Presentation is loading. Please wait.

Presentation is loading. Please wait.

Why we keep doing security wrong Grant Cohoe. About Me System Administrator – RSA (The security division of EMC) OpComm Director / Sysadmin / Chairman.

Published bySharlene James Modified over 9 years ago

Similar presentations

Presentation on theme: "Why we keep doing security wrong Grant Cohoe. About Me System Administrator – RSA (The security division of EMC) OpComm Director / Sysadmin / Chairman."— Presentation transcript:

1 Why we keep doing security wrong Grant Cohoe

2 About Me System Administrator – RSA (The security division of EMC) OpComm Director / Sysadmin / Chairman – Computer Science House @ RIT ISTS Team OpComm (“Team Uptime”) – 3 rd place 2011, 2 nd place 2012

3 What we do Rely on perimeter defenses Overlook the most vulnerable Security is an achievement

4 PERIMETER DEFENSES “Shields are up captain!”

5 Perimeter Defenses Firewalls NAT Proxies IPS

6 Firewalls Host-based – Windows Firewall, iptables, pf – Drill holes! – No one filters outbound traffic

7 Firewalls Network-based – Cisco ASA/PIX, CheckPoint Gateway, etc – Drill less holes, but worse ones Example: SSH

8 Firewalls Great for the majority of badness Wont stop the real badness

9 NAT Non-routable private IP addresses No one can get to you directly? – WRAUNG! – Example: Adjacent Router

10 Proxies Traffic interception/filtering Not particularly useful Hostname vs IP blocking

11 IPS Look for malicious activity and stop it – What/who defines “malicious”? Often very specific targets

12 Perimeter Defenses Very Static Bypassable Good for the 99%, not for the 1

13 OVERLOOK THE MOST VULNERABLE “No one will ever attack this”

14 VoIP Phones Rely on a trusted network infrastructure Do little to no verification of configuration Desktop bugging devices

15 Printers Rarely segregated (dedicated printer network) Bad software No firewalls Springboard for more advanced attack

16 Home Gateways Terrible software

17 SECURITY IS NOT AN ACHIEVEMENT “One does not simply become secure”

18 Achievement “Make us secure”

19 Achievement High CapEx – Equipment, infrastructure Low resources to monitor – No SOC monkeys, investigators Even less to respond – In a crisis, you can’t move

20 Process Continuously monitor and respond to issues

21 Process Moderate CapEx – Different equipment, infrastructure Moderate resources to monitor – 24/7 staffed SOC w/ investigators Moderate resources to response – System management tools, live network mapping, etc

22 SECURITY ANALYTICS Cloud, big data, buzzword, buzzword

23 Security Analytics Real-time holistic intelligence platform Gather data from many sources Compare against profiles Replay entire sessions and content

24 Security Analytics Making available data accessible

25 Security Analytics As things happen, log them – Wireshark everything and store it – Server logs – Active Directory events If anything seems weird, analyze it

26 Profiles Old-and-busted approach: – Someone is trying to get into Oracle New hotness approach: – Josh is authenticated to the VPN – Jeff is authenticated to AD – Nick is trying to get into Oracle

27 Session Replay Server access logs tell you when something happened Wireshark lets you replay the network traffic Get the badness into a secured environment Poke at it

28 Security Analytics Analysis and response in minutes – Rather than days

29 Summary Don’t rely solely on perimeter defenses Don’t overlook anything no matter how small Security is a process, not an achievement Security analytics should be a thing

30 Contact Web: http://grantcohoe.com Twitter: @grantcohoe

Download ppt "Why we keep doing security wrong Grant Cohoe. About Me System Administrator – RSA (The security division of EMC) OpComm Director / Sysadmin / Chairman."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Firewalls Anand Sharma Austin Wellman Kingdon Barrett.

Firewalls Anand Sharma Austin Wellman Kingdon Barrett.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.

Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.

Similar presentations

Ads by Google