Training the Future Cyber Security Specialist: A Novel Approach

Slides:

Advertisements

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Advertisements

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

1 Ben Woelk RIT Information Security Office Advancing Digital Self Defense Establishing a Culture of Security Awareness at the Rochester Institute of Technology.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Computer Crime and Information Technology Security

Information Systems Security Computer System Life Cycle Security.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.

IT Security – Scanning / Vulnerability Assessment David Geick State of Connecticut IT Security.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

CSCE 548 Secure Software Development Security Operations.

Retina Network Security Scanner

1 Tactics and Penetration Testing. Overview Tactics: A procedure or set of maneuvers engaged in to achieve an end, an aim, or a goal. Tactics Penetration.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

Cyber Storm Overview Wednesday 2/1/ PT. Cyber Storm Cyber Storm National Cyberspace Security Exercise Mandated in National Strategy to Secure Cyberspace.

Cyber Services Plc BRIEF SUMMARY  Founded in 2015  Founders and members are security veterans with proven international reputation  Resources.

TRAINING OPTIONS AT CYBER SERVICES PLC Anett Mádi-Nátor, Director of International Operations Ferenc Frész, CEO.

Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.

University of Piraeus Research Centre (UPRC) Assistant Professor Nineta Polemi “PREVENTION, PREPAREDENESS AND CONSEQUENCE MANAGEMENT OF.

BEST PRACTICE. Training firm is an educational concept based on “learning by doing”. It is a simulation of a real company, which can be achieved through.

The value of Cyber Defense Exercises 1. Purpose and objectives The aim is to improve information assurance in critical infrastructure by :  Better understanding.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

King William High School. Cyber Security Curriculum 4 year high school curriculum Up to 5 technology certifications upon successful completion of each.

An Anatomy of a Targeted Cyberattack

Proactive Incident Response

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.

Performing Risk Analysis and Testing: Outsource or In-house

Cyber Security – An Existential Threat? (IIC, Singapore)

Team 1 – Incident Response

Critical Security Controls

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Burke.

Team 4 – Mack, Josh, Felicia, Kevin and Walter

Secure Software Confidentiality Integrity Data Security Authentication

Lesson Objectives Aims You should be able to:

Cyber Protections: First Step, Risk Assessment

Or how to learn to love the bomb

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them David Hood Director of Technology Marketing.

Joe, Larry, Josh, Susan, Mary, & Ken

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Bird Team Lead, Account Executive.

NYBA 2017 Technology, Compliance &

Cyber Security coordination in Europe CERT-EU’s perspective

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Vanderhoff.

Welcome To : Group 1 VC Presentation

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.

Call AVG Antivirus Support | Fix Your PC

SEC 420 StrCompetitive Success/tutorialrank.com

Norton technical support Norton.com/Setup | Norton Setup and Install with Product Key Norton Antvirus Activation For protection against.

Robert Leonard Information Security Manager Hamilton

Determined Human Adversaries: Mitigations

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Andrew Cotton.

How To Land Your Dream Job in Cyber Security

Li Yang, Carson Woods (University of Tennessee at Chattanooga

Understanding your enemy!

Shifting from “Incident” to “Continuous” Response

Information Security Awareness

Network hardening Chapter 14.

Management Information Systems: Classic Models and New Approaches

Determined Human Adversaries: Mitigations

M.Eng. Alessandro Mancuso Supervisor: Dr. Piotr Żebrowski

Chapter # 3 COMPUTER AND INTERNET CRIME

Cyber Security in a Risk Management Framework

16. Account Monitoring and Control

Microsoft Virtual Academy

Ethical Hacker Pro IT Fundamentals Pro

Presentation transcript:

Training the Future Cyber Security Specialist: A Novel Approach Fatih Karayumak fatih.karayumak@tubitak.gov.tr

The Norm Universities Training Institutes Standart Curriculums Text-book and partly practiced education Lacking Real-World examples Good in theory No hands-on training Training Institutes Financial Concerns Limited time Crammed-up classrooms Limited Hands-on training

The Aim 3

Needs Analysis Emphasize on Hands-on Experience Why do we need such an environment? Emphasize on Hands-on Experience Measurement of Readiness for Cyber Incidents Train for what Security Technologies / Products Security Monitoring Possible Attack Methods Incident Handling Other Considerations As fast as possible As comprehensive as possible 4

Hands-on Experience Why hackers mostly reach their target? Real World Scenarios Why hackers mostly reach their target? Endurance Non-technical vulnerabilities Think like an hacker and calibrate for the worst case Emulate / simulate your own environment (learn for your system) Put yourself targets as an hacker and try to achieve it Find your way through the complex system 5

Measurement of Readiness How ready are we? Main Motivation is Defence Defending is harder than attacking Technical measures do not help alone How to measure your defensive capability Effectiveness of Defensive Measures Measurement of readiness should be system specific Human (End users and administrators) + Technology + Hardening + Monitoring + Policy 6

Train for What Knowledge and Skills Cyber Security Domain Knowledge and Skills Expertise areas Skills Possible Defensive and Offensive Scenarios Incident Handling and Cyber Security Crisis 7

Our Approach

Conseptual Diagram 9

Building Blocks 10

Source of the Know-How How did we gather the know-how? 26 different governmental entities have been security tested in the last 4 years. Penetration testing of 38 banks in 2011 including the international banks (BDDK- Banking Sector Regulator) Delivered 15 technical courses to 610 personnel from 55 governmental entities Penetration testing of private sector companies (GSM Sector, Insurance etc.) Participated in NATO Locked Shields 2014 in Green and Red Temas Participating in NATO Cyber Coalition Exercices to support TAF CDC 11

Creating the Training

Scenario Module

A Sample Drawing for the Scenarios & Steps 14

A Sample: Expertise and Scenarios Windows OS and Domain Security Some Scenarios Involved Medium Acquiring domain admin rights in a Windows Domain by pyhsically accessing an unprivileged standard domain-enabled PC Medium Acquiring domain admin rights in a Windows Domain by obtaining credentials from a truecrypt file found in an NFS shared folder Hard Acquiring domain admin rights in a Windows Domain by sending a phishing e-mail that includes a malware Hard Bypass the anti-virüs software installed on the Domain Controller …. 15

Training the Skills

A Sample Scenario: The Building Steps Train for the possible attack methods and impact Scenario Acquiring domain admin rights in a Windows Domain by pyhsically accessing an unprivileged domain-enabled PC The steps to accomplish Step 01: Pyhsical access to a PC Step 02: Enunumerate the user accounts from the command line Step 03: Access to company network Step 04: Internal network discovery using NMAP Step 05: Vulnerability scanning using NESSUS Step 06: Find the vulnerable Windows XP machine Step 07: Vulnerability scanning using NESSUS Step 08: Find the vulnerable PC Step 09: Exploit a vulnerability to gain access to the PC Step 10: Get the password hashes of some users Step 11: Access the machine of the domain administrator by opening a meterpreter Shell Step 12: Acquire the clear-text password of the domain administrator 17

Measurable Steps

Monitoring Module

A Sample: Monitoring 20

Fielded Events Cyber Security Summer Camp for University Students In Full Activity Cyber Security Summer Camp for University Students SiberMeydan UNI (Cyber defence contest among all universities in Turkey) National Cyber Security Exercise 21

Work in Progress Separately monitoring defensive and offensive actions SATCOM Terminalleri Separately monitoring defensive and offensive actions Integrate tactical and strategic level events and notifications with the technical scenarios. Hence, get the decision support involved More simulation than emulation Simulation of technical vulnerabilities and/or OS services Use red teams as human-in-the-loop 22