Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Sophos Day Belux 2014

540 vues

Publié le

How can Sophos help you to protect your infrastructure?

  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Sophos Day Belux 2014

  1. 1. Is your network h@Cking pr00f? Malik Mesellem
  2. 2. Malik Mesellem Ethical Hacker MME BVBA ° 2010 Security Audits & Training Objective approach Focus is to advise No-nonsense mentality
  3. 3. What are we afraid of? Buffer Overflows DoS Trojans Port Scans Spoofing
  4. 4. I don’t think so… Old skool attacks✝ We all have firewalls ;) (since 1990)
  5. 5. So WTH(ack) is the problem? And who is the enemy?
  6. 6. A new wave of client-side threats…
  7. 7. + Complex application-level attacks
  8. 8. + Complex application-level attacks
  9. 9. Your secure (?) infrastructure Web server Client DC App server Firewall
  10. 10. Hacker’s attack plan? ATTACK the border = web apps
  11. 11. Application-level attack SQL injection SELECT * FROM … WHERE … ‘ OR 1=1--
  12. 12. Web server DOWN ;(
  13. 13. Hacker’s attack plan? ATTACK the weakest = humans
  14. 14. Client-side attack Spear phishing email campaign CVE-2014-0515 0-day client-side exploits
  15. 15. Client computer DOWN ;(
  16. 16. You’ve just lost 2 assets! They are inside the network… Pivot, seek, and pwn!
  17. 17. Network-level attack Issues in OS or application Buffer overflow
  18. 18. Application server DOWN ;(
  19. 19. You’ve just lost 3 assets! Keys to your castle…
  20. 20. Now they go for the GOLD! Pass-the-Hash Token impersonation
  21. 21. GAME OVER You’ve lost everything $$$
  22. 22. GAME OVER You’ve lost everything $$$
  23. 23. OMG… we definitely need heroes!
  24. 24. Secure email gateway Vulnerability & patch UTM firewall Endpoint AV Mobile control management
  25. 25. Two-factor authentication Web application firewall Server security IDS/IPS Security audits Training
  26. 26. Two-factor authentication Web application firewall Server security IDS/IPS
  27. 27. What if…
  28. 28. Q&A? Is your network h@Cking pr00f? Malik Mesellem Thank you!

×