Hey You… Get off my Network…How to stay firm against security threats and plan ahead for security…

Esmaeil SarabadaniSystems and Security Consultant

• The History and Story of DATA …• Cloud Computing and its Possible Security Threats• Security in the Cloud from the Client’s Perspective• Social Engineering• Security Misconfiguration

• Microsoft Attack Surface Analyzer• Microsoft Baseline Security Analyzer

• Security Vulnerabilities• 0-Day Exploits and How to Stop Them...

• Enhanced Mitigation Experience Toolkit

• Endpoint Security

What will be covered …

The Changing World !!!

Living in a Connected World…

DATA

Data in the Past

• More Static

• Difficult to Move

• Higher Risk of Loss

• More Physical Security

• Less Storage Space

Now Data is in …

CLOUD

• Reduced Cost• Increased Storage• Highly Automated 

• Flexibility• More Mobility • More Power

What Type of Data is in the Cloud?

• Corporate Important Data• Users’ Personal Data• Credit Card Information • Government’s Confidential Information• People’s Personal Information like Phone Numbers, e-mail Addresses, User Accounts and Passwords and so more.• And so more…

How Secure

is the C

loud ?!!

Hacked !!!On April 19th 2011

• The network outage for one month.

• More than 100 million users’ credit card information was stolen.

• 3.18 Billion USD forecasted Sony loss.

• Losing so many of its users.

Let’s l

ook at it

in an

other way

…

the Social Networking websites

have Changed the way human being interacts…

600 million Users

200 million Users

100 million Users• Status Messages• Foursquare Check-ins • Phone Numbers• Photos and Videos

People are revealing so much information about themselves …

Result = Less Control - Less Privacy

Social Engineering an Old but Empowered Technique

• It is easier now with the growth in social network.

• Everything you do produces data

• Hackers use that data• Security focus is too much on

distant attacks• Nobody really knows what

needs to be secured

A Famous Hacker and Social Engineer

• Hacked into Pentagon, FBI, Novell, University of California, Motorola, Nokia, Sun Microsystems, Fujitsu Siemens

• 5 Years in Prison

• Computer Security Consultant Now

Step 1Reconnaissance

Step 2Initial intrusion

into the network

Step 3Establish a

backdoor into the network

Step 4Obtain user credentials

Step 5Install various

utilities

Step 6Privilege escalation /lateral movement /data exfiltration

Step 7Maintain

persistence

The Steps in Hacking

We can stop the hackers from the very beginning steps.

Security Management Threat and Vulnerability Management, Monitoring and Response

Edge Routers, Firewalls, Intrusion Detection, Vulnerability ScanningNetwork Perimeter

Dual-factor Authorization, Intrusion Detection, Vulnerability ScanningInternal Network

Access Control and Monitoring, Anti-Malware, Patch and Configuration ManagementHost

Secure Engineering (SDL), Access Control and Monitoring, Anti-MalwareApplication

Access Control and Monitoring, File/Data IntegrityData

User Account Management, Training and Awareness, Screening

Facility Physical Controls, Video Surveillance, Access Control

Adopting a Multi-Layered Defense Approach

Defense in Depth

Microsoft Attack Surface Analyzer

• Developed by the Security Engineering Group at Microsoft• Assesses the changes in Windows attack surface

Analysis Steps:

1. Perform a Baseline Scan on a healthy system.

2. Perform another Scan on the Under-Analysis System.

3. Compare the Results.4. Get the Report.

Microsoft Attack Surface AnalyzerDemo

Security Vulnerability Security Exploits

Penetration Testers

Software Security Engineers

• Discovering Vulnerabilities in Microsoft Products• Releasing Security Updates, Patches and Service Packs• Advanced Update Notifications• Microsoft Security Essentials• Malicious Software Removal Tool

What if Hackers are Faster ?!!

Security Vulnerability

Exploit

Security Patch

1 week

3 Days

Enhanced Mitigation Experience Toolkit(EMET v 2.1)

• Uses Security Mitigation Technologies

• Makes it Difficult to Exploit the 0-Day Bugs on Systems

• Can Cover Security Bugs on any Softwares on the System

Microsoft Advanced Updates Notificationhttp://technet.microsoft.com/en-us/security/default.aspx

Security Focushttp://www.securityfocus.com

Secuniahttp://www.secunia.com

Microsoft Baseline Security Analyzer(MBSA v2.2)

It checks clients and Servers for:

Microsoft Operating System and Products Security Vulnerabilities

Microsoft Baseline Security Analyzer 2.2Demo

General Rules of Security in the Network

• Least Privilege

• Reduce Risky Behavior

• Harden the Clients

More than 30 million Users

• Real-Time Protection• System Scanning and

Cleaning• Live System Behavior

Monitoring• Dynamic Signature

Service• Protection Against

False Positive• Network Inspection

System

It’s too late to stop the hackers when the hack is done.Blaster Worm

• August 2003• Infecting millions of

computers• Millions of Dollars

damages

Jeffrey Lee Parson

Sasser Worm• April 2004• Infecting millions of

computers• Blocking Delta Air Lines

Flights Satellite Communications

Sven Jaschan

int contact() {

}

e-mail Address: e.sarabadani@gmail.com

My Blog: http://esihere.wordpress.com/