A Random Walk through Cyber Security

Size: px

Start display at page:

Download "A Random Walk through Cyber Security"

Anne Hines
6 years ago
Views:

1 A Random Walk through Cyber Security Dr. Edward G. Amoroso Chief Executive Officer, TAG Cyber LLC Adjunct Professor, Stevens Institute and NYU Senior Advisor, APL/JHU; 2010 AT&T Labs Fellow

2 What if the Intelligence Community Hired Gartner?

3 ability to execute Advanced Persistent Threat (APT) Global Actors challengers leaders Romania Iran Ukraine N. Korea UK Russia USA China Israel 1. USA, Russia, China, Israel, and the UK have ~ 100% success rates on offensive APT cyber operations 2. North Korea derives ~100% of its APT cyber operations capability via training and support from China Brazil India France 3. Romania, Iran, and Ukraine have large populations of technically trained, under-employed youth niche players visionaries completeness of vision

4 Why Couldn t the Russians Find the Deleted Clinton s?

5 Warning: Global Perimeters are Not Secure Attack Surface Perimeter Enterprise LAN Enterprise LAN Attack Surface Attack Surface

6 Isolating a Server from a Perimeter Makes it More Secure Isolated Server Attack Surface Perimeter Enterprise LAN Enterprise LAN Attack Surface Attack Surface

7 Global Department of State Network

8 Global Department of State Perimeter is Not Secure

9 Global Department of State Perimeter is Not Secure Bureaucratic Clinton Server

10 Isolating the Clinton Server Made it More Secure Isolated Clinton Server

11 My First Hack at the Age of Ten

14 How Advanced is Machine Learning?

15 repeat set gust to 100 if wind < gust then open_umbrella if umbrella_breaks then set gust to wind fi fi forever

16 repeat set gust to 100 if wind < gust then open_umbrella if umbrella_breaks then set gust to wind fi fi forever

17 repeat set gust to 100 if wind < gust then open_umbrella if umbrella_breaks then set gust to wind fi fi forever

18 repeat set gust to 100 if wind < gust then open_umbrella if umbrella_breaks then set gust to wind fi fi forever

19 set gust to 100 repeat if wind < gust then open_umbrella if umbrella_breaks then set gust to wind fi fi forever

20 set gust to 100 repeat if wind < gust then open_umbrella if umbrella_breaks then set gust to wind fi fi forever

21 set gust to 100 repeat if wind < gust then open_umbrella if umbrella_breaks then set gust to wind fi fi forever This conditional learns the wind value that breaks the umbrella

22 Can Botnets Take Out the Internet?

23 Botnet Architecture Bots Bots Botnet Command and Control (C&C) Robust, Secure Communication with Multiple C&C Botnet Software Drop Locations

24 Typical Botnet Visualization

25 Botnet Arithmetic Number of Bots Outbound Capacity Size of Attack Network Size Kbps 1.5 Mbps T1 1, Mbps 1.2 Gbps OC-24 2, Mbps 2.4 Gbps OC-48 10, Mbps 10.0 Gbps OC , Mbps 40.0 Gbps OC , Mbps 80.0 Gbps 100, Mbps 100 Gbps 1,000, Mbps 1000 Gbps Starts to fill typical ISP backbone

27 Original Clinton Campaign Fears About Security

28 1996 Presidential Race

29 DNC Headquarters and Fairchild Building T1 Connection (1.544 Mbps)

30 Dirt Patch Over T1

31 Hacking a Router Step 1: Boot the router and interrupt Press Ctrl-B > Step 2: Change config reg to ignore NVRAM >o/r 0x2142 > Step 3: Jump to privileged mode Router>enable Router# Step 4: Copy startup config to run config...<output cut>... #

32 This Really Happened...

33 Telling the Truth to Auditors About Primary Controls

34 Primary Control You Show Your Auditor Today (Admit it) Enterprise Perimeter Theory

35 Disallow External Access

36 Internal Asset Internal Asset Allow Internal Access Disallow External Access

37 Trusted Internal Lateral Traversal IT Systems CFO Info/Data Marketing Product Sales HR Outsource Dev/Ops Corporate Trusted Internal Enterprise Access Records Disallow External Access

38 Gateway IT Systems Unknown Gateway CFO Outsource Access Gateway Info/Data Marketing Unknown Gateway Product HR Sales Outsource Dev/Ops Corporate Partner Access Gateway Web Gateway Records Remote Access Gateway Unknown Gateway

39 Advanced Persistent Threat (APT) Gateway Mistake 1: accepted from anyone with no regard for controls such as DMARC Mistake 2: Someone from Marketing clicks on a Phish Marketing Mistake 4: Web egress allowed to uncategorized Internet site Mistake 3: Easy lateral traversal across the enterprise LAN. Records Web Gateway

40 The More Honest View Enterprise Perimeter Actual

41 Should Private Citizens Advise Presidents?

D.J. Trump President of the United States White House Washington, DC Sir: 1. Direct that the NIST Framework shall be the only acceptable cyber security compliance standard in the United States. 2.

44 D.J. Trump President of the United States White House Washington, DC Sir: 1. Direct that the NIST Framework shall be the only acceptable cyber security compliance standard in the United States. 2. Direct that each government agency shall immediately implement a plan to reduce their dependence on an enterprise perimeter. 3. Direct that each government agency shall significantly expand their Cyber Corps Program for young people interested in a cyber security career. Yours very truly,

45 Contact and Follow: Dr. Edward G. Amoroso

Toward Distributed and Virtualized Enterprise Security

STR-T11 Toward Distributed and Virtualized Enterprise Security Dr. Edward G. Amoroso CEO TAG Cyber Stevens Institute of Technology, M&T Bank, Applied Physics Lab/JHU, New York University @hashtag_cyber