SlideShare une entreprise Scribd logo

Mining attackers mind

Télécharger en tant que PPTX, PDF
K
keyuradmin

Think like an attacker and take proactive approach to security

Technologie
1  sur  28
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com www.cyberoam.com Our Products © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Network Security Appliances - UTM, NGFW (Hardware & Virtual) Modem Router Integrated Security appliance Presenter: Cyberoam Mining Attackers Mind
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Agenda • Innovative technologies impacting complexity in security • Challenges to IT security administrators and gaps in security infrastructure • Changing motivation of cyber criminals and evolving threat engineering • Hacking into the mind of today's cyber criminal
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Innovative technology changes everything Social business 1 billion mobile workers 1 trillion Connected objects Bring your own IT Cloud and virtualization
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Innovative technology changes everything People Data Applications Infrastructure … that requires a new approach Employees Hackers Outsourcers Suppliers Consultants Terrorists Customers Systems Applications Web Applications Web 2.0 Mobile Applications Datacenters PCs Laptops Mobile Structured Unstructured At rest In motion Cloud Non- traditional
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Administrators approach  Most spend 50% of their security budgets on reactive tools and resources  No actionable information or outcome analysis on How can an attack happen  Security infrastructure has Gaps Endpoint Suites Network UTM Application Security Vulnerability Management
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Engineering for Attacks
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com 2,641,350 Security Attacks The Average Company Faces per Week
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com If you think you are safe- Think Again Source: IBM X-Force@ Research and Development
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com If you think you are safe- Think Again Source: IBM X-Force@ Research and Development
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Script-Kiddy Undergraduate Expert Specialist National Interest Personal Gain Personal Fame Curiosity Vandal Thief Spy Trespasser Author
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Motivations and sophistication are rapidly evolving Monetary Gain Organized crime Zeus Espionage, Activism Competitors and Hacktivists Aurora National Security Nation-state actors Stuxnet Insiders and Script-kiddies Code Red Revenge, Curiosity
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Thinking like an attacker  Plan  Practice  Covering Tracks  Attack on defense  Organized community
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com 5 Phases Hacker follows Reconnaissance  Preparatory phase  Competitive intelligence  Time consuming  Most important Scanning  Network Mapping  Check for open ports  Banner Grabbing  Identify open services  Scanning for vulnerabilities  Prepare proxies Gaining Access  Potential Damage  logic or time bomb  session Hijacking, buffer overflows  Targeted attack  Brute force/Dictionary attack Maintaining access  Backdoor  Trojans  Rootkit  Data trafer Covering Tracks  Erasing contaminated logs  Cover for additional attack
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Reconnaissance preparatory phase competitive intelligence Time consuming Hacker’s list Result Search Fine Web Employee contact information, Phone numbers, Business Partners, Recent Mergers Search Engines Search employee group for sensitive information or Job related infromation Whois Database Internet address, Domain names, Contact information, ARIN Domain lookup IP address, Mail Server information Ping, Traceroute, SMTP VRFY Live IP, Round trip time, Possible Firewall, Valid Email addresses
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Defending Reconnaissance  No way to prevent attackers from gaining Registration data  Avoid DNS leaking unnecessary information  Restrict Zone transfer  Use Slipt DNS and limit the amount of DNS information  Disable ping from WAN side on Firewall  Remember employees contact information can be used in social engineering
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Scanning Hacker’s list Result Network Mapping Network security assessment Port Scanning Search for open well known ports Banner Grabbing/OS finger printing Search of operating system on end PC Vulnerability Scanning Identify vulnerabilities of computing systems Proxies Masking the traceback
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Defending Scanning  Check the systems before hacker does  Scan, find and patch – Regular process  Change content of 404 Page  Edit server info properties – if you want to engage hacker and study behavior  Evade them using IPS at network level  Do not forget about UDP open ports  Check for traffic with known source ports- can be a disguise
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Gaining Access Hacker’s List Result Session Hijacking Sniffing, capturing passwords Brute Force Strong against weak passwords DNS poisoning Redirect traffic to another imitating website Exploit Vulnerability Access to the restricted content, privilege elevation
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Defending Gaining Access  Complex passwords  Find vulnerabilities before hacker does  Scan  Patch  Test  DHCP snooping on L2 switches  Create separate management VLAN  All protocols must be encrypted  Use SSH, SSL, HTTPS  Use LDAPS instead of simple LDAP bind requests  Protect webservers against OWASP top vulnerabilities with WAF
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Maintaining access Hackers List Result Backdoor Preinstalled or Backdoor soft wares are used by hackers to gain access to systems so that they can send in the malicious soft wares to that particular system. Trojan horses Trojan horse is used as a dropper it will allow other hackers and worms to attack the network easily. Root Kits Very hard to get detected
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Defending Maintaining access  Regular scanning  Regular monitoring of the data passing through the network  updated Antivirus with advanced Root kit removal capabilities  IPS should be capable to stop the bots getting connected to the command center  LAN to WAN should not be open for all the traffic  Outbound Spam filter should be included in the priority list
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Covering Tracks Hackers list Result Hide the entry points Difficult in passive monitoring to detect Hide the logs Too many logs confuse the customers Hide the data transfer logs Data transfer is done using the encrypted tunnels. Difficult to predict Professional work
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Defending Covering Tracks  Logs should be stored and multiple servers  Regular backup of the logs should be done to  Hackers usually clean and shut the service. SNMP will help.  Close monitoring of the logs may help  SIEM tools are better in those scenarios
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Analyze to Learn  To protect a system, you have to learn how it can be attacked  Systems are resistant to changes once deployed  Thinking like attacker is not always easy- may sound counter productive  But hackers do that everyday
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Security Evaluation Threat Modeling  Most power security engineering activities  Focus on actual Threat, not just vulnerabilities  Plans and reviews by offering deep insight into the methods attackers could use to manipulate service or servers  Weigh security decisions against other design goals  Understand attack vectors and conditions for successful attack
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Threat Priority Impact What is the impact to the business? Resource How likely is the threat given the controls? Vulnerability How could the threat occur? Mitigation What is currently reducing the risk? Threat What are you afraid of happening? Resource What are you trying to protect?
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com 10 Assumptions to get hacked easily  Allow everything from LAN to WAN  DMZ to LAN allowed by default  use very easy passwords  allow applications to use administrative passwords  no update of antivirus  Running unhardened application servers  Assume your security is fully secure  Assume Firewall can save you from all type of attacks  Do not patch servers, end machines or workstations  Allow users to use BYOD without corporate policy  Virtual network are secure by design
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Thank you

Recommandé

Chapter 5 Networking and Server Attacks
Chapter 5 Networking and Server AttacksChapter 5 Networking and Server Attacks
Chapter 5 Networking and Server AttacksDr. Ahmed Al Zaidy
 
UTM Cyberoam
UTM Cyberoam UTM Cyberoam
UTM Cyberoam Rodrigo Martini
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperationsAntonio (Tony) Robinson
 
Ccnsp
CcnspCcnsp
CcnspRudi Permana Yudha
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber SecurityDimitris Chalambalis
 
CCNSP
CCNSPCCNSP
CCNSPSagun Shrestha
 
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering AttacksChapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering AttacksDr. Ahmed Al Zaidy
 
Ccnsptrainerpresentation 111019052032-phpapp01
Ccnsptrainerpresentation 111019052032-phpapp01Ccnsptrainerpresentation 111019052032-phpapp01
Ccnsptrainerpresentation 111019052032-phpapp01Ralbary
 

Recommandé

Chapter 5 Networking and Server Attacks
Chapter 5 Networking and Server AttacksChapter 5 Networking and Server Attacks
Chapter 5 Networking and Server AttacksDr. Ahmed Al Zaidy
 
UTM Cyberoam
UTM Cyberoam UTM Cyberoam
UTM Cyberoam Rodrigo Martini
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperationsAntonio (Tony) Robinson
 
Ccnsp
CcnspCcnsp
CcnspRudi Permana Yudha
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber SecurityDimitris Chalambalis
 
CCNSP
CCNSPCCNSP
CCNSPSagun Shrestha
 
Chapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering AttacksChapter 2 Malware and Social Engineering Attacks
Chapter 2 Malware and Social Engineering AttacksDr. Ahmed Al Zaidy
 
Ccnsptrainerpresentation 111019052032-phpapp01
Ccnsptrainerpresentation 111019052032-phpapp01Ccnsptrainerpresentation 111019052032-phpapp01
Ccnsptrainerpresentation 111019052032-phpapp01Ralbary
 
Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetCe hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetVi Tính Hoàng Nam
 
Ccnsp trainer presentation
Ccnsp trainer presentationCcnsp trainer presentation
Ccnsp trainer presentationSoap MacTavish
 
CCNSE
CCNSECCNSE
CCNSERiyad Khatib
 
Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesCe hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesVi Tính Hoàng Nam
 
Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall PresentationManoj Kumar Mishra
 
Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)Evan Clark
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Securitycrussell79
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTMDSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTMAndris Soroka
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsImperva
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and TechnologyChapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and TechnologyDr. Ahmed Al Zaidy
 
Introduction to Web Server Security
Introduction to Web Server SecurityIntroduction to Web Server Security
Introduction to Web Server SecurityJITENDRA KUMAR PATEL
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaInformation Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaNew Horizons Bulgaria
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelineswebhostingguy
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackinghcls
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 

Contenu connexe

Tendances

Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetCe hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetVi Tính Hoàng Nam
 
Ccnsp trainer presentation
Ccnsp trainer presentationCcnsp trainer presentation
Ccnsp trainer presentationSoap MacTavish
 
Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesCe hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesVi Tính Hoàng Nam
 
Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall PresentationManoj Kumar Mishra
 
Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)Evan Clark
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Securitycrussell79
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh
 
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTMDSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTMAndris Soroka
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsImperva
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and TechnologyChapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and TechnologyDr. Ahmed Al Zaidy
 
Introduction to Web Server Security
Introduction to Web Server SecurityIntroduction to Web Server Security
Introduction to Web Server SecurityJITENDRA KUMAR PATEL
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaInformation Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaNew Horizons Bulgaria
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelineswebhostingguy
 

Tendances (20)

Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetCe hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internet
 
Ccnsp trainer presentation
Ccnsp trainer presentationCcnsp trainer presentation
Ccnsp trainer presentation
 
CCNSE
CCNSECCNSE
CCNSE
 
Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policiesCe hv6 module 49 creating security policies
Ce hv6 module 49 creating security policies
 
Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall Presentation
 
Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)Common Cyberthreats and How to Prevent Them (2019)
Common Cyberthreats and How to Prevent Them (2019)
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Security
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
 
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive MalwareShah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
 
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTMDSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and TechnologyChapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and Technology
 
Introduction to Web Server Security
Introduction to Web Server SecurityIntroduction to Web Server Security
Introduction to Web Server Security
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaInformation Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons Bulgaria
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelines
 

Similaire à Mining attackers mind

Ethical hacking
Ethical hackingEthical hacking
Ethical hackinghcls
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio RosaTI Safe
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Lancope, Inc.
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...BAKOTECH
 
zero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdfzero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdfAliAlwesabi
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxInfosectrain3
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdfShould You Pay Ransomware.pdf
Should You Pay Ransomware.pdfKavitaDubey18
 
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-WilheminaRossi174
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptshreya_omar
 
Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014Imperva
 
Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019Teri Radichel
 

Similaire à Mining attackers mind (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
 
zero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdfzero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdf
 
Information Security
Information SecurityInformation Security
Information Security
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
03 secure the computer
03 secure the computer03 secure the computer
03 secure the computer
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised Insider
 
Adaptive Trust for Strong Network Security
Adaptive Trust for Strong Network SecurityAdaptive Trust for Strong Network Security
Adaptive Trust for Strong Network Security
 
Should You Pay Ransomware.pdf
Should You Pay Ransomware.pdfShould You Pay Ransomware.pdf
Should You Pay Ransomware.pdf
 
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014
 
Cyber security
Cyber securityCyber security
Cyber security
 
Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019Are you ready for a cloud pentest? AWS re:Inforce 2019
Are you ready for a cloud pentest? AWS re:Inforce 2019
 

Dernier

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 

Dernier (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

Mining attackers mind

  • 1. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com www.cyberoam.com Our Products © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Network Security Appliances - UTM, NGFW (Hardware & Virtual) Modem Router Integrated Security appliance Presenter: Cyberoam Mining Attackers Mind
  • 2. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Agenda • Innovative technologies impacting complexity in security • Challenges to IT security administrators and gaps in security infrastructure • Changing motivation of cyber criminals and evolving threat engineering • Hacking into the mind of today's cyber criminal
  • 3. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Innovative technology changes everything Social business 1 billion mobile workers 1 trillion Connected objects Bring your own IT Cloud and virtualization
  • 4. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Innovative technology changes everything People Data Applications Infrastructure … that requires a new approach Employees Hackers Outsourcers Suppliers Consultants Terrorists Customers Systems Applications Web Applications Web 2.0 Mobile Applications Datacenters PCs Laptops Mobile Structured Unstructured At rest In motion Cloud Non- traditional
  • 5. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Administrators approach  Most spend 50% of their security budgets on reactive tools and resources  No actionable information or outcome analysis on How can an attack happen  Security infrastructure has Gaps Endpoint Suites Network UTM Application Security Vulnerability Management
  • 6. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Engineering for Attacks
  • 7. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com 2,641,350 Security Attacks The Average Company Faces per Week
  • 8. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com If you think you are safe- Think Again Source: IBM X-Force@ Research and Development
  • 9. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com If you think you are safe- Think Again Source: IBM X-Force@ Research and Development
  • 10. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Script-Kiddy Undergraduate Expert Specialist National Interest Personal Gain Personal Fame Curiosity Vandal Thief Spy Trespasser Author
  • 11. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Motivations and sophistication are rapidly evolving Monetary Gain Organized crime Zeus Espionage, Activism Competitors and Hacktivists Aurora National Security Nation-state actors Stuxnet Insiders and Script-kiddies Code Red Revenge, Curiosity
  • 12. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Thinking like an attacker  Plan  Practice  Covering Tracks  Attack on defense  Organized community
  • 13. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com 5 Phases Hacker follows Reconnaissance  Preparatory phase  Competitive intelligence  Time consuming  Most important Scanning  Network Mapping  Check for open ports  Banner Grabbing  Identify open services  Scanning for vulnerabilities  Prepare proxies Gaining Access  Potential Damage  logic or time bomb  session Hijacking, buffer overflows  Targeted attack  Brute force/Dictionary attack Maintaining access  Backdoor  Trojans  Rootkit  Data trafer Covering Tracks  Erasing contaminated logs  Cover for additional attack
  • 14. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Reconnaissance preparatory phase competitive intelligence Time consuming Hacker’s list Result Search Fine Web Employee contact information, Phone numbers, Business Partners, Recent Mergers Search Engines Search employee group for sensitive information or Job related infromation Whois Database Internet address, Domain names, Contact information, ARIN Domain lookup IP address, Mail Server information Ping, Traceroute, SMTP VRFY Live IP, Round trip time, Possible Firewall, Valid Email addresses
  • 15. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Defending Reconnaissance  No way to prevent attackers from gaining Registration data  Avoid DNS leaking unnecessary information  Restrict Zone transfer  Use Slipt DNS and limit the amount of DNS information  Disable ping from WAN side on Firewall  Remember employees contact information can be used in social engineering
  • 16. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Scanning Hacker’s list Result Network Mapping Network security assessment Port Scanning Search for open well known ports Banner Grabbing/OS finger printing Search of operating system on end PC Vulnerability Scanning Identify vulnerabilities of computing systems Proxies Masking the traceback
  • 17. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Defending Scanning  Check the systems before hacker does  Scan, find and patch – Regular process  Change content of 404 Page  Edit server info properties – if you want to engage hacker and study behavior  Evade them using IPS at network level  Do not forget about UDP open ports  Check for traffic with known source ports- can be a disguise
  • 18. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Gaining Access Hacker’s List Result Session Hijacking Sniffing, capturing passwords Brute Force Strong against weak passwords DNS poisoning Redirect traffic to another imitating website Exploit Vulnerability Access to the restricted content, privilege elevation
  • 19. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Defending Gaining Access  Complex passwords  Find vulnerabilities before hacker does  Scan  Patch  Test  DHCP snooping on L2 switches  Create separate management VLAN  All protocols must be encrypted  Use SSH, SSL, HTTPS  Use LDAPS instead of simple LDAP bind requests  Protect webservers against OWASP top vulnerabilities with WAF
  • 20. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Maintaining access Hackers List Result Backdoor Preinstalled or Backdoor soft wares are used by hackers to gain access to systems so that they can send in the malicious soft wares to that particular system. Trojan horses Trojan horse is used as a dropper it will allow other hackers and worms to attack the network easily. Root Kits Very hard to get detected
  • 21. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Defending Maintaining access  Regular scanning  Regular monitoring of the data passing through the network  updated Antivirus with advanced Root kit removal capabilities  IPS should be capable to stop the bots getting connected to the command center  LAN to WAN should not be open for all the traffic  Outbound Spam filter should be included in the priority list
  • 22. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Covering Tracks Hackers list Result Hide the entry points Difficult in passive monitoring to detect Hide the logs Too many logs confuse the customers Hide the data transfer logs Data transfer is done using the encrypted tunnels. Difficult to predict Professional work
  • 23. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Defending Covering Tracks  Logs should be stored and multiple servers  Regular backup of the logs should be done to  Hackers usually clean and shut the service. SNMP will help.  Close monitoring of the logs may help  SIEM tools are better in those scenarios
  • 24. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Analyze to Learn  To protect a system, you have to learn how it can be attacked  Systems are resistant to changes once deployed  Thinking like attacker is not always easy- may sound counter productive  But hackers do that everyday
  • 25. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Security Evaluation Threat Modeling  Most power security engineering activities  Focus on actual Threat, not just vulnerabilities  Plans and reviews by offering deep insight into the methods attackers could use to manipulate service or servers  Weigh security decisions against other design goals  Understand attack vectors and conditions for successful attack
  • 26. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Threat Priority Impact What is the impact to the business? Resource How likely is the threat given the controls? Vulnerability How could the threat occur? Mitigation What is currently reducing the risk? Threat What are you afraid of happening? Resource What are you trying to protect?
  • 27. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com 10 Assumptions to get hacked easily  Allow everything from LAN to WAN  DMZ to LAN allowed by default  use very easy passwords  allow applications to use administrative passwords  no update of antivirus  Running unhardened application servers  Assume your security is fully secure  Assume Firewall can save you from all type of attacks  Do not patch servers, end machines or workstations  Allow users to use BYOD without corporate policy  Virtual network are secure by design
  • 28. © Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com Thank you