Go Secure October 20, 2015 East Port Meeting and Event Center

Size: px

Start display at page:

Download "Go Secure October 20, 2015 East Port Meeting and Event Center"

Elfreda Day
5 years ago
Views:

1 Go Secure October 20, 2015 East Port Meeting and Event Center

2 Today s Agenda 8:30 Sign in, light breakfast, seating 9:00 Welcome Emerging Threats, Trends, and News CIAN CEO 9:30 Collating Your Log Activity LogRhythm 10:30 Break 10:45 Is There a Man in the Middle of Your Network? CIAN Eng 11:00 Pwning Home and Network Scanning CIAN Eng 11:30 Lunch 12:00 Choosing the Right Wireless PacketPower 1:00 If It Quacks Like a Duck - CIAN Eng 1:30 Who Lives in A Pineapple Under Your Desk? CIAN Eng 2:00 Break 2:15 What s Hovering Overhead? CIAN Eng 2:45 Closing remarks, Q&A, Networking

3 Welcome Logistics CIAN Emerging Threats This Year s Hacks and News Infrastructure Threat Technology Disruptions Let s Dig Deeper Analyze don t accept Llamas and turtles and duckies oh, my!

4 Let s Go Shopping!

6 Cool Security Sites COOL SITES Apps: NewsFusion (Security Feeds) PodCasts: SANS Institute PodCasts: CERT PodCast: Security for Business Leaders

7 LogRhythm Overview Richard Patrick, Sales Engineer

8 The LogRhythm Difference Focus Innovation Holistic Threat Analytics End-to-End Threat Lifecycle Management Platform Scalability & Flexibility Customer Commitment & Rapid Time to Value

9 Is There a Man in the Middle of Your Network? Covert systems administration and penetration tool Use of SSH software such as PuTTY, or through SSH on Linux Remote Access Network Intelligence Man-in-the-Middle LAN TURTLE

10 Covertly installed to provide remote access to the whole network. Surreptitiously installed to poison DNS Secretly installed to intercept and log web traffic Exfiltration of shared data from within the host LAN to an outside SSH filesystem Act as an OpenVPN Gateway Quickly initiate an automated map Provide a persistent reverse shell over SSH Masquerade as a legitimate USB Ethernet adapter Man in the Middle

11 MANY Ways to Get a Device Installed Within a Network Covertly installed in an available USB port on the back of a desktop computer Concealed in a network closet Concealed in a telephone room Concealed in a server rack Man in the Middle

IoT = Insecurity of Things Internet of Things (IoT) - network of physical objects embedded with electronics, software, sensors, and network connectivity Enables these objects to collect and exchange

13 IoT = Insecurity of Things Internet of Things (IoT) - network of physical objects embedded with electronics, software, sensors, and network connectivity Enables these objects to collect and exchange data Allows objects to be sensed and controlled remotely Creates opportunities for more direct integration Completely changed creating potential for a great deal of insecurity Networks are being bombarded with hundreds of devices Interact Track Monitor Simplify

Laptops and Tablets Mobile Phones Printers, Scanners, Fax Routers, Switches, Servers Thermostat Monitoring Bluetooth Devices Fitness / Wellness Monitors Music Devices Lighting Controls Home Security

14 Laptops and Tablets Mobile Phones Printers, Scanners, Fax Routers, Switches, Servers Thermostat Monitoring Bluetooth Devices Fitness / Wellness Monitors Music Devices Lighting Controls Home Security Devices Baby Monitors TV s / DVD s Players Home Automations Smart Scales / Body Analyzers Smart Watches Sleep Tracking Devices Drones Wi-Fi Cameras Smart Cooking Devices Smart Appliances Smart Locks Smart Weather Stations Smart Clothing Audio Recording Devices Smart Glasses Plant Health Trackers Activity Trackers Credit Card POS Devices Key Tracking Vehicle Tracking Vehicle Wi-Fi AND SO MANY MORE

15 Risks Associated with Today s Internet of Things in Business The following are the most significant* Extensive number of important and concerning findings regarding IoT within businesses 1. IoT devices are actively penetrating regulated industries (healthcare, energy infrastructure, government, financial services, and retail) 2. Three principal risks a) Introduce new avenues for potential remote exploitation b) The infrastructure to enable is beyond both the user and IT s control c) IT often has a casual approach leaves unmonitored and unpatched *Source: OpenDNS Study The 2015 Internet of Things in the Enterprise Report

16 Risks Associated with Today s Internet of Things in Business (Cont d) 3. Fitbit, Western Digital My Cloud devices, Samsung Smart TVs, and others continuously beacon out to servers in the US, Asia, and Europe even when not in use. 4. External hard drives the most prevalent IoT endpoints observed. Devices are actively transferring data to insecure cloud servers. 5. Survey of more than 500 IT and security professionals found that 23 percent of respondents have no controls in place to prevent someone from connecting unauthorized devices to their company s networks.

17 Notable Internet of Things Breaches Remember the TARGET Breach in 2013? Access was gained through the use of credentials stolen from an HVAC contractor who had remote access into Targets network. TAKE AWAY Even the simple things like heating and cooling can lead to potential breaches

18 SnapChat The SnapChat million users. Website allows users save Snapchat photos and videos Hack exposed over 200,000 images and videos

19 Personal information 145 million users Databases were accessed by using employee login details to get into the corporate system

20 Do you use Apple s icloud? Loophole in the icloud system - using third-party software to access icloud backup accounts. Has been repaired through the use of dual-factor authentication Targeted celebrities but future loopholes will target? Government, Businesses, YOU?

Shellshock Bash Mac OS X, Linux, and Unix systems - potential to remotely execute commands to computers, devices, and websites Interpreter carries out commands on laptops, routers, websites-

21 Shellshock Bash Mac OS X, Linux, and Unix systems - potential to remotely execute commands to computers, devices, and websites Interpreter carries out commands on laptops, routers, websites- potential to put hundreds of millions of devices at risk Hackers went to work quickly to check out who was vulnerable Many companies patched immediately Bash bug still has potential Don't panic patching available Protect yourself by updating your computers and devices with the latest firmware.

22 Are Your Mobile Devices Safe? Cybercriminals Are Taking Notice More people than ever are using smartphones and tablets Revenue = more threats on sensitive transactions such as online shopping and banking

23 Securing Your Internet of Things Knowledge Security Vigilance Resilience

Social Media Targeting is on the RISE Cybercriminals strive to learn our interests, gain our trust, and masquerade as friends Socially engineered attacks hard to spot until the damage is

24 Social Media Targeting is on the RISE Cybercriminals strive to learn our interests, gain our trust, and masquerade as friends Socially engineered attacks hard to spot until the damage is done Social Networking Facebook, Google+, Linkedin, Twitter Content Sharing Pinterest, Facebook, Dropbox, Google Drive Location-based Services Foursquare, Google Latitude, Facebook, Gowalla

Risks to Business Ignoring the fact that Social Media poses a risk (account hijacking, unauthorized account access, content-based threats) Malware Attacks, Network Breaches, Intellectual Property

25 Risks to Business Ignoring the fact that Social Media poses a risk (account hijacking, unauthorized account access, content-based threats) Malware Attacks, Network Breaches, Intellectual Property Theft, Leakage of Sensitive Business Information, Hijacking of Websites and Social Media Accounts, and MANY MORE!! Educate your employees of the risks of Social Media, and the damages that can occur

26 Change Employee Behavior 1. Create, implement, and reinforce policies on acceptable use of social media 2. Promote the use of strong passwords 3. Reinforce network monitoring and data protection policies 4. Choose browsers with high malware block rates 5. Be careful what is posted on LinkedIn Specifically: 1. Employee education program on acceptable use of social media 2. Tell Employees of acceptable things to say on social networking sites about the company 3. Tailor the education program to meet the security knowledge level of your employees 4. Show employees how to recognize current scams and phishing websites, , phone calls, etc. 5. Fully explain the consequences of failure to follow company policies on use of social media 6. Be very clear: jobs are at risk for those who violate the corporate code of conduct for privacy, client confidentiality and intellectual property.

27 Third Party Attacks IT Support Call Scams Targeted Spear Phishing Attacks to small groups within your company V-phishing Attacks

28 Passwords Educate! Strong passwords AND keeping passwords safe SOLUTION: Password Manager Store login credentials safely Store credit card # securely Avoid password cloud based managers Back up your password manager files and reset key RECOMMENDED Program KeePass Free Open-Source password manager. The source code is constantly being audited by the public making it an extremely secure

29 Cloud Based Password Manager Hacked! In June of 2015 LastPass the victim of a cyberattack Compromised addresses, password reminders, server per user salts, authentication hashes, and potentially passwords The company said it believed its encryption measures would protect most users Just one more reason NOT to use a cloud based Password Manager

30 PWNING HOME

31 hoosing the Right ireless for your Data enter GoSecure 2015 APRIL 2015

32 About Packet Power Founded in 2008 Based in Minneapolis, MN Global partner network Customers on 6 continents Over 30,000 monitoring units deployed Packet Power 2015 Packet Power

33 What we do Power monitoring Environmental monitoring Software Packet Power 2015 Packet Power

34 The Data Center Challenge Significant amounts of radio signal impedance Metal, floor tiles, room dividers, etc. Unusually high amount of radio interference Servers, switches Ability to support small or large networks spanning multiple locations Tremendous focus on security Isolation of networks Changes in network topology due to growth No Wifi Policies Packet Power 2015 Packet Power

35 Wireless Checklist Secure Out-of-band Invisible Scalable and Robust Simple to Manage Built for Monitoring Applications Packet Power 2015 Packet Power

36 Secure Encryption is not a complete solution Encryption does not protect from: Packet Power 2015 Breaches by careless insiders Breaches by Malicious outsiders DATA EXPOSURE is the real risk to consider Limit/eliminate the information available Packet Power

37 Out-of-band Independent of your or your customers network Impossible to access any business data Use physically distinct transport protocol Different physical radio systems Frequencies Uni-directional (read only) Packet Power 2015 Packet Power

38 Invisible Avoid networks that easily are detectable using consumer-grade tools Wifi Zigbee Bluetooth Secure networks still subject to disruption or Denial-of-Service (DOS) attacks Packet Power 2015 Packet Power

39 Scalable and Robust Tens to thousands of monitoring points Network performance maintained with growth Optimized for tough data center and IT environments Packet Power 2015 Packet Power

40 Simple to Manage Eliminating Network Management Specialists Ability to act on all devices in parallel Individual device configuration is prohibitively time consuming 1 minute per device on 1000 devices = 17 hours!!! Packet Power 2015 Packet Power

41 Built for Monitoring Demand for monitoring at all levels is growing Must support all types of monitoring devices: Mains powered devices, battery powered devices, parasitically powered devices Ability to monitor devices locked in radioshielded enclosures Creates network traffic and topology patterns not encountered or considered by generic protocols Packet Power 2015 Packet Power

42 Summary Traditional wireless networks (Wi-fi, Zigbee, Bluetooth) are not well suited for challenging data center environments Packet Power 2015 Easy to detect Change infrequently Utilize the same protocols as corporate and consumer data networks Work in radio environments with limited, relatively stable interference Packet Power

43 Packet Power s Approach Make it easy and affordable to obtain power and environmental information where it is of value Providing a wireless monitoring network that meets the data center challenges while being: Secure Simple Scalable Robust Flexible Cost-Effective Packet Power 2015 Packet Power

44 Packet Power Network Basic Mesh Technology Purpose Built-Protocol Solely power and environmental data, network management info Communicates over MHz and 2.4 GHz frequencies Longer wavelengths Navigate high-interference environments better than traditional Certified for use around the globe Packet Power 2015 Packet Power

Basic Mesh Technology Utilize a spread-spectrum frequency-hopping wireless mesh radio network: Increases installation flexibility (physical layout) More resilient network Radio

45 Basic Mesh Technology Utilize a spread-spectrum frequency-hopping wireless mesh radio network: Increases installation flexibility (physical layout) More resilient network Radio frequency subdivided into multiple channels Greatly reduces odds of creating or incurring interference Dynamic Routing Scans network for most optimal path Packet Power 2015 Packet Power

46 Secure Two things: Protection and Prevention Offer full encryption AES-128 for over-the-air Distinct encryption keys can be used to any device(s) Network is less obvious and less attractive target than traditional network technologies Packet Power 2015 Packet Power

47 Secure (Continued) Transmit only mundane information Power, Environmental, Time, GUID, Firmware Designed to prevent it from being used as a platform for intrusion Communication is limited in scope to monitoring information and network performance IP (wired) data is separated from on-air (wireless) data Ethernet Gateway does not broadcast, data must be pulled Packet Power 2015 Packet Power

48 Secure (Continued) Impossible to gain access to a customer s IP network via Ethernet Gateway Ability to implement entire network out of band and isolated from the rest of IP network Network designed has allowed us to pass stringent network security tests at large financial institutions Packet Power 2015 Packet Power

49 Simple Network No pre-installation required Self-forming network Optimizes performance with every transmission Automatically adapts to number of devices on the network Preparation No cable drops, switch port allocation, IP address assignment, network configuration No need to remove existing equipment Packet Power 2015 Packet Power

50 Scalable Designed for growing environments using the mesh design, dynamic routing and purpose-built protocol Simply add devices to the system and they automatically adapt Firmware-Upgrades are over the air without disruption Ability to segregate via wireless network isolation Packet Power 2015 Packet Power

51 Robust Designed for tough conditions Contends with metal and noise long wavelengths multiple paths small transmissions dynamic routing Works for big and small installs Packet Power 2015 Packet Power

52 Flexible Monitor where you want servers, branch circuits, PDUs, panels, switchgear low, medium and high-density tracking Mix and match as you see fit Grow easily over time Fully open and vendor neutral Packet Power 2015 Packet Power

53 Cost Effective Hardware low price per unit no need to run cables or remove existing devices use your existing software Software low total cost instant access to information no need for expensive consultants Shortest time to value Packet Power 2015 Packet Power

54 Packet Power Power monitoring Environmental monitoring Software Packet Power 2015 Packet Power

55 Facility-wide power monitoring Device, branch circuit and mains metering AC and DC Wide range of form factors New build and retrofit Primary uses cost allocation operations management energy efficiency Packet Power 2015 Packet Power

Product line Smart power cables S models:

1-phase > 32A, 3-phase from 15 to 100A Panel

branch circuits switchgear, MDPs, RPPs, floor

48V and 380V DC monitoring Integrated power

56 Product line Smart power cables S models: 1-phase circuits from 10 to 32 R models: 1-phase > 32A, 3-phase from 15 to 100A Panel monitoring panel infeed circuits or selective branch circuits switchgear, MDPs, RPPs, floor PDUs Current-only monitoring at tap off box 48V and 380V DC monitoring Integrated power strips, busways and whips Packet Power 2015 Packet Power

money Uniform metering solution across different

57 Retrofit: educate a power strip No better way to make a basic PDU into a smart PDU Saves time and money Uniform metering solution across different vendors Packet Power 2015 Packet Power

48V Direct Current Monitoring Wireless power monitors Integrated 35 and 65 amp CTs External 20 3000A solid- or splitcore CTs Small size 35 x 35 mm base DIN

58 48V Direct Current Monitoring Wireless power monitors Integrated 35 and 65 amp CTs External A solid- or splitcore CTs Small size 35 x 35 mm base DIN rail or tabbed base for screw mounting also available Powered from 35 to 60V source ± 1% accuracy at % of range Packet Power 2015 Packet Power

Monitor input circuits at panels to track high-level usage Smart power

59 New build: minimize metering costs Lower costs by using Packet Power monitors built into Overhead busways Rack power strips Underfloor whips Monitor input circuits at panels to track high-level usage Smart power cables make it easy to add monitoring over time Packet Power 2015 Packet Power

Match environmental monitoring to needs Vary

temperature and pressure CRAC intake and output

60 Match environmental monitoring to needs Vary cabinet-level monitoring cool rack = one or 2 probes hot rack = 6 probes Easily track performance containment systems floor tile changes plenum temperature and pressure CRAC intake and output humidification Verify compliance with SLAs probe location Packet Power 2015 Packet Power

Flexible environmental monitoring E306-1 to 6

splitter E312-1 to 12 temperature points per

Temperature probe choices individual probes - 1

probes / cabinet Option for relative humidity

61 Flexible environmental monitoring E306-1 to 6 temperature points per unit AC power or PoE with splitter E312-1 to 12 temperature points per unit 2 x AA battery or optional AC power Temperature probe choices individual probes - 1 to 15 meters probe assemblies - 1, 2, 3, 4 or 6 probes / cabinet Option for relative humidity and differential pressure Packet Power 2015 Packet Power

Instant information from EMX Get immediate value

consultants needed customize when and as you see

service or local software Works with non-packet

62 Instant information from EMX Get immediate value data automatically flows on install no external consultants needed customize when and as you see fit Real-time alerts Flexible reporting Cloud service or local software Works with non-packet Power monitors Packet Power 2015 Packet Power

63 Sophisticated monitoring made easy Simple Easy to install Easy to get the data Easy to manage configures itself Robust adapts to changes grows easily optimizes performance Secure Designed for tough conditions Contends with a lot of metal and noise long wavelengths ~ 900 MHz multiple paths small transmissions dynamic routing Works for big and small Flexible installs Hardware low price per unit no need to run cables or remove existing devices use your existing software Software low total cost Instant access to information no need for expensive consultants works with existing monitoring units Shortest time to value Complete Cost-effective Separate from primary networks Limited, purpose-built protocol Wireless / wired separation Data is pulled on wired network Sub-divide wireless networks Encryption Monitor where you want servers, branch circuits, PDUs, panels, switchgear low, medium and high-density tracking Mix and match as you see fit Grow easily over time Fully open and vendor neutral works on any vendors hardware send data from our monitors to other software use data from other monitors in our software Power monitoring Environmental monitoring Software Packet Power 2015 Packet Power

64 Proven worldwide Packet Power 2015 Packet Power

65 Monitoring Made Easy Thank you APRIL 2015

66 DEMO Rubber Ducky

67 DEMO

68 DEMO

Monitoring Made Easy. October 2015 APRIL 2015

Monitoring Made Easy. October 2015 APRIL 2015 Monitoring Made Easy October 2015 APRIL 2015 About Packet Power Founded in 2008 Based in Minneapolis, MN Global partner network Customers on 6 continents Over 30,000 monitoring units deployed 2 Our goal