Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win. Sun Tzu, The Art of War

Transcription

1

2 Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win Sun Tzu, The Art of War

3 Introduction About me: James Houston II I am the Managing Director if the Facilities and Building Management Software Commission. Education : B.S Mechanical Systems Engineering Minors: Mathematics Geographic Information Systems Computer Science

4 Career Background Maintenance man for a 140 room Best Western hotel before becoming the Head of Maintenance and Engineering in the Little Rock Region. Stationary Engineering at the University of California San Francisco Benioff Children's Hospital, a 1.5-billion-dollar facility. Assistant Chief Engineer rotating around the Oakland CA region Engineer at University of Arkansas at Little Rock to oversee the multi-million-dollar energy loop. Working with third party contractors as it pertains to the university s energy system. Software Developer and Cyber Security Analyst for Affirmative Risk management, which was responsible for Lloyds of London 83 million dollar US assets. IT Director for the University of Arkansas at Little Rock Business College

5 By The Numbers Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations. The United States ranks highest with 18.2%. The app categories with most cybersecurity issues are lifestyle apps, which account for 27% of malicious apps. 41% of companies have over 1,000 sensitive files including credit card numbers and health records left unprotected. Cybercrime damages will cost the world $6 trillion annually by Steve Morgan, Editor-in-Chief, Cybersecurity Ventures

6 Understanding an Approach to War All Warfare is Based On Deception Many of the methods used by attackers are based on deception: Phishing Stealth Discovery Spear Phishing Whaling Social Engineering Sub Domains

7 Compare and Contrast The conditions of the enemy must be compared with our own. In other words what are we attempting to protect and how? What is my enemy trying to attack and how? Lets start with a brief lesson in Network 101: 1. Need A Client Server (Dedicated computer that holds data to distributed to other computers attached to it) THE MOTHERSHIP

8 2. Need to use Protocols, also known as Standards They're consensus based documents that describe guidelines for vendors, manufacturers, and other stakeholders in order to ensure quality and interoperability. Seems pretty simple 2 steps 1. Client Server -- to connect too 2. Protocols Standards to communicate No all we have to do is secure the client and the communication. So lets look at our current methods. Multi-factor authentication Data Encryption Layered Firewalls Intrusion detection system Antivirus software If your currently doing these things at your establishment then you can go. That s all you need

9 Thank You Any Questions? Yeah do you know how far I drove to hear you talk for 5 minutes? There better be a hell of a lot more to it then that!

10 Of course there is two parts are you serious. I am about to give you some real nerd cred. Please only use this information at comic con and or to put spouses and small children to sleep. So we have 49,152 Ports and Protocols to keep It exciting I am just going to go through the first 445 I don t want to bore you to death.

11 Lets start with understanding port assignments. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses. Because we are dealing with computers our numbers will start with 0. PORT TCP UDP IANA Status 0 Reserved Reserved Official Description 1 Yes Assigned Official TCP Port Service Multiplexer 5 Assigned Assigned Official Remote Job entry 7 Yes Yes Official Echo Protocol I can see I am loosing some of you. So lets makes this easier

12 You have multiple computers and servers connected to each other. Every connection type has a port connection and protocol. Now all you have to do is identify the OS, connection protocol and security feature associated with it. In other words it gets complicated pretty quick

13 Have no fear I have an example so its not so abstract. This is the inner workings of a server Exploit Scan Now if we go back to our handy dandy chart we will see that we have an open SSH on port 22 with TCP protocol. Now that we have seen what is open on our network we need to investigate its purpose and decided what protections are necessary. Open ports ready to exploit 1. What is it communicating with and are multiple layers involved? 2. What do I need to do to secure it?

14 Lets look at how we are to approach war Victorious warriors WIN FIRST and then go to war, while defeated warriors go to war first and then seek to win -Sun Tzu To win we need to understand not only our opponents arsenal and strategy but the topography of the battlefield. Opponents Arsenal and Strategy 1. Laying Plans --- Use of techniques like discovery to understand your company 2. Waging War --- Conducting Scanning to establish an attack vector 3. Attack by Stratagem --- Deciding the best weapon to use to launch an attack 4. Tactical Dispositions --- Establish a position or foothold in enemy territory 5. Use of Energy --- Utilizing the most efficient tack to avoid detection and wasted time 6. Weak Points and Strong --- Understanding organization structure in the physical and virtual world 7. Maneuvering an Army --- Funneling an enemy to expose security features and tactics to exploits

15 Opponents Arsenal and Strategy continued 8. Variation of Tactics --- Changing attack strategy based on situation 9. The Army on the March --- Conducting exploits after security breach 10. Classification of Terrain --- Local Servers, Network Services, Cloud Servers 11. Attack by Fire --- All out attack, attempting to crash systems with no regard for aftermath. 12. Use of Spies --- Using employees that are willing knowing or unaware that they are being used.

16 So now What? It s now safe to say we understand our opponents arsenal and strategy as well as the landscape of the battlefield. So now we can prepare. How? One front at a time with continuous test and adjustments. Hackers are doing nothing more then exploiting communication methods. Lets go way back to the year 1991 the baby monitor phenomenon. If a baby monitor was on in the vicinity of a wireless phone you could pick up the baby monitor channel. Did you hear something?

17 Fast Forward now that intercept is intentional. As you can see the concept is simple the methods are very complicated and require more attention and research. The methods we use to communicate are rapidly accelerating faster then we care to learn. Until 1996 when yahoo mail was launched, I could call you, send a fax or a letter 3 methods of communication. Today however I can

18 Time for some role play This will require volunteers We will need a safe word Just kidding

19 So now you have seen all the moving parts involved. I have now christened you cybersecurity deputy officers

20 Thank you for allowing me to speak with you. Questions?