DEFENSE IN DEPTH IS A LIE NAVIGATING THE WORLD OF COMPUTER SECURITY Matt Weir
TALK OUTLINE Quick
Background Alternate Sources to Learn about Computer Security General Trends in Computer Security
We all have firewalls now Web-servers are almost impossible to fully harden Attacks are getting more automated How do we protect the user from themselves?
ABOUT ME Graduated
with a Masters in Information Security from FSU in 2004 Worked as a network security engineer from 2004-2007 Started as a pen-tester Moved on to network design Ended up working on Computer Forensics, (Honeypots) Decided to come back to FSU in 2007 to pursue my Ph.D.
E-CRIME INVESTIGATIVE TECHNOLOGIES LAB Password Cracking Mobile Phone Security E-mail Forensics & Accountability Using Virtualization to Detect Malware
THE CHANGING PACE OF COMPUTER SECURITY Don’t
take me wrong. What I’ve learned in the academic setting has proven invaluable to me What makes Computer Security so fun though is you are dealing with a human opponent
They will adapt to your tactics They will punish you for any assumptions you make The gap between theory and reality becomes quickly apparent
SOURCE #1 BLOGS
SOURCE #1 BLOGS
GOOD PLACES TO START Security
Blogger’s Network http://www.schneier.com/ http://securosis.com/blog/ http://www.rationalsurvivability.com/blog http://lukenotricks.blogspot.com/ http://garwarner.blogspot.com/ http://reusablesec.blogspot.com
Shameless self promotion
IT’S NOT ONLY THE GOOD GUYS
BLACKHAT WEBSITES Yup… Google
translate is getting much better
ANOTHER BLACKHAT SITE
ONLINE PASSWORD CRACKERS
COMPUTER SECURITY FORUMS
MAILING LISTS Check
out insecure.org for a bunch of them Other notable lists:
OWASP Project HoneyPot Security Metrics
APPLIED SECURITY CONFERENCES Defcon Shmoocon CanSecWest Hope BlackHat
THE TWITTER Join
@SecTweets @Infosecevents is also good
SETTING UP YOUR OWN LAB
FREE RESOURCES BackTrack
Live Boot CD
MORE FREE RESOURCES Microsoft
Academic Alliance
TUTORIALS -TUTS Lena151
WEBGOAT
HACKING COMPETITIONS Defcon
CTF Pre-qauls DoD Cybercrime Conference Forensics Challenge
TRENDS IN COMPUTER SECURITY
THE BIGGEST ADVANCE IN COMPUTER SECURITY IN THE LAST 10 YEARS
THE GOOGLE ATTACK
Remote User / Google Employee Running IE v6, Almost certainly on a WinXP box
THE GOOGLE ATTACK
Attacker sends a targeted e-mail
THE GOOGLE ATTACK
Defender opens the E-mail and clicks on the link
THE GOOGLE ATTACK
Running IE 6 on WinXP? Yup, you’re 0wned…
THE GOOGLE ATTACK
But Wait! This remote worker has a VPN with split tunneling enabled‌.
THE GOOGLE ATTACK
And Google doesn’t see any attacks since the VPN terminates in their internal network
THIS ISN’T UNIQUE Attackers If
target the webservers first
They are great since large downloads from them don’t set off any alarms
that doesn’t work, they go after the users Spearphishing Malicious Webpages Trojan Attachments
Then
you see more traditional attack types once they get in to the network
MALWARE IS GETTING MORE ADVANCED The
Conficker worm is a preview of what’s to come
Multiple attack types Resilient command and control
Have
you checked out the autopown option in MetaSploit?
IT’S NOT COOL BUT… Patch
management still is the biggest problem
PROBABLY OUT OF TIME – THANKS FOR HAVING ME
Blog – http://reusablesec.blogspot.com E-mail – weir@cs.fsu.edu
Last Tip – Stay Away From Any Job in Certification & Accreditation, or as an IDS WatchStander.