“Victorious warriors win first and

then go to war, while defeated

warriors go to war first and then

seek to win”

― Sun Tzu, The Art of War

IntroductionAbout me: James Houston II

I am the Managing Director if the

Facilities and Building Management

Software Commission.

Education :

B.S Mechanical Systems Engineering

Minors:

Mathematics

Geographic Information Systems

Computer Science

Career BackgroundMaintenance man for a 140 room Best Western hotel before

becoming the Head of Maintenance and Engineering in the Little

Rock Region.

Stationary Engineering at the University of California San Francisco

Benioff Children's Hospital, a 1.5-billion-dollar facility.

Assistant Chief Engineer rotating around the Oakland CA

region

Engineer at University of Arkansas at Little Rock to oversee the multi-million-dollar

energy loop. Working with third party contractors as it pertains to the university’s energy system.

Software Developer and Cyber Security Analyst for Affirmative Risk management,

which was responsible for Lloyds of London 83 million dollar US assets.

IT Director for the University of Arkansas at Little Rock Business College

By The Numbers

Ransomware detections have been more dominant in countries with

higher numbers of internet-connected populations. The United States

ranks highest with 18.2%.

The app categories with most cybersecurity issues are lifestyle apps, which

account for 27% of malicious apps.

41% of companies have over 1,000 sensitive files including credit card

numbers and health records left unprotected.

Cybercrime damages will cost the world $6 trillion annually by

2021. -Steve Morgan, Editor-in-Chief , Cybersecurity Ventures

Understanding an Approach to War

All Warfare is Based On Deception

Many of the methods used by attackers are based on deception:

Stealth Discovery

Sub Domains

Phishing

Whaling

Spear Phishing

Social Engineering

The conditions of the enemy must be compared with our own.

In other words what are we attempting to protect and how?

What is my enemy trying to attack and how?

Lets start with a brief lesson in Network 101:

1. Need A Client Server (Dedicated computer that holds data to

distributed to other computers attached to it)

---------THE MOTHERSHIP

Compare and Contrast

2. Need to use Protocols, also known as Standards

They're consensus based documents that describe guidelines for

vendors, manufacturers, and other stakeholders in order to ensure

quality and interoperability.

Seems pretty simple 2 steps

1. Client Server -- to connect too

2. Protocols Standards – to communicate

No all we have to do is secure the client and the communication. So lets look at our

current methods.

• Multi-factor authentication

• Data Encryption

• Layered Firewalls

• Intrusion detection system

• Antivirus software

If your currently doing these things at your establishment then you can go.

That’s all you need

Thank YouAny Questions ?

“ Yeah do you know how far I drove

to hear you talk for 5 minutes? There

better be a hell of a lot more to it

then that! “

Of course there is… two parts are you serious. I am about to give

you some real nerd cred.

Please only use this

information at comic con

and or to put spouses and

small children to sleep.

So we have 49,152 Ports and Protocols to keep It exciting I am just

going to go through the first 445 I don’t want to bore you to

death.

Lets start with understanding port assignments . The Internet

Assigned Numbers Authority (IANA) is responsible for maintaining

the official assignments of port numbers for specific uses. Because

we are dealing with computers our numbers will start with 0.PORT TCP UDP IANA

Status

Description

0 Reserved Reserved Official

1 Yes Assigned Official TCP Port Service

Multiplexer

5 Assigned Assigned Official Remote Job entry

7 Yes Yes Official Echo Protocol

I can see I am loosing

some of you.

So lets makes this

easier

You have multiple computers and servers connected to each

other.

Every connection type has a port

connection and protocol.

Now all you have to do is

identify the OS, connection

protocol and security

feature associated with it.

In other words it gets

complicated pretty quick…

Open ports

ready to

exploit

Have no fear I have an example

so its not so abstract.

This is the inner workings of a server

Exploit Scan

Now if we go back to our handy

dandy chart we will see that we

have an open SSH on port 22 with

TCP protocol.

Now that we have seen what is

open on our network we need

to investigate its purpose and

decided what protections are

necessary.

1. What is it

communicating with

and are multiple layers

involved?

2. What do I need to do to

secure it?

Lets look at how we are to approach war

Victorious warriors WIN FIRST and then go to war, while defeated

warriors go to war first and then seek to win” -Sun Tzu

To win we need to understand not only our opponents arsenal and

strategy but the topography of the battlefield.

Opponents Arsenal and Strategy

1. Laying Plans --- Use of techniques like discovery to understand your company

2. Waging War --- Conducting Scanning to establish an attack vector

3. Attack by Stratagem --- Deciding the best weapon to use to launch an attack

4. Tactical Dispositions --- Establish a position or foothold in enemy territory

5. Use of Energy --- Utilizing the most efficient tack to avoid detection and wasted time

6. Weak Points and Strong --- Understanding organization structure in the physical and virtual

world

7. Maneuvering an Army --- Funneling an enemy to expose security features and tactics

to exploits

Opponents Arsenal and Strategy continued

8. Variation of Tactics --- Changing attack strategy based on situation

9. The Army on the March --- Conducting exploits after security breach

10. Classification of Terrain --- Local Servers, Network Services, Cloud Servers

11. Attack by Fire --- All out attack, attempting to crash systems with no regard for aftermath.

12. Use of Spies --- Using employees that are willing knowing or unaware that they are being used.

So now What?

It’s now safe to say we understand our opponents arsenal and strategy as

well as the landscape of the battlefield. So now we can prepare.

How?One front at a time with continuous test and adjustments. Hackers are doing

nothing more then exploiting communication methods.

Lets go way back to the year 1991 the baby monitor phenomenon. If

a baby monitor was on in the vicinity of a wireless phone you could pick up the baby monitor channel.

Did you hear

something?

Fast Forward now that intercept is intentional.

As you can see the concept is simple the methods are

very complicated and require more attention and

research. The methods we use to communicate are

rapidly accelerating faster then we care to learn. Until

1996 when yahoo mail was launched, I could call you, send a fax or a letter 3 methods of communication. Today however I can

Time for some role play

This will require volunteers

We will need a safe word

Just kidding

So now you have seen all the moving parts involved.

I have now christened you cybersecurity deputy officers

Thank you for allowing

me to speak with you.

Questions ?