The Dumbest Ideas In Computer Security. Marcus J. Ranum
|
|
- Elizabeth Evans
- 6 years ago
- Views:
Transcription
1 The Dumbest Ideas In Computer Security Marcus J. Ranum CSO, Tenable Network Security, Inc.
2 Who am I CSO of Tenable Network Security Makes innovative vulnerability detection and security event management tools Develops and supports the Nessus vulnerability scanner project Works with lots of MSPs and customers CyberTrust V-1 SmartWall Network Flight Recorder Trusted Information Systems
3 Intro Who is Tenable? We run the Nessus project More than 85,000 organizations world-wide We develop 99.9% of the plugins Develop and test all of Nessus 3 Still do a lot of work on and for Nessus 2 Enterprise Security Vendor Single vendor to offer enterprise security management solutions for: Vulnerability Management Compliance Monitoring & Reporting Security Event Management Network Behavioral Anomaly Detection Passive and Active Asset discovery More than 500 enterprise customers
4 What is Dumb?? Depending on which analysts you believe* the computer security market is billions of dollars, annually $6 b $200m * never a good idea
5 Dumb is Wasting Money ridiculously too many The number of systems penetrated continues to increase to the point where nobody even counts, anymore too many lots CERT throws in the towel and stops tracking machines compromised some Source: dept of made-up statistics
6 Chartology Red = bad thing Green = effort/expense A chart like this represents a hard-fought but ultimately effective effort
7 Chartology Red = bad thing Green = effort/expense A chart like this represents a rear-guard action
8 Chartology Red = bad thing Green = effort/expense A chart like this represents a sucking chest-wound
9 OK, so what s wrong? Computer security is off-course and has been for a long time Since the discovery of security as a market it s a big-money business Solutions (I.e.: expen$ive product$) rule over common sense Well marketed-to customers continually lurch from one complete solution that doesn t work to the next
10 What are the properties of secure systems??
11 Fundamental Security Problems Trusted Systems Design Assurance Code Quality Transitive Trust Authorization v. Authentication
12 Trusted System Design Understand the components of the system that must be trusted Compartmentized design Understand trusted paths in inputs and code Top-to-bottom approach Can t secure the network and not the host Can t secure the host and not the network Can t secure the data and not the O/S
13 Assurance Assurance is the degree of confidence you have that the system functions as it is designed to (Read Feynman on Challenger disaster) Assurance is a property of a system design It is not an add-on feature to be built in later (Sorry, Microsoft)
14 Code Quality Code quality is necessary to be assured that a system functions as designed Software as an engineering discipline Security and reliability needs to be: Factored into design Considered in code lay-out Checked in code review Test in QA Considered in maintenance
15 Transitive Trust If A trusts B and B trusts C - A trusts C and doesn t know it indeed A trusts everyone C trusts Dealing with transitive trust is a hard problem and may not be tractable Hackers basically ignore transitive trust also because most systems are so weak transitive trust attacks are unnecessary! Smart pen testers use transitive trust
16 Authorization V. Authentication Authentication: knowing who you are dealing with Authorization: knowing what a user is allowed to do Many fancy authentication systems (public key, etc) but authorization is a hard problem What do you do when an authorized user does an inappropriate thing?
17 OK, So Life Sucks! These are extremely hard (and therefore $$$$) problems to deal with What s the industry s answer? Attractive-sounding manure
18 A-SB: Antivirus Exhaustively list all the viruses on earth stop them when they get onto your computer or try to execute 175,000 different viruses and spyware* Fewer than 7,000 commonly-used business apps* Why list the bad stuff? List the good stuff! (trust-no-exe, program execution control, etc) * approximately
19 A-SB: Intrusion Prevention Make a dictionary of signatures that match various network-based hacks as they traverse your network Have a boundary device attempt to detect them fast enough to block them (put it in-line so it s a nice single point of failure!) This is very similar to antivirus, including how stupid an idea it is
20 A-SB: Intrusion Prevention(cont) A new trend some talk about is network compartmentalization * Identify segments of the network and enforce separation between them except fro necessary services I.e.: database network only traffic allowed in/out is oracle to server; backup servers and utility systems are screened I.e.: mail hub - only sent/delivered to/from a central port 25/IMAP-SSL server * New? I have PowerPoint slides from 1989 that teach how to do it...
21 A-SB: Outsourcing Security Premise: anything that is not a core competency should be done by someone else, who can do it cheaper Problem: If you never develop any knowledge of the problem how do you know if they are doing a good job? You know this: if your business thinks IT is not part of its core business, you ll be clobbered by an competitor in 10 years* *exception: gravel pits
22 A-SB: Rent-a-hacker pen-testing is the exact opposite of assurance by design tells you one of two things: You re screwed We don t know if you re screwed Trying to prove a system can t be hacked by trying to hack it is attempting to prove a negative More effective: external design review early and implementation validation
23 The 90 s Netscape IPO: the greatest disaster is software history Demonstrated incontrovertibly that the path to fortune in silicon valley is to throw shovelware over the fence Triggered the 10 year beta-test Dogmatized as extreme programming (I.e.: write code now and figure out what you were trying to accomplish later )
24 The 90 s (cont) What will it take to turn software development into an engineering discipline? (people who call the nonsense we do today software engineering need to be beaten) Network engineering and management are the next pain points
25 The 2010 s The next big frontier is going to be system administration The death of general-purpose computing PDAs become more powerful embedded appliances? Disposable computing? Ubiquitous computing? Operating systems that don t suck?
26 Windows Sys Administration 2020AD: The Infocalypse Earth Population Every man, woman, and child on earth (over the age of 6) will be a Windows system administrator 2020AD Systems under admin. Time
27 Summary: Danger signs: If you are - Listing lots of cases of bad stuff Constantly patching your code Running networks with open topologies Running networks with no idea what traffic crosses them Ignoring security in design process You may be in security hell
28 Summary 2: Remember, it s always much easier to not do something dumb than it is to do something smart
29 QUESTIONS?? blog.tenablesecurity.com
Some Possible Futures of Computing. Marcus J. Ranum
Some Possible Futures of Computing Marcus J. Ranum Who Am I? Early innovator in firewall market Early innovator in VPN market Early innovator in IDS market Currently researching system
More informationHow to Really Secure the Internet
How to Really Secure the Internet 1 Disclaimer None of this will actually happen...but it s an amusing thought 2 Copyright(C) 1999, Marcus J. Ranum - all rights reserved 1 What Happened? Network hardware
More informationState of the. Union. (or: How not to use Krebs as an IDS ) (Information Security) Jeff McJunkin Senior Technical Analyst Counter Hack Challenges
State of the (Information Security) Union (or: How not to use Krebs as an IDS ) Jeff McJunkin Senior Technical Analyst Counter Hack Challenges My background IT Systems / Network Administrator for City
More informationCopyright ECSC Group plc 2017 ECSC - UNRESTRICTED
Copyright ECSC Group plc 2017 ECSC - UNRESTRICTED ECSC - UNRESTRICTED Introduction A Web Application Firewall (WAF) is, in our experience, the most important layer of defence against a wide range of attacks
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationHow to Build a Culture of Security
How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your
More informationAssessment. automation: Deux ex Machina. Rube Goldberg Machine? 2005 LAS VEGAS
Assessment automation: Deux ex Machina Rube Goldberg Machine? 2005 LAS VEGAS Before we begin.you can find all of this at: http://www.sensepost.com/research/bidiblah As promised at Amsterdam E-Or release!
More informationWHAT IS AN INTERNET BACKBONE? And what makes a good one?
WHAT IS AN INTERNET BACKBONE? And what makes a good one? WHAT IS AN INTERNET BACKBONE? In plain English If you already know, skip to... WHAT MAKES A GOOD ONE? The Internet used to be novelty now it s necessity.
More information6 counterintuitive strategies to put your list building efforts into overdrive
6 counterintuitive strategies to put your list building efforts into overdrive Ant Carter is an online marketer, blogger and educator. Find out more about me, and the mission I have to free 1,000 people
More informationImproving Your Network Defense. Joel M Snyder Senior Partner Opus One
Improving Your Network Defense Joel M Snyder Senior Partner Opus One jms@opus1.com Agenda: Improving Your Network Defense What s the Thesis? Intrusion Detection Collecting Information Enabling Features
More informationChoosing the Right Security Assessment
A Red Team Whitepaper Choosing the Right Security Navigating the various types of Security s and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding
More informationAn ICS Whitepaper Choosing the Right Security Assessment
Security Assessment Navigating the various types of Security Assessments and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding the available
More informationAND WHAT MAKES A GOOD ONE?
AND WHAT MAKES A GOOD ONE? In plain English If you already know, skip to... The Internet used to be novelty now it s necessity. But what keeps the world connected? IT ALL STARTS WITH YOU. You want it all.
More information6 Tips to Help You Improve Configuration Management. by Stuart Rance
6 Tips to Help You Improve Configuration Management by Stuart Rance Introduction Configuration management provides information about what assets you own, how they are configured, and how they are connected
More informationALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation
ALTITUDE DOESN T MAKE YOU SAFE Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation CYBER SECURITY IS THE GREATEST THREAT TO EVERY COMPANY IN THE WORLD. IBM CEO GINNI ROMETTY SD
More informationDevice Discovery for Vulnerability Assessment: Automating the Handoff
Device Discovery for Vulnerability Assessment: Automating the Handoff O V E R V I E W While vulnerability assessment tools are widely believed to be very mature and approaching commodity status, they are
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationAnalyzing Systems. Steven M. Bellovin November 26,
Analyzing Systems When presented with a system, how do you know it s secure? Often, you re called upon to analyze a system you didn t design application architects and programmers build it; security people
More informationhidden vulnerabilities
hidden vulnerabilities industrial networks in 30 minutes Cyber Security introduction Frank Kemeling Certified Ethical Hacker [CEH] EC-Council Certified Security Analyst [ESCA] Licensed Penetration Tester
More informationMQ Jumping... Or, move to the front of the queue, pass go and collect 200
MQ Jumping.... Or, move to the front of the queue, pass go and collect 200 Martyn Ruks DEFCON 15 2007-08-03 One Year Ago Last year I talked about IBM Networking attacks and said I was going to continue
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationData Retrieval Firm Boosts Productivity while Protecting Customer Data
Data Retrieval Firm Boosts Productivity while Protecting Customer Data With HEIT Consulting, DriveSavers deployed a Cisco Self-Defending Network to better protect network assets, employee endpoints, and
More informationIncident Response Tools
Incident Response Tools James Madison University Dept. of Computer Science June 13, 2013 1 Introduction Being successfully attacked is inevitable. A determined hacker WILL be able to penetrate your network.
More informationThe name of our class will be Yo. Type that in where it says Class Name. Don t hit the OK button yet.
Mr G s Java Jive #2: Yo! Our First Program With this handout you ll write your first program, which we ll call Yo. Programs, Classes, and Objects, Oh My! People regularly refer to Java as a language that
More informationFriday, 1/17/14 10:30 a.m. 11:45 a.m. PRESENTED BY: William Figures David Ross Charlie LeBlanc
Data Security in the Information Age Friday, 1/17/14 10:30 a.m. 11:45 a.m. PRESENTED BY: William Figures David Ross Charlie LeBlanc Schedulers & Dispatchers Conference New Orleans, LA January 14-17, 2014
More informationMANAGING ENDPOINTS WITH DEFENSE- IN-DEPTH
E-Guide MANAGING ENDPOINTS WITH DEFENSE- IN-DEPTH SearchSecurity L earn how to implement appropriate security controls for endpoint management. PAGE 2 OF 7 MANAGING ENDPOINTS WITH DEFENSE-IN-DEPTH Mike
More informationVictorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win. Sun Tzu, The Art of War
Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win Sun Tzu, The Art of War Introduction About me: James Houston II I am the Managing Director
More informationVulnerability Management. If you only budget for one project this year...
Vulnerability Management If you only budget for one project this year... William Kyrouz Senior Manager, Information Security & Governance, Bingham McCutchen Nathaniel McInnis Information Security Lead,
More informationRoadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise
Roadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise Roadmap for the Modern Enterprise As your AWS environment grows, the importance of instilling governance and following best practice
More informationLow level security. Andrew Ruef
Low level security Andrew Ruef What s going on Stuff is getting hacked all the time We re writing tons of software Often with little regard to reliability let alone security The regulatory environment
More informationshortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge
shortcut Your Short Cut to Knowledge The following is an excerpt from a Short Cut published by one of the Pearson Education imprints. Short Cuts are short, concise, PDF documents designed specifically
More informationPrinciples of ICT Systems and Data Security
Principles of ICT Systems and Data Security Ethical Hacking Ethical Hacking What is ethical hacking? Ethical Hacking It is a process where a computer security expert, who specialises in penetration testing
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationDNSSEC. CS 161: Computer Security Prof. David Wagner. April 11, 2016
DNSSEC CS 161: Computer Security Prof. David Wagner April 11, 2016 DNSSEC Last lecture, you invented DNSSEC. Well, the basic ideas, anyway: Sign all DNS records. Signatures let you verify answer to DNS
More informationIs Your Web Application Really Secure? Ken Graf, Watchfire
Is Your Web Application Really Secure? Ken Graf, Watchfire What we will discuss today Pressures on the application lifecycle Why application security defects matter How to create hacker resistant business
More informationIT SECURITY FOR NONPROFITS
IT SECURITY FOR NONPROFITS COMMUNITY IT INNOVATORS PLAYBOOK April 2016 Community IT Innovators 1101 14th Street NW, Suite 830 Washington, DC 20005 The challenge for a nonprofit organization is to develop
More informationExecutive Summery. Siddharta Saha. Downloaded from
1 Executive Summery In the last quarter of century the world has seen a tremendous growth in IT and IT enabled services. IT infrastructure of any organization is the most precious since business process
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationCyber Security in the time of Austerity. Shannon Simpson, CCO CNS Group
Cyber Security in the time of Austerity Shannon Simpson, CCO CNS Group The Austerity Agenda 1. Budgets are being cut. 2. Budgets are harder to compete for. 3. Cyber Security ROI is often hard to demonstrate
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationAttackers Process. Compromise the Root of the Domain Network: Active Directory
Attackers Process Compromise the Root of the Domain Network: Active Directory BACKDOORS STEAL CREDENTIALS MOVE LATERALLY MAINTAIN PRESENCE PREVENTION SOLUTIONS INITIAL RECON INITIAL COMPROMISE ESTABLISH
More informationSIGS AFTERWORK EVENT. Security: which operational model for which scenario. Hotel Warwick - Geneva
SIGS AFTERWORK EVENT Security: which operational model for which scenario Hotel Warwick - Geneva Johny Gasser Information Security & Compliance Officer (for a global customer) Orange Business Services
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationIPv6 Neighbor Discovery (ND) Problems with Layer-2 Multicast State
DRAFT IPv6 Neighbor Discovery (ND) Problems with Layer-2 Multicast State Jeff Wheeler jsw@inconcepts.biz The Problem MLD-snooping is much like IGMP-snooping but for IPv6 It keeps unnecessary multicast
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1
SECURITY AUTOMATION BEST PRACTICES A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1 Introduction The best security postures are those that are built
More informationTop 10 Considerations for Securing Private Clouds
Top 10 Considerations for Securing Private Clouds 1 Who s that knocking at my door? If you know who s accessing your cloud, you can head off many problems before they turn into disasters. You should ensure
More informationBitcoin, Security for Cloud & Big Data
Bitcoin, Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 18, 2013 Bitcoin Public, distributed, peer-to-peer, hash-chained audit log of all transactions ( block chain ).
More informationManagement Information Systems. B15. Managing Information Resources and IT Security
Management Information Systems Management Information Systems B15. Managing Information Resources and IT Security Code: 166137-01+02 Course: Management Information Systems Period: Spring 2013 Professor:
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationModule 10A Lecture - 20 What is a function? Why use functions Example: power (base, n)
Programming, Data Structures and Algorithms Prof. Shankar Balachandran Department of Computer Science and Engineering Indian Institute of Technology, Madras Module 10A Lecture - 20 What is a function?
More informationOPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications
OPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications By Mike Pittenger, Vice President, Security Strategy Black Duck s On-Demand business conducts audits of customers
More informationThe Business Case for Network Segmentation
Modern network segmentation to reduce risk and cost Abstract Modern network segmentation, also known as microsegmentation, offers a new way of managing and securing your network, offering tremendous benefits
More informationIntroduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras
Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 09 Now, we discuss about the insecurity of passwords.
More informationYour . A setup guide. Last updated March 7, Kingsford Avenue, Glasgow G44 3EU
fuzzylime WE KNOW DESIGN WEB DESIGN AND CONTENT MANAGEMENT 19 Kingsford Avenue, Glasgow G44 3EU 0141 416 1040 hello@fuzzylime.co.uk www.fuzzylime.co.uk Your email A setup guide Last updated March 7, 2017
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More informationQ&A TAKING ENTERPRISE SECURITY TO THE NEXT LEVEL. An interview with John Summers, Enterprise VP and GM, Akamai
TAKING ENTERPRISE SECURITY TO THE NEXT LEVEL An interview with John Summers, Enterprise VP and GM, Akamai Q&A What are the top things that business leaders need to understand about today s cybersecurity
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More informationA Passage to Penetration Testing!
A Passage to Penetration Testing! EC-Council Cyber Research This paper is from EC-Council s site. Reposting is not permitted without express written permission. What Is Penetration Testing? A penetration
More informationHome/Network Computing
Home/Network Computing How to avoid becoming road kill on the Internet (Information Superhighway) Home Computing not as simple as it used to be almost all computers need to have sys-admin disk drives will
More informationDesign your network to aid forensics investigation
18th Annual FIRST Conference Design your network to aid forensics investigation Robert B. Sisk, PhD, CISSP Senior Technical Staff Member IBM Baltimore, Maryland USA Master Outline Introduction Incident
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation
SECURITY AUTOMATION BEST PRACTICES A Guide to Making Your Security Team Successful with Automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough Nut to Crack
More informationProtect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013
Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationIT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT
IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT AGENDA A high level overview of what to implement in your library to make it secure. With the rise of data breaches,
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More information5 REASONS YOUR BUSINESS NEEDS NETWORK MONITORING
5 REASONS YOUR BUSINESS NEEDS NETWORK MONITORING www.intivix.com (415) 543 1033 NETWORK MONITORING WILL ENSURE YOUR NETWORK IS OPERATING AT FULL CAPACITY 5 Reasons Your Business Needs Network Monitoring
More informationHey there, I m (name) and today I m gonna talk to you about rate of change and slope.
Rate and Change of Slope A1711 Activity Introduction Hey there, I m (name) and today I m gonna talk to you about rate of change and slope. Slope is the steepness of a line and is represented by the letter
More informationOPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection
SECURITY OPERATIONS CENTER Keep your client s data safe and business going & growing with SOC continuous protection Business Need of Security Operations Center SOC Benefits NOC vs SOC UnderDefense Incident
More informationRisky Business. How Secure is Your Dealership s Information? By Robert Gibbs
I S S U E P A P E Risky Business By Robert Gibbs R 2 0 0 8 Risky Business Remember when information security meant locking your file cabinets at night? Unfortunately, those days are long gone. With the
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationPRACTICAL NETWORK DEFENSE VERSION 1
PRACTICAL NETWORK DEFENSE VERSION 1 The world s premiere online practical network defense course elearnsecurity has been chosen by students in over 140 countries in the world and by leading organizations
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More informationThe Data Protection Rule and Hybrid Cloud Backup
The 3-2-1 Data Protection Rule and Hybrid Cloud Backup IT teams are under extreme pressure to improve backup, disaster recovery and data protection to eliminate downtime and facilitate digital transformation.
More informationbreathehr security, reliability and GDPR
breathehr security, reliability and GDPR Contact us: Tel 01403 288700 breathehr.com @breathehr General Data Protection Regulations (September update) You may be aware that in May 2018 the new General Data
More informationPCI DSS v3. Justin
PCI DSS v3 Justin Leapline justin.leapline@giftcards.com @jmleapline My Experience With PCI Just to lay the groundwork Currently work at Largest ecommerce in Pittsburgh My experience includes: QSA Acquirer
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More informationAgenda. Today s IT Challenges. Symantec s Collaborative Architecture. Symantec TM Endpoint Management Suite. Connecting Symantec Technologies Today
Agenda 1 Today s IT Challenges 2 Symantec s Collaborative Architecture 3 Symantec TM Endpoint Management Suite 4 Connecting Symantec Technologies Today 5 Q & A 1 Traditional Protection isn t Good Enough
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationAn Introduction to Business Disaster Recovery
An Introduction to Business Disaster Recovery Martin Hynes - Commercial Director Sounds scary right? When the words disaster and recovery are mentioned our primal survival instincts kick in. Business Disaster
More informationEBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.
EBOOK Stopping Email Fraud How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats www.proofpoint.com EBOOK Stopping Email Fraud 2 Today s email attacks have
More informationSecurity Audit What Why
What A systematic, measurable technical assessment of how the organization's security policy is employed at a specific site Physical configuration, environment, software, information handling processes,
More informationDesigning a System. We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10,
Designing a System We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10, 2007 1 Some of Our Tools Encryption Authentication mechanisms Access
More informationPassword Managers: Devil s in the Details
Password Managers: Devil s in the Details How Can Giving all your Passwords to a Password Manager be Safe? AUGUST 2018 Passwords are dead; long live the password! Passwords are unequivocally the most used
More informationBeyond Testing: What Really Matters. Andreas Marx CEO, AV-TEST GmbH
Beyond Testing: What Really Matters Andreas Marx CEO, AV-TEST GmbH Microsoft Security Response Alliance Summit 2013 - July 10th, 2013 1 AGENDA About AV-TEST GmbH Innovations and Presentations The AV-TEST
More information15 Minute Traffic Formula. Contents HOW TO GET MORE TRAFFIC IN 15 MINUTES WITH SEO... 3
Contents HOW TO GET MORE TRAFFIC IN 15 MINUTES WITH SEO... 3 HOW TO TURN YOUR OLD, RUSTY BLOG POSTS INTO A PASSIVE TRAFFIC SYSTEM... 4 HOW I USED THE GOOGLE KEYWORD PLANNER TO GET 11,908 NEW READERS TO
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationModule 6. Campaign Layering
Module 6 Email Campaign Layering Slide 1 Hello everyone, it is Andy Mackow and in today s training, I am going to teach you a deeper level of writing your email campaign. I and I am calling this Email
More informationSecuring CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More informationChapter 4. Network Security. Part I
Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid
More informationIT infrastructure layers requiring Privileged Identity Management
White Paper IT infrastructure layers requiring Privileged Identity Management Abstract Much of today s IT infrastructure is structured as different layers of devices (virtual and physical) and applications.
More informationWhite Paper: Backup vs. Business Continuity. Backup vs. Business Continuity: Using RTO to Better Plan for Your Business
Backup vs. Business Continuity: Using RTO to Better Plan for Your Business Executive Summary SMBs in general don t have the same IT budgets and staffs as larger enterprises. Yet just like larger organizations
More informationTrain as you Fight: Are you ready for the Red Team?
Train as you Fight: Are you ready for the Red Team? An inside look at Red Teaming Yves Morvan Twitter: @morvan_yves Email: Yves@securenorth.ca Agenda Introduction What is Red Teaming? VA s vs. Penetration
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationIntroduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras
Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture - 17 Now, let us talk about the spheres of security
More informationWHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD
WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD Imagine that you re a CISO in charge of identity and access management for a major global technology and manufacturing company. You
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationUART Thou Mad? An Introduction to the UART Hardware Interface. Mickey Shkatov. Toby Kohlenberg
UART Thou Mad? An Introduction to the UART Hardware Interface Mickey Shkatov Toby Kohlenberg 1 Table of Contents Abstract... 2 Introduction to UART... 2 Essential Tools... 4 UART and Security... 5 Conclusion...
More informationData Structures and Algorithms Dr. Naveen Garg Department of Computer Science and Engineering Indian Institute of Technology, Delhi.
Data Structures and Algorithms Dr. Naveen Garg Department of Computer Science and Engineering Indian Institute of Technology, Delhi Lecture 18 Tries Today we are going to be talking about another data
More information