. Security Operations/Information Risk
Manager is starting to become an independent department.
![Page 41: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/41.jpg)
IT Security is just a subset of Infosec IT Security:
Application Security – securing applications
Host Security – AV, personal firewall
Network Security – firewalls, anti-spam, intrusion detection systems
![Page 42: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/42.jpg)
Physical security – external and internal controls
Personnel security – manage security guards Operational security – policies (e.g. no ID no
entry, AUP) Risk management – assessment, remediation Legal & Regulations – RA 8750, RA 10175
![Page 43: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/43.jpg)
![Page 44: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/44.jpg)
CS/IT doesn’t have a board exam. You need certifications to prove your
expertise. (getting a driver’s license) You need to practice what you learned. Certifications are internationally recognized. Certifications will help you professionally. Goal: Specialist to Management
![Page 45: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/45.jpg)
![Page 46: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/46.jpg)
![Page 47: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/47.jpg)
![Page 48: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/48.jpg)
![Page 49: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/49.jpg)
![Page 50: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/50.jpg)
![Page 51: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/51.jpg)
![Page 52: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/52.jpg)
Are we being watched?
![Page 53: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/53.jpg)
Explore the cybercrimes Create meaningful laws that
would “really” benefit the public. Public, specifically Filipinos, must
be protected when transacting online.
![Page 54: Justin David Pineda, C|EH Lyceum of the Philippines ... · Legal & Regulations – RA 8750, RA 10175](https://reader030.vdocuments.net/reader030/viewer/2022021501/5ad933887f8b9a3e578e5dcf/html5/thumbnails/54.jpg)