Where we do depends a lot on where we came from. My talk takes us through a journey from 2001 to 2019 and looking at the decade that lies ahead.
https://nsconclave.net-square.com/the-decade-behind-and-the-decade-ahead.html
4. NETSQUARE
# whoami - Saumil Shah
THE ACCIDENTAL ENTREPRENEUR
• 21 years in Infosec.
• M.S. Computer Science
Purdue University.
• LinkedIn: saumilshah
• Twitter: @therealsaumil
5. NETSQUARE
YEAR 2000
Pentium 3 ~ 800MHz / 256M Ram / 20GB
PCMCIA expansion, No USB
Mobile Charges
₹14 / minute
64Kbps 1:4
"compressed broadband"
The Dawn of WEB HACKING
Hardware Used:
Person to Person Communication: Internet Connectivity:
Emerging Trends in Cybersecurity:
7. NETSQUARE
Virginia Tech System X: Nov 2003
1100 PowerMac G5's
12 TFLOPS
#3 Supercomputer in the world,
November 2003
> 10 TFLOPS for < $10M
Dr. Srinidhi Varadarajan
21. NETSQUARE
Organizations have
plenty volunteers to add
layers of complexity…
…but few none for
attack surface reduction
and reducing privileged
code.
THOMAS DULLIEN,
"Why we are not building a
defendable Internet" BH ASIA 2O17
25. NETSQUARE
From: Bill Gates
Sent: Tuesday, January 15, 2002 5:22 PM
Subject: Trustworthy computing
Every few years I have sent out a memo
talking about the highest priority for
Microsoft. Two years ago, it was the
kickoff of our .NET strategy. Before
that, it was several memos about the
importance of the Internet to our future
and the ways we could make the Internet
truly useful for people.
Over the last year it has become clear
that ensuring .NET is a platform for
Trustworthy Computing is more important
than any other part of our work. If we
don't do this, people simply won't be
willing -- or able -- to take advantage
of all the other great work we do.
Trustworthy Computing is the highest
priority for all the work we are doing.
We must lead the industry to a whole new
level of Trustworthiness in computing.
29. NETSQUARE
Evolution of the Internet
Physical
Data Link
IP
TCP / UDP
Session
Presentation
Application INTEROPERABILITY
DECENTRALISED
30. NETSQUARE
Evolution of the Internet
HTTP
WEB 1.0
WEB 2.0
CLOUDSocial N/W
A.I.
SKYNET
HTTP IS THE
DATAGRAM OF THE
APPLICATION LAYER
THE MATRIX
VIRTUALISATION
MOORE'S LAW
BOSTON DYNAMICS
F.A.A.N.G.
36. NETSQUARE
Computerization, Discretion, Freedom
Sergey Bratus, Anna Shubina
December 31, 2015
Surveillance of social networking, pervasive user tracking in hopes of reaping
profits promised by “big data”, and ubiquitous failure to secure stockpiled
personal data went from being the concern of the few to making mainstream
media. We’ve learned that what hurts privacy is also likely to hurt freedom. But,
despite all these revelations, the worst and the most pervasive danger of
computerizing our everyday lives has so far avoided public attention: that
computers modify our behaviors related to discretion, professional autonomy, and,
ultimately, moral choice.
Computerization changes every area of human activity it touches, by bringing
new rules and new metrics. With enough of these at work, humans must act with an
eye to not just what they do (or should do) in the actual real-world situations, but also
to how it will look in the computer representation of it—and the latter are never
complete. And when they disagree, one must either spend the extra time and effort
“fighting the system”, bend the rules—or give up.
44. NETSQUARE
CYBERSPACE BIOLOGY:
CELLS = PIXELS
• HUMAN FACULTIES FOR THREAT DETECTION
FAIL IN CYBERSPACE.
• FOR HUMANS, WHAT IS COMMON SENSE IN
REALITY IS IGNORANCE IN VIRTUALITY.
• FALSE SENSE OF SECURITY AND PRIVACY
THROUGH INEFFECTIVE INFOSEC PRODUCTS.
47. NETSQUARE
Thomas Dullien
http://addxorrol.blogspot.com/2018/03/a-bank-statement-for-app-activity-and.html
"How could one empower users to account for
their private data, while at the same time helping
platform providers identify malicious software
better?
By providing users with the equivalent of a bank
statement for app/software activity. The way I
imagine it would be roughly as follows:
A separate component of my mobile phone (or
computer) OS keeps detailed track of app activity:
What peripherals are accessed at what times,
what files are accessed, etc."
A BANK STATEMENT FOR
APP/SOFTWARE ACTIVITY
51. NETSQUARE
ROOT CAUSES OF "LACK OF TRUST"
• THE INTERNET WAS DESIGNED FOR U.S.
MILITARY COMMUNICATIONS. USER IDS
WERE NEVER A PART OF ITS DESIGN.
• ARE YOU ALLOWED TO DRIVE AN
UNREGISTERED CAR ON THE ROAD, AND
WITHOUT A DRIVERS' LICENSE?
52. NETSQUARE
numberofusers
infosec maturity
HOPELESS UNINFORMED PROACTIVE ROCK STARS
IDENTIFY YOUR TARGET USERS...
Always
going to be
an enigma.
If properly guided,
these users are willing
to improve their
usage habits.
The
next
Rock Star
users.
Leave them
alone, and
possibly
learn from them.
60. NETSQUARE
RESIST
Pass The Parcel
Rules, Signatures,
Updates, Patches
The Next Short-Lived
Security Product
Encumber
Your Users
INFOSEC:
The business of
selling FEAR