Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
“Victorious warriors win first and
then go to war, while defeated
warriors go to war first and then
seek to win”
― Sun Tzu, The Art of War
IntroductionAbout me: James Houston II
I am the Managing Director if the
Facilities and Building Management
Software Commission.
Education :
B.S Mechanical Systems Engineering
Minors:
Mathematics
Geographic Information Systems
Computer Science
Career BackgroundMaintenance man for a 140 room Best Western hotel before
becoming the Head of Maintenance and Engineering in the Little
Rock Region.
Stationary Engineering at the University of California San Francisco
Benioff Children's Hospital, a 1.5-billion-dollar facility.
Assistant Chief Engineer rotating around the Oakland CA
region
Engineer at University of Arkansas at Little Rock to oversee the multi-million-dollar
energy loop. Working with third party contractors as it pertains to the university’s energy system.
Software Developer and Cyber Security Analyst for Affirmative Risk management,
which was responsible for Lloyds of London 83 million dollar US assets.
IT Director for the University of Arkansas at Little Rock Business College
By The Numbers
Ransomware detections have been more dominant in countries with
higher numbers of internet-connected populations. The United States
ranks highest with 18.2%.
The app categories with most cybersecurity issues are lifestyle apps, which
account for 27% of malicious apps.
41% of companies have over 1,000 sensitive files including credit card
numbers and health records left unprotected.
Cybercrime damages will cost the world $6 trillion annually by
2021. -Steve Morgan, Editor-in-Chief , Cybersecurity Ventures
Understanding an Approach to War
All Warfare is Based On Deception
Many of the methods used by attackers are based on deception:
Stealth Discovery
Sub Domains
Phishing
Whaling
Spear Phishing
Social Engineering
The conditions of the enemy must be compared with our own.
In other words what are we attempting to protect and how?
What is my enemy trying to attack and how?
Lets start with a brief lesson in Network 101:
1. Need A Client Server (Dedicated computer that holds data to
distributed to other computers attached to it)
---------THE MOTHERSHIP
Compare and Contrast
2. Need to use Protocols, also known as Standards
They're consensus based documents that describe guidelines for
vendors, manufacturers, and other stakeholders in order to ensure
quality and interoperability.
Seems pretty simple 2 steps
1. Client Server -- to connect too
2. Protocols Standards – to communicate
No all we have to do is secure the client and the communication. So lets look at our
current methods.
• Multi-factor authentication
• Data Encryption
• Layered Firewalls
• Intrusion detection system
• Antivirus software
If your currently doing these things at your establishment then you can go.
That’s all you need
Thank YouAny Questions ?
“ Yeah do you know how far I drove
to hear you talk for 5 minutes? There
better be a hell of a lot more to it
then that! “
Of course there is… two parts are you serious. I am about to give
you some real nerd cred.
Please only use this
information at comic con
and or to put spouses and
small children to sleep.
So we have 49,152 Ports and Protocols to keep It exciting I am just
going to go through the first 445 I don’t want to bore you to
death.
Lets start with understanding port assignments . The Internet
Assigned Numbers Authority (IANA) is responsible for maintaining
the official assignments of port numbers for specific uses. Because
we are dealing with computers our numbers will start with 0.PORT TCP UDP IANA
Status
Description
0 Reserved Reserved Official
1 Yes Assigned Official TCP Port Service
Multiplexer
5 Assigned Assigned Official Remote Job entry
7 Yes Yes Official Echo Protocol
I can see I am loosing
some of you.
So lets makes this
easier
You have multiple computers and servers connected to each
other.
Every connection type has a port
connection and protocol.
Now all you have to do is
identify the OS, connection
protocol and security
feature associated with it.
In other words it gets
complicated pretty quick…
Open ports
ready to
exploit
Have no fear I have an example
so its not so abstract.
This is the inner workings of a server
Exploit Scan
Now if we go back to our handy
dandy chart we will see that we
have an open SSH on port 22 with
TCP protocol.
Now that we have seen what is
open on our network we need
to investigate its purpose and
decided what protections are
necessary.
1. What is it
communicating with
and are multiple layers
involved?
2. What do I need to do to
secure it?
Lets look at how we are to approach war
Victorious warriors WIN FIRST and then go to war, while defeated
warriors go to war first and then seek to win” -Sun Tzu
To win we need to understand not only our opponents arsenal and
strategy but the topography of the battlefield.
Opponents Arsenal and Strategy
1. Laying Plans --- Use of techniques like discovery to understand your company
2. Waging War --- Conducting Scanning to establish an attack vector
3. Attack by Stratagem --- Deciding the best weapon to use to launch an attack
4. Tactical Dispositions --- Establish a position or foothold in enemy territory
5. Use of Energy --- Utilizing the most efficient tack to avoid detection and wasted time
6. Weak Points and Strong --- Understanding organization structure in the physical and virtual
world
7. Maneuvering an Army --- Funneling an enemy to expose security features and tactics
to exploits
Opponents Arsenal and Strategy continued
8. Variation of Tactics --- Changing attack strategy based on situation
9. The Army on the March --- Conducting exploits after security breach
10. Classification of Terrain --- Local Servers, Network Services, Cloud Servers
11. Attack by Fire --- All out attack, attempting to crash systems with no regard for aftermath.
12. Use of Spies --- Using employees that are willing knowing or unaware that they are being used.
So now What?
It’s now safe to say we understand our opponents arsenal and strategy as
well as the landscape of the battlefield. So now we can prepare.
How?One front at a time with continuous test and adjustments. Hackers are doing
nothing more then exploiting communication methods.
Lets go way back to the year 1991 the baby monitor phenomenon. If
a baby monitor was on in the vicinity of a wireless phone you could pick up the baby monitor channel.
Did you hear
something?
Fast Forward now that intercept is intentional.
As you can see the concept is simple the methods are
very complicated and require more attention and
research. The methods we use to communicate are
rapidly accelerating faster then we care to learn. Until
1996 when yahoo mail was launched, I could call you, send a fax or a letter 3 methods of communication. Today however I can
Time for some role play
This will require volunteers
We will need a safe word
Just kidding
So now you have seen all the moving parts involved.
I have now christened you cybersecurity deputy officers
Thank you for allowing
me to speak with you.
Questions ?