SlideShare une entreprise Scribd logo

Technical Cyber Defense Strategies Explained!

Télécharger en tant que PPTX, PDF
Microsoft TechNet - Belgium and Luxembourg
Microsoft TechNet - Belgium and Luxembourg

More info on http://techdays.be.

1  sur  28
Technical Cyber Defense Strategies Explained Marcus Murray & Hasain Alshakarti Truesec Security Team, MVP-Enterprise Security x2
Marcus Murray Hasain Alshakarti
WARNING! Session format = DISCUSSION!
Soo.. What does it take to be hack-proof?
Let´s start with the big picture!
We all know what a network looks like.. Web Srv Mail Srv DC File Srv Mail Srv Client Client
Internet Strategy Client Front-end Web Srv Mail Srv Back-end DC SqlSrv FileSrv Client Client Admin User
Traditional internal Strategy Client Admin Front-end Web Srv Mail Srv Back-end DC SqlSrv FileSrv Client Client Admin User
Demo – Hacking SQL.. SqlSrv
Traditional Internet strategy World access Trusted access Admin access Client network Client (Internet) World Cloud Front-end Internet Front-end Accessible Client Client network Client Cloud back-end Internet back-end (Managed) Client Client Internal back-end Internal Front-end FileSrv
Apply Internet strategy internally World access Trusted access Admin access Client network Client network Client (Internet) (Managed) World Cloud Front-end Internet Front-end Secure Access Layer Accessible Client Cloud back-end Internet back-end Internal Front-end Internal back-end
Let´s add som future.. (today for some..) World access Trusted access Admin access Client network Client network Client (Internet) (Managed) World Cloud Front-end Internet Front-end Secure Access Layer Accessible Client Cloud back-end Internet back-end Internal Front-end Fabric controllers. Fabric controllers Internal back-end
Implementing Secure networking - DEMO • Ipsec domain isolation • Direct Access • Ipsec server isolation
Domain Isolation - Demo World access Trusted access Client Admin access Client network Client (Managed) File Srv Internal Sql Srv
Direct access - Demo World access Trusted access Client Admin access Client network (Managed) Client World Secure Access Layer DA Srv Accessible File Srv Internal Sql Srv
Server isolation - Demo World access Trusted access Client Admin access Client network (Managed) Client World Secure Access Layer DA Srv Accessible File Srv Internal Front-end Sql Srv Internal back-end
So, if the clients are on the ”internet” all the time.. • Physical access Client • Firewall User • Patching • Non-admin • Malware protection • Secure transport Web Srv
Physical access protection • Bitlocker • Protect from DMA access! – http://support.microsoft.com/k b/2516445
Local Firewall • Is there ANY reason why the Client client firewall must allow inbound traffic at any time? User Client User Web Srv
Patching, of course, but what about the 0-days? • Non-Admin Client • Early mitigations User • Patching strategy Client User Web Srv
Malware protection • Macro settings • Antivirus? Yes or No? • Remember applocker? Client User
Secure transports…. • Weak protocols… Client – Clear text – NTLM configurations User Client • Direct access! • IPSEC! User Web Srv
So, what about BYOD? World access Trusted access Admin access Client network Client network Client (Internet) (Managed) World Cloud Front-end Internet Front-end Secure Access Layer Accessible Client Cloud back-end Internet back-end Internal Front-end Internal back-end • Application classification • Data classification
..and… adminclients • Should an adminuser/computer be Client on the ”internet”? • Should an admin user read email? Admin • Safe admin access – Non compromized computer – Trusted communication channel – Robust exposure of admin interface • Robust services DC • Limited number of administrators – Authentication – Authorization
And let´s talk about server services. • Robust service Client – Authentication – Authorization User • Firewall • Patching • privs • depencencies • Admin exposure Web Srv
Web server attack Web Srv
Marcus Murray Hasain Alshakarti
Thank you for listening! 

Recommandé

Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure PlatformAsmTrash
 
Architecting a Private Cloud - Cloud Expo
Architecting a Private Cloud - Cloud ExpoArchitecting a Private Cloud - Cloud Expo
Architecting a Private Cloud - Cloud Exposmw355
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTCA API Management
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidOpen Data Center Alliance
 
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual routerTakeshi Nakajima
 
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayExtending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayAmazon Web Services
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 

Recommandé

Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure PlatformAsmTrash
 
Architecting a Private Cloud - Cloud Expo
Architecting a Private Cloud - Cloud ExpoArchitecting a Private Cloud - Cloud Expo
Architecting a Private Cloud - Cloud Exposmw355
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTCA API Management
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidOpen Data Center Alliance
 
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual routerTakeshi Nakajima
 
Extending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayExtending your Data Centre with AWS Sydney Customer Appreciation Day
Extending your Data Centre with AWS Sydney Customer Appreciation DayAmazon Web Services
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012Amazon Web Services
 
5 dani künzli citrix networking news 1
5 dani künzli citrix networking news 15 dani künzli citrix networking news 1
5 dani künzli citrix networking news 1Digicomp Academy AG
 
Secure Multi Tenancy In the Cloud
Secure Multi Tenancy In the CloudSecure Multi Tenancy In the Cloud
Secure Multi Tenancy In the CloudRoger Xia
 
BOI 2011 - Be what's next
BOI 2011 - Be what's nextBOI 2011 - Be what's next
BOI 2011 - Be what's nextTudor Damian
 
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvariaLuiz Gustavo Santos
 
Novell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell
 
Identity management
Identity managementIdentity management
Identity managementkamalikamj
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest AccessAltaware, Inc.
 
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...Novell
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bBruce O'Dell
 
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell
 
Nimbus ninjas final 2012 berkeley
Nimbus ninjas final 2012 berkeleyNimbus ninjas final 2012 berkeley
Nimbus ninjas final 2012 berkeleyStanford University
 
VMware PEX Boot Camp - Reaching the Clouds with NetApp Integrations with VMwa...
VMware PEX Boot Camp - Reaching the Clouds with NetApp Integrations with VMwa...VMware PEX Boot Camp - Reaching the Clouds with NetApp Integrations with VMwa...
VMware PEX Boot Camp - Reaching the Clouds with NetApp Integrations with VMwa...NetApp
 
Covmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's newCovmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's newesarakaitis
 
BranchOffice Szenarios
BranchOffice SzenariosBranchOffice Szenarios
BranchOffice SzenariosDigicomp Academy AG
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingCloudPassage
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuCisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuVirtSGR
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsBob Rhubart
 
Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden Hacker
Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden HackerTechniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden Hacker
Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden HackerMicrosoft TechNet - Belgium and Luxembourg
 
Cyber Criminals And Cyber Defense
Cyber Criminals And Cyber DefenseCyber Criminals And Cyber Defense
Cyber Criminals And Cyber DefenseKigose
 
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...Brent Guglielmino
 

Contenu connexe

Tendances

5 dani künzli citrix networking news 1
5 dani künzli citrix networking news 15 dani künzli citrix networking news 1
5 dani künzli citrix networking news 1Digicomp Academy AG
 
Secure Multi Tenancy In the Cloud
Secure Multi Tenancy In the CloudSecure Multi Tenancy In the Cloud
Secure Multi Tenancy In the CloudRoger Xia
 
BOI 2011 - Be what's next
BOI 2011 - Be what's nextBOI 2011 - Be what's next
BOI 2011 - Be what's nextTudor Damian
 
Novell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell
 
Identity management
Identity managementIdentity management
Identity managementkamalikamj
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest AccessAltaware, Inc.
 
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...Novell
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bBruce O'Dell
 
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell
 
Nimbus ninjas final 2012 berkeley
Nimbus ninjas final 2012 berkeleyNimbus ninjas final 2012 berkeley
Nimbus ninjas final 2012 berkeleyStanford University
 
VMware PEX Boot Camp - Reaching the Clouds with NetApp Integrations with VMwa...
VMware PEX Boot Camp - Reaching the Clouds with NetApp Integrations with VMwa...VMware PEX Boot Camp - Reaching the Clouds with NetApp Integrations with VMwa...
VMware PEX Boot Camp - Reaching the Clouds with NetApp Integrations with VMwa...NetApp
 
Covmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's newCovmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's newesarakaitis
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingCloudPassage
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemhtdvul
 
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuCisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuVirtSGR
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsBob Rhubart
 

Tendances (19)

5 dani künzli citrix networking news 1
5 dani künzli citrix networking news 15 dani künzli citrix networking news 1
5 dani künzli citrix networking news 1
 
Secure Multi Tenancy In the Cloud
Secure Multi Tenancy In the CloudSecure Multi Tenancy In the Cloud
Secure Multi Tenancy In the Cloud
 
BOI 2011 - Be what's next
BOI 2011 - Be what's nextBOI 2011 - Be what's next
BOI 2011 - Be what's next
 
17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria17h30 aws enterprise_app_jvaria
17h30 aws enterprise_app_jvaria
 
Novell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell ZENworks Overview and Futures
Novell ZENworks Overview and Futures
 
Identity management
Identity managementIdentity management
Identity management
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest Access
 
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
NSS File System Performance, Clustering and Auditing in Novell Open Enterpris...
 
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10bO Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
 
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
 
Nimbus ninjas final 2012 berkeley
Nimbus ninjas final 2012 berkeleyNimbus ninjas final 2012 berkeley
Nimbus ninjas final 2012 berkeley
 
VMware PEX Boot Camp - Reaching the Clouds with NetApp Integrations with VMwa...
VMware PEX Boot Camp - Reaching the Clouds with NetApp Integrations with VMwa...VMware PEX Boot Camp - Reaching the Clouds with NetApp Integrations with VMwa...
VMware PEX Boot Camp - Reaching the Clouds with NetApp Integrations with VMwa...
 
Covmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's newCovmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's new
 
BranchOffice Szenarios
BranchOffice SzenariosBranchOffice Szenarios
BranchOffice Szenarios
 
BayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes EverythingBayThreat Why The Cloud Changes Everything
BayThreat Why The Cloud Changes Everything
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
Oscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystemOscon anatomy of_os_cloud_ecosystem
Oscon anatomy of_os_cloud_ecosystem
 
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuCisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
 

En vedette

Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden Hacker
Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden HackerTechniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden Hacker
Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden HackerMicrosoft TechNet - Belgium and Luxembourg
 
Cyber Criminals And Cyber Defense
Cyber Criminals And Cyber DefenseCyber Criminals And Cyber Defense
Cyber Criminals And Cyber DefenseKigose
 
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...Brent Guglielmino
 
Cyber defense electronic warfare (ew)
Cyber defense electronic warfare (ew)Cyber defense electronic warfare (ew)
Cyber defense electronic warfare (ew)ntc thailand
 
Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Jamie Jackson
 
Dostosowanie wymagań edukacyjnych do potrzeb psychofizycznych i edukacyjnych...
Dostosowanie wymagań edukacyjnych do potrzeb psychofizycznych i edukacyjnych...Dostosowanie wymagań edukacyjnych do potrzeb psychofizycznych i edukacyjnych...
Dostosowanie wymagań edukacyjnych do potrzeb psychofizycznych i edukacyjnych...Aga Szajda
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber securityInderjeet Singh
 
Cyber security and attack analysis : how Cisco uses graph analytics
Cyber security and attack analysis : how Cisco uses graph analyticsCyber security and attack analysis : how Cisco uses graph analytics
Cyber security and attack analysis : how Cisco uses graph analyticsLinkurious
 
NISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeNISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeDavid Ochel
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapWAJAHAT IQBAL
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architectureVladimir Jirasek
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...West Monroe Partners
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017NRC
 
4. referencing not plagiarising presentation (1)
4. referencing not plagiarising presentation (1)4. referencing not plagiarising presentation (1)
4. referencing not plagiarising presentation (1)Khendle Christie
 
Federmanager Bologna: Presentazione sintetica dei servizi - 10 dicembre 2013
Federmanager Bologna: Presentazione sintetica dei servizi - 10 dicembre 2013Federmanager Bologna: Presentazione sintetica dei servizi - 10 dicembre 2013
Federmanager Bologna: Presentazione sintetica dei servizi - 10 dicembre 2013Marco Frullanti
 
Magazine advertisement research
Magazine advertisement researchMagazine advertisement research
Magazine advertisement researchloousmith
 
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...EMC
 

En vedette (20)

Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden Hacker
Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden HackerTechniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden Hacker
Techniques for Hiding and Detecting Traces aka. Crouching Admin, Hidden Hacker
 
Cyber Criminals And Cyber Defense
Cyber Criminals And Cyber DefenseCyber Criminals And Cyber Defense
Cyber Criminals And Cyber Defense
 
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
Better Cyber Security Through Effective Cyber Deterrence_The Role of Active C...
 
Cyber defense electronic warfare (ew)
Cyber defense electronic warfare (ew)Cyber defense electronic warfare (ew)
Cyber defense electronic warfare (ew)
 
Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]Blue team pp_(final_4-12-11)[1]
Blue team pp_(final_4-12-11)[1]
 
Dostosowanie wymagań edukacyjnych do potrzeb psychofizycznych i edukacyjnych...
Dostosowanie wymagań edukacyjnych do potrzeb psychofizycznych i edukacyjnych...Dostosowanie wymagań edukacyjnych do potrzeb psychofizycznych i edukacyjnych...
Dostosowanie wymagań edukacyjnych do potrzeb psychofizycznych i edukacyjnych...
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
Cyber security and attack analysis : how Cisco uses graph analytics
Cyber security and attack analysis : how Cisco uses graph analyticsCyber security and attack analysis : how Cisco uses graph analytics
Cyber security and attack analysis : how Cisco uses graph analytics
 
Smart grid security
Smart grid securitySmart grid security
Smart grid security
 
NISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeNISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best Practice
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
 
Security models for security architecture
Security models for security architectureSecurity models for security architecture
Security models for security architecture
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
 
Cyber security-report-2017
Cyber security-report-2017Cyber security-report-2017
Cyber security-report-2017
 
Editing photos
Editing photosEditing photos
Editing photos
 
4. referencing not plagiarising presentation (1)
4. referencing not plagiarising presentation (1)4. referencing not plagiarising presentation (1)
4. referencing not plagiarising presentation (1)
 
Federmanager Bologna: Presentazione sintetica dei servizi - 10 dicembre 2013
Federmanager Bologna: Presentazione sintetica dei servizi - 10 dicembre 2013Federmanager Bologna: Presentazione sintetica dei servizi - 10 dicembre 2013
Federmanager Bologna: Presentazione sintetica dei servizi - 10 dicembre 2013
 
Magazine advertisement research
Magazine advertisement researchMagazine advertisement research
Magazine advertisement research
 
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...
White Paper: Using VMware Storage APIs for Array Integration with EMC Symmetr...
 

Similaire à Technical Cyber Defense Strategies Explained!

Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 
Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Alert Logic
 
AWS Summit 2011: Overview of Security and Compliance in the cloud
AWS Summit 2011: Overview of Security and Compliance in the cloudAWS Summit 2011: Overview of Security and Compliance in the cloud
AWS Summit 2011: Overview of Security and Compliance in the cloudAmazon Web Services
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudScientia Groups
 
AWS - Security and Compliance Overview
AWS - Security and Compliance OverviewAWS - Security and Compliance Overview
AWS - Security and Compliance OverviewRightScale
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudTrend Micro (EMEA) Limited
 
20120620 moving to windows azure
20120620 moving to windows azure20120620 moving to windows azure
20120620 moving to windows azureLuis Martins
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012Symantec
 
ITCamp 2012 - Tudor Damian - Private Cloud with Hyper-V 3 and SCVMM 2012
ITCamp 2012 - Tudor Damian - Private Cloud with Hyper-V 3 and SCVMM 2012ITCamp 2012 - Tudor Damian - Private Cloud with Hyper-V 3 and SCVMM 2012
ITCamp 2012 - Tudor Damian - Private Cloud with Hyper-V 3 and SCVMM 2012ITCamp
 
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform StrategyChoosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategydrmarcustillett
 
Securing a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows AzureSecuring a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows Azurevivekbhat
 
Windows Azure Uzerinden Alinabilen Hizmetler
Windows Azure Uzerinden Alinabilen HizmetlerWindows Azure Uzerinden Alinabilen Hizmetler
Windows Azure Uzerinden Alinabilen HizmetlerMustafa
 
Windows Azure Üzerinden Alınabilecek Hizmetler
Windows Azure Üzerinden Alınabilecek HizmetlerWindows Azure Üzerinden Alınabilecek Hizmetler
Windows Azure Üzerinden Alınabilecek HizmetlerMSHOWTO Bilisim Toplulugu
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorCA API Management
 
Aws security overview q3 2010 v2
Aws security overview q3 2010 v2Aws security overview q3 2010 v2
Aws security overview q3 2010 v2ReadMaloney
 

Similaire à Technical Cyber Defense Strategies Explained! (20)

Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS Cloud
 
Into the Cloud
Into the CloudInto the Cloud
Into the Cloud
 
Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2Cloud Security Topics: Network Intrusion Detection for Amazon EC2
Cloud Security Topics: Network Intrusion Detection for Amazon EC2
 
AWS Summit 2011: Overview of Security and Compliance in the cloud
AWS Summit 2011: Overview of Security and Compliance in the cloudAWS Summit 2011: Overview of Security and Compliance in the cloud
AWS Summit 2011: Overview of Security and Compliance in the cloud
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the Cloud
 
AWS - Security and Compliance Overview
AWS - Security and Compliance OverviewAWS - Security and Compliance Overview
AWS - Security and Compliance Overview
 
PHP in the Cloud
PHP in the CloudPHP in the Cloud
PHP in the Cloud
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the Cloud
 
20120620 moving to windows azure
20120620 moving to windows azure20120620 moving to windows azure
20120620 moving to windows azure
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
 
ITCamp 2012 - Tudor Damian - Private Cloud with Hyper-V 3 and SCVMM 2012
ITCamp 2012 - Tudor Damian - Private Cloud with Hyper-V 3 and SCVMM 2012ITCamp 2012 - Tudor Damian - Private Cloud with Hyper-V 3 and SCVMM 2012
ITCamp 2012 - Tudor Damian - Private Cloud with Hyper-V 3 and SCVMM 2012
 
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform StrategyChoosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategy
 
Securing a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows AzureSecuring a public cloud infrastructure : Windows Azure
Securing a public cloud infrastructure : Windows Azure
 
Windows Azure Uzerinden Alinabilen Hizmetler
Windows Azure Uzerinden Alinabilen HizmetlerWindows Azure Uzerinden Alinabilen Hizmetler
Windows Azure Uzerinden Alinabilen Hizmetler
 
Windows Azure Üzerinden Alınabilecek Hizmetler
Windows Azure Üzerinden Alınabilecek HizmetlerWindows Azure Üzerinden Alınabilecek Hizmetler
Windows Azure Üzerinden Alınabilecek Hizmetler
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public Sector
 
Aws security overview q3 2010 v2
Aws security overview q3 2010 v2Aws security overview q3 2010 v2
Aws security overview q3 2010 v2
 
Aws Security Overview
Aws Security OverviewAws Security Overview
Aws Security Overview
 
S series presentation
S series presentationS series presentation
S series presentation
 

Plus de Microsoft TechNet - Belgium and Luxembourg

Plus de Microsoft TechNet - Belgium and Luxembourg (20)

Windows 10: all you need to know!
Windows 10: all you need to know!Windows 10: all you need to know!
Windows 10: all you need to know!
 
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de KeukelaereConfiguration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
Configuration Manager 2012 – Compliance Settings 101 - Tim de Keukelaere
 
Windows 8.1 a closer look
Windows 8.1 a closer lookWindows 8.1 a closer look
Windows 8.1 a closer look
 
So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.So you’ve successfully installed SCOM… Now what.
So you’ve successfully installed SCOM… Now what.
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
Deploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr ClientsDeploying and managing ConfigMgr Clients
Deploying and managing ConfigMgr Clients
 
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
Self Service BI anno 2013 – Where Do We Come From and Where Are We Going?
 
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware UpdatingHands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
Hands on with Hyper-V Clustering Maintenance Mode & Cluster Aware Updating
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
 
Jump start your application monitoring with APM
Jump start your application monitoring with APMJump start your application monitoring with APM
Jump start your application monitoring with APM
 
What’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent ChatWhat’s new in Lync Server 2013: Persistent Chat
What’s new in Lync Server 2013: Persistent Chat
 
What's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & DevicesWhat's new for Lync 2013 Clients & Devices
What's new for Lync 2013 Clients & Devices
 
Office 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and managementOffice 365 ProPlus: Click-to-run deployment and management
Office 365 ProPlus: Click-to-run deployment and management
 
Office 365 Identity Management options
Office 365 Identity Management options Office 365 Identity Management options
Office 365 Identity Management options
 
SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options SharePoint Installation and Upgrade: Untangling Your Options
SharePoint Installation and Upgrade: Untangling Your Options
 
The application model in real life
The application model in real lifeThe application model in real life
The application model in real life
 
Microsoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solutionMicrosoft private cloud with Cisco and Netapp - Flexpod solution
Microsoft private cloud with Cisco and Netapp - Flexpod solution
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management Moving from Device Centric to a User Centric Management
Moving from Device Centric to a User Centric Management
 
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
 

Technical Cyber Defense Strategies Explained!

  • 1. Technical Cyber Defense Strategies Explained Marcus Murray & Hasain Alshakarti Truesec Security Team, MVP-Enterprise Security x2
  • 2. Marcus Murray Hasain Alshakarti
  • 3. WARNING! Session format = DISCUSSION!
  • 4. Soo.. What does it take to be hack-proof?
  • 5. Let´s start with the big picture!
  • 6. We all know what a network looks like.. Web Srv Mail Srv DC File Srv Mail Srv Client Client
  • 7. Internet Strategy Client Front-end Web Srv Mail Srv Back-end DC SqlSrv FileSrv Client Client Admin User
  • 8. Traditional internal Strategy Client Admin Front-end Web Srv Mail Srv Back-end DC SqlSrv FileSrv Client Client Admin User
  • 9. Demo – Hacking SQL.. SqlSrv
  • 10. Traditional Internet strategy World access Trusted access Admin access Client network Client (Internet) World Cloud Front-end Internet Front-end Accessible Client Client network Client Cloud back-end Internet back-end (Managed) Client Client Internal back-end Internal Front-end FileSrv
  • 11. Apply Internet strategy internally World access Trusted access Admin access Client network Client network Client (Internet) (Managed) World Cloud Front-end Internet Front-end Secure Access Layer Accessible Client Cloud back-end Internet back-end Internal Front-end Internal back-end
  • 12. Let´s add som future.. (today for some..) World access Trusted access Admin access Client network Client network Client (Internet) (Managed) World Cloud Front-end Internet Front-end Secure Access Layer Accessible Client Cloud back-end Internet back-end Internal Front-end Fabric controllers. Fabric controllers Internal back-end
  • 13. Implementing Secure networking - DEMO • Ipsec domain isolation • Direct Access • Ipsec server isolation
  • 14. Domain Isolation - Demo World access Trusted access Client Admin access Client network Client (Managed) File Srv Internal Sql Srv
  • 15. Direct access - Demo World access Trusted access Client Admin access Client network (Managed) Client World Secure Access Layer DA Srv Accessible File Srv Internal Sql Srv
  • 16. Server isolation - Demo World access Trusted access Client Admin access Client network (Managed) Client World Secure Access Layer DA Srv Accessible File Srv Internal Front-end Sql Srv Internal back-end
  • 17. So, if the clients are on the ”internet” all the time.. • Physical access Client • Firewall User • Patching • Non-admin • Malware protection • Secure transport Web Srv
  • 18. Physical access protection • Bitlocker • Protect from DMA access! – http://support.microsoft.com/k b/2516445
  • 19. Local Firewall • Is there ANY reason why the Client client firewall must allow inbound traffic at any time? User Client User Web Srv
  • 20. Patching, of course, but what about the 0-days? • Non-Admin Client • Early mitigations User • Patching strategy Client User Web Srv
  • 21. Malware protection • Macro settings • Antivirus? Yes or No? • Remember applocker? Client User
  • 22. Secure transports…. • Weak protocols… Client – Clear text – NTLM configurations User Client • Direct access! • IPSEC! User Web Srv
  • 23. So, what about BYOD? World access Trusted access Admin access Client network Client network Client (Internet) (Managed) World Cloud Front-end Internet Front-end Secure Access Layer Accessible Client Cloud back-end Internet back-end Internal Front-end Internal back-end • Application classification • Data classification
  • 24. ..and… adminclients • Should an adminuser/computer be Client on the ”internet”? • Should an admin user read email? Admin • Safe admin access – Non compromized computer – Trusted communication channel – Robust exposure of admin interface • Robust services DC • Limited number of administrators – Authentication – Authorization
  • 25. And let´s talk about server services. • Robust service Client – Authentication – Authorization User • Firewall • Patching • privs • depencencies • Admin exposure Web Srv
  • 26. Web server attack Web Srv
  • 27. Marcus Murray Hasain Alshakarti
  • 28. Thank you for listening! 