Cybersecurity. Prof. Dr. Michael Waidner Technische Universität Darmstadt und Fraunhofer-Institut für Sichere Informationstechnologie SIT, Darmstadt
|
|
- Geoffrey Nash
- 8 years ago
- Views:
Transcription
1 Cybersecurity Prof. Dr. Michael Waidner Technische Universität Darmstadt und Fraunhofer-Institut für Sichere Informationstechnologie SIT, Darmstadt Konferenz»Digitale Wirtschaft und Cyberpolitik«Tönissteiner Kreis, Berlin, 6. März 2015
2 Agenda Digital Sovereignty: Objective and Reality Why is IT not Secure? What Needs to be Done? 2
3 »Digital Space«is Everywhere Connected, programmable, open and shared. Generating massive amounts of data, often sensitive, mostly unstructured. Every new technology, service, consumption, business model creates new security and privacy challenges. 3
4 Digital Sovereignty: Objective Self-determination in a digital world Self-determination 1.»Gestaltbarkeit«: Ability to Shape the Digital World 2. Security 3. Privacy 4. Trust in the Quality of 1-3 Citizen Enterprise Administration EU / States 4
5 Digital Sovereignty: Reality Gestaltbarkeit Security Privacy Trust Limited Cybercrime, sabotage, espionage, individual surveillance, censorship Mass surveillance, profiling, data persistence, scoring, data analytics Limited 5
6 Impact of Cybercrime and Espionage (Germany) Cyber attacks considered serious threat by 74% of all enterprises (1), 85% of all users (2) 49% of all attacks are»opportunistic«(3) Many got already hit by cyber attacks 38% of all users (1), 21% with identity theft (2) ; 30% of all enterprises with cyber crime (1), 54% with industrial espionage, >50% through»hacking«(4) Significant damages 40 M /a in reported cases of computer fraud (reality likely 11x) (5) ; 40 B /a (1,6% BIP) total cost of cyber crime (6), larger than total costs of car incidents ) Sources: (1) BITKOM 3/5 2014, (2) SCHUFA 9/2013, (3) IBM 3/2013, (4) Corporate Trust 7/2014, (5) BKA 8/2014, (6) Center for Strategic and International Studies 6/2014, (7) Bundesanstalt für Straßenwesen 8/2010 6
7 Prototypical Attacks Targeted, organized, financially or politically motivated Zeus Trojan and Botnet (2007) Jérôme Kerviel vs. Société Générale (2008) Anonymous (2008) False Flag Operations: Iranian Cyber Army vs. Baidu Search Engine (2010) DigiNotar (2011), RSA/Lockheed-Martin (2011), Saudi Aramco (2012), EADS (2012),... Stuxnet (2010) PRC Unit 61398, Shanghai (2013) NSA / GCHQ Programs (2013/14) 7
8 Snowden Revelations on NSA/GCHQ Activities PRISM TAO TEMPORA BULLRUN MYSTIC MUSCULAR HACIENDA etc. Mass surveillance of Internet and mobile networks Wiretapping of selected individuals, including Chanceller Merkel Suspicion of support for industrial espionage Circular trading to evade national law Direct access auf cables satellites, Internet backbone, cloud providers in the USA/UK and likely also in EU/Germany Manipulation of central infrastructures (SSL PKIs, DNS, BGP) Manipulation of supply chain (»Tailored Access Operations«) Systematic backdoors in NIST standards, in specific products Collection of vulnerabilities in products 8
9 Prototypical Attacks: Advanced Persistent Threat RSA / Lockheed-Martin, : Social engineering & phishing March 3: Fake to some RSA employees: [2011 Recruitment plan.xls] with embedded flash zero-day CVE in Adobe Flash Player. Planted Poison Ivy trojan horse. 2: Digital Shoulder Surfing Poison Ivy connects back to control server, giving full control to attacker. Attacker gradually moves towards higher value accounts and data. Sources: F-Secure, New York Times, Information Week : Collecting SecureID secret seed records, downloading them from staging server. RSA issues warning on March 17 Unusually fast (e.g., attack on Nortel went unnoticed for more then 10 years) 4: Exploiting compromised SecureID to break into the target systems at defense industry. June 3: Lockheed discloses a blocked attack, which exploited the breach at RSA. RSA announced replacement program for tokens (>40M tokens worldwide, Lockheed > ). August 2011: RSA acknowledge immediate 66M$ for recovery. March 27, 2012: NSA attributes attack to Chinese hackers 9
10 Domain Name System (DNS) and Vulnerabilities Critical part of the Internet Where is Authentication, blacklists, policies, certificates (SPF, DANE, ROVER, ) Redirect to incorrect hosts Victims: organisations, DNS and network operators, e.g., ICANN, ISC, Craigslist Against Internet clients, routers, e.g., for surveillance, censorship NSA, GCHQ, China Defences Non-crypto defences/ Encryption/ DNSSEC 10
11 Non-Crypto defences Security only against weak attackers Vulnerable [HS13a,HS13b,SW14,..] Domain Name System (DNS) Security Internet standards [RFC6056,RFC4697] OS software: CISCO, linux kernel Zonefile configuration, e.g., ORG Crypto-defences: DNSSEC Crypto-defences: Encryption Internet drafts DNS service providers: OpenDNS DNS software: Verisign, NL-labs, AFNIC Vulnerable: non-interoperable, insecure, not compatible with DNS, [Shulman14] Adjustment to Internet drafts, SW, IETF award Not (widely) deployed: only <5% validate responses, most zones not protected (<1% signed) Incorrect deployments NIST (2013) list of (>1000) financial US domains Only 14 deploy DNSSEC only 3 correctly! 11
12 Recommendations for DNS Security Mandate adoption of DNSSEC Internet providers, network operators, critical infrastructure providers Best practices, policies, regulations Deployment challenges and security problems Surveys and questionnaires for network operators Study of adoptions, detection of misconfigurations 17% of clients in Germany use foreign resolution services Outsourcing to third parties/ Misconfigurations/ Malware Outsourcing only to certified third parties Interoperability problems with existing infrastructure Large responses cipher suite negotiation Legacy network devices (1) identify legacy devices, (2) upgrade infrastructure 12
13 Border Gateway Protocol (BGP) Fraunhofer-Gesellschaft 2014 Delivery of traffic to remote destinations Long history of BGP prefix hijacks Reroute via/to incorrect networks Intercept/block/modify communication Frequent attacks: 2013, 1500 hijacks in 2 months Victims: financial institutions, ISPs, VoIP, govts... BGP hijacks range from benign misconfigurations, to censorship, DoS, and advanced attacks, such as surveillance and corporate or nation-state espionage Pakistan censored YouTube (2008) via false BGP updates Belarus/Iceland hijack (May 2013) Turkey blocked Twitter and hijacked entire Internet (2014) Canadian Bitcoin hijack (May 2014) Syria Telecom hijacks YouTube (Dec. 2014) Perpetrators: Great China Firewall, NSA, GCHQ, militaries, spammers 13
14 Belarus/Iceland Hijack (May 2013): BGP Hijack between Governments Last year during two months more than 1500 IP addresses were rerouted Targets Financial institutions VoiP providers Governments 14
15 Resource Public Key Infrastructure (RPKI) BGP Security Proposed and standardised more than a decade ago But, only less than 5% of the Internet prefixes are authenticated Security only if all networks between source/destination adopt Deployment obstacles Reliance on a single root of trust Significant (manual) deployment efforts Changes to the routing infrastructure Hierarchical Does not guarantee full security Even if widely adopted, vulnerable to next AS attack 15
16 Decentralised Infrastructure for Secure BGP Decentralised BGP Authentication Decentralised: no single root of trust No changes to existing infrastructure Easy adoption Automated registration/verification Differentiate connectivity failures vs malicious attacks Effective under partial adoption 16
17 Recommendations for BGP Security Identify suitable BGP security proposal Compare proposals: trust requirements, changes to infrastructure and ease of adoption, legal aspects (exposing neighbours and customers), political motivations Mandate adoption of BGP routing security Network operators and Internet providers Preliminary evaluation of security proposals, e.g., with universities, ISPs Best practices, policies, regulations Deployment challenges Study of common routing configuration practices: Traffic engineering/ Infrastructure support Networks and servers topology/architectures 17
18 Commercial Data Collection (Examples) Source: Company web site 18
19 Commercial Data Collection (Examples) Source: Company web site 19
20 What is at Risk? Informational Self-Determination: Individual: being observed / sense of being observed Industry, government, society: influence over public / individual opinion + loss of control over data collections Discrimination: Transparent citizens, enterprises Risk through centralized data silos Access by foreign services (e.g., as in PRISM) Access by criminals (e.g., malware via ads, prep social engineering via online social networks) 20
21 Research Challenges for Countering Loss of Privacy Established technology concepts data minimization, anonymity & pseudonymity, transparency & control don t work well in»new«environments Cloud Computing? Classical Internet Social Internet Internet of Things??? Big Data??? 21
22 Agenda Digital Sovereignty: Objective and Reality Why is IT not Secure? What Needs to be Done? 22
23 Why is Information Technology not Secure? Several fundamental problems Insiders Usability Long Innovation Cycles Slow Adoption of Security Best Practices Software Quality 23
24 Why is Information Technology not Secure? Slow Adoption of Security Best Practices in Industry Firewall Risk assessment Disk encryption Strong authentication VPN / Network encryption Identity Management Governance (CISO, etc.) Auditing Security monitoring Mail encryption ISO 27001, etc. Data Leakage Prevention Cyber insurance Cloud monitoring Organisation Encryption Other State-of-the-art security could stop 80% of currently successful attacks Most product vulnerabilities could be identified automatically Source: Studie Industriespionage 2014; Corporate Trust, 30. Juli 2014 (Grafiken 24, 27, 29)
25 Why is Information Technology not Secure? Software Quality: Constant Number of New Vulnerabilities vulnerabilities in software products Slow adoption of Security & Privacy by Design Source (Disclosures): IBM X-Force 2013 Mid-Year Trend and Risk Report, September
26 Agenda Digital Sovereignty: Objective and Reality Why is IT not Secure? What Needs to be Done? 26
27 Society and Citizens Make»Europe online«a trustworthy and secure place Selecting, configuring and using security features, products and services is difficult: Broaden scope and capabilities of consumer advisors The quality of security and privacy must be made visible: EU-level criteria, test and certifications Confidentiality of communications requires availability of technologies and infrastructures Support cross-eu infrastructure and tools for (end-to-end) encryption for citizens and enterprises Mandate (cloud,...) service provides to always offer an option supporting state-of-the-art security and privacy 27
28 Mechanism of Choice: End-to-End Encryption For , Chat, VOiP,... Cloud:»Volksverschlüsselung«Sender End-to-End Encryption Recipient Public Key Infrastructure Distribution and Certification of public Keys Challenges: Secure standards & implementation, usability, scalability 28
29 Industry and Government Make the EU a leader in cybersecurity preparedness and trustworthy ICT Necessary level of security and privacy must be turned from»competitive disadvantage«into»cost of doing business«mandatory minimum standards Encourage sharing of information within sectors Security and Privacy by Design Encourage adoption of SPbD principle Investment in standards, processes, tools Enterprise encryption, and other best practices Trustworthy ICT requires international cooperation Security testing / verification of any component Secure integration of (even untrusted) components Create a single market for security & privacy products Setting standards Address European market 29
30 Research European research agenda for security and privacy Security and Privacy Must be part of any project using / creating ICT Must be a first class topic of the EU research agenda Accelerate innovation cycles in cybersecurity Regular ICT: 1-5 years Security: >10 years Strong»Centers of Excellence«critical for success Research requires a critical mass of expertise 30
31 Prof. Dr. Michael Waidner Fraunhofer Institute for Secure Information Technology SIT Director Technische Universität Darmstadt Computer Science, Professor CASED & EC SPRIDE, Director Rheinstrasse 75, Darmstadt (Office) (Cell) 32
IT Security in Industrie 4.0
IT Security in Industrie 4.0 Prof. Dr. Michael Waidner TU Darmstadt & Fraunhofer Institute for Secure Information Technology? AUTONOMIK Innovation Days Berlin, June 17-18, 2014 1. What is Industrial IT
More informationBrainloop Cloud Security
Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating
More informationChallenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved
Siemens AG - Corporate Technology - IT Security Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved Not a single
More informationThe Cancer Running Through IT Cybercrime and Information Security
WHITE PAPER The Cancer Running Through IT Prepared by: Richard Brown, Senior Service Management Consultant Steve Ingall, Head of Consultancy 60 Lombard Street London EC3V 9EA T: +44 (0)207 464 8883 E:
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationCyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies
Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some
More informationCyber Security and Critical Information Infrastructure
Cyber Security and Critical Information Infrastructure Dr. Gulshan Rai Director General Indian Computer Emergency Response Team (CERT- In) grai [at] cert-in.org.in The Complexity of Today s Network Changes
More informationSome Perspectives On Cybersecurity. Shernon Osepa Manager Regional Affairs Latin America & Caribbean www.internetsociety.org
Some Perspectives On Cybersecurity Shernon Osepa Manager Regional Affairs Latin America & Caribbean www.internetsociety.org Agenda What is the Internet Society (ISOC) On the IETF Cyber Security Themes
More informationSecuring DNS Infrastructure Using DNSSEC
Securing DNS Infrastructure Using DNSSEC Ram Mohan Executive Vice President, Afilias rmohan@afilias.info February 28, 2009 Agenda Getting Started Finding out what DNS does for you What Can Go Wrong A Survival
More informationBig Data and Cyber Security A bibliometric study Jacky Akoka, Isabelle Comyn-Wattiau, Nabil Laoufi Workshop SCBC - 2015 (ER 2015) 1 Big Data a new generation of technologies and architectures, designed
More informationCloud and Security (Cloud hacked via Cloud) Lukas Grunwald
Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald About DN-Systems Global Consulting and Technology Services Planning Evaluation Auditing Operates own Security Lab Project Management Integral
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationNetwork Security in Building Networks
Network Security in Building Networks Prof. Dr. (TU NN) Norbert Pohlmann Institute for Internet Security - if(is) Westphalian University of Applied Sciences Gelsenkirchen, Germany www.if-is.net Content
More informationAt dincloud, Cloud Security is Job #1
At dincloud, Cloud Security is Job #1 A set of surveys by the international IT services company, the BT Group revealed a major dilemma facing the IT community concerning cloud and cloud deployments. 79
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationGreat ideas, big data and little privacy? Bart Preneel iminds and COSIC KU Leuven
Great ideas, big data and little privacy? Bart Preneel iminds and COSIC KU Leuven 2 3 NSA calls the iphone users public 'zombies' who pay for their own surveillance 4 Snowden revelations NSA: Collect it
More information7 Things All CFOs Should Know About Cyber Security
Insero & Company s Accounting & Finance Education Series Presents 7 Things All CFOs Should Know About Cyber Security September 23, 2014 Michael Montagliano Chief Technologist, IV4. Inc. CERTIFIED PUBLIC
More informationNetwork Infrastructure Under Siege
Network Infrastructure Under Siege Char Sample Security Engineer, CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk represents the opinions and research of the presenter
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More informationTrends in Advanced Threat Protection
Trends in Advanced Threat Protection John Martin Senior Security Architect IBM Security Systems Division 1 2012 IBM Corporation John Martin Senior Security Architect IBM Security Systems Division Security
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationResearch Topics in the National Cyber Security Research Agenda
Research Topics in the National Cyber Security Research Agenda Trust and Security for our Digital Life About this document: This document summarizes the research topics as identified in the National Cyber
More informationCloud Security 2011. Prof. Dr. Michael Waidner Fraunhofer SIT CASED. Fraunhofer SIT. Fraunhofer-Gesellschaft 2011
Fraunhofer-Gesellschaft 2011 Cloud Security 2011 Prof. Dr. Michael Waidner Fraunhofer SIT CASED 1 Fraunhofer SIT Security and Privacy»made in Darmstadt«Center for Advanced Security Research Darmstadt 170
More informationRETHINK SECURITY FOR UNKNOWN ATTACKS
1 Copyright 2012 Juniper Networks, Inc. www.juniper.net RETHINK SECURITY FOR UNKNOWN ATTACKS John McCreary Security Specialist, Juniper Networks AGENDA 1 2 3 Introduction 5 minutes Security Trends 5 minutes
More informationZak Khan Director, Advanced Cyber Defence
Securing your data, intellectual property and intangible assets from cybercrime Zak Khan Director, Advanced Cyber Defence Agenda (16 + optional video) Introduction (2) Context Global Trends Strategic Impacts
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationEU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015
EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015 Aristotelis Tzafalias Trust and Security Unit H.4 DG Connect European Commission Trust and Security: One Mission
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationNSA Surveillance, National Security and Privacy
NSA Surveillance, National Security and Privacy Ir Roy Ko Former HKCERT Manager 20 August 2014 HKIE Veneree Club 1 Agenda Background Edward Snowden National Security Agency (NSA) What NSA has done PRISM
More informationCyber Defense & Breach Response Privacy Issues
Cyber Defense & Breach Response Privacy Issues Kevin Boyle Partner 17 November 2014 Latham & Watkins is the business name of Latham & Watkins (London) LLP, a registered limited liability partnership organised
More informationDOMAIN NAME SECURITY EXTENSIONS
DOMAIN NAME SECURITY EXTENSIONS The aim of this paper is to provide information with regards to the current status of Domain Name System (DNS) and its evolution into Domain Name System Security Extensions
More informationAKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.
CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE. Threat > The number and size of cyberattacks are increasing rapidly Website availability and rapid performance are critical factors in determining the success
More informationTrends in Malware DRAFT OUTLINE. Wednesday, October 10, 12
Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationDNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS
DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS December 2011 November saw DNS Poisoning, aka Pharming, making the headlines on more than one occasion: To name a few, the online threat
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationBuilding The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord
Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationSecurity in Global IP Networks
Security Technology for the Internet Security in Global IP Networks Tatu Ylönen SSH Communications Security Corp What are global IP networks? The Internet The consumer internet Global uncontrolled
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationDetailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
More informationInformation Security in Business: Issues and Solutions
Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information
More informationBefore the DEPARTMENT OF COMMERCE Internet Policy Task Force
Before the DEPARTMENT OF COMMERCE Internet Policy Task Force In the Matter of Cybersecurity, Innovation Docket No. 100721305-0305-01 and the Internet Economy COMMENTS OF VeriSign, Inc Joe Waldron Director,
More informationEmail Data Security. The dominant business communication tool
Email Data Security Jim Brashear General Counsel Zix Corporation Dallas Business Uses Email The dominant business communication tool Time spent on email exceeds time spent on all other communication tools
More informationENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM
WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is
More informationThreats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1
Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:
More informationA43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006
IBM TRAINING A43 Modern Hacking Techniques and IP Security By Shawn Mullen Las Vegas, NV 2005 CSI/FBI US Computer Crime and Computer Security Survey 9 out of 10 experienced computer security incident in
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationMINIMIZING CYBER-SECURITY EXPOSURE BEFORE, DURING & AFTER AN EMERGENCY
MINIMIZING CYBER-SECURITY EXPOSURE BEFORE, DURING & AFTER AN EMERGENCY PREVENT CYBER LOOTING - KEVIN FLYNN DIRECTOR, PRODUCT MARKETING BLUE COAT SYSTEMS (KEVIN.FLYNN@BLUECOAT.COM) - PAM GREELEY INFORMATION
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationVULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM
VULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM 2 REDUCE COSTS. IMPROVE EFFICIENCY. MANAGE RISK. MaxPatrol from Positive Technologies provides visibility and control of security compliance across your entire
More informationNEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT
Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent
More informationNetwork Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access
Roadmap Introduction Network services X.800 RFC 2828 Players Marco Carli Conclusions 2 Once.. now: Centralized information Centralized processing Remote terminal access Distributed information Distributed
More informationVIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division
VIDEO Intypedia013en LESSON 13: DNS SECURITY AUTHOR: Javier Osuna García-Malo de Molina GMV Head of Security and Process Consulting Division Welcome to Intypedia. In this lesson we will study the DNS domain
More informationAPT Advanced Persistent Threat Time to rethink?
APT Advanced Persistent Threat Time to rethink? 23 November 2012 Gergely Tóth Senior Manager, Security & Privacy Agenda APT examples How to get inside? Remote control Once we are inside Conclusion 2 APT
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationSSL and Browsers: The Pillars of Broken Security
SSL and Browsers: The Pillars of Broken Security Ivan Ristic Wolfgang Kandek Qualys, Inc. Session ID: TECH-403 Session Classification: Intermediate SSL, TLS, And PKI SSL (or TLS, if you prefer) is the
More informationPayment Card Industry (PCI) Data Security Standard
Payment Card Industry (PCI) Data Security Standard Security Scanning Procedures Version 1.1 Release: September 2006 Table of Contents Purpose...1 Introduction...1 Scope of PCI Security Scanning...1 Scanning
More informationBarracuda Web Site Firewall Ensures PCI DSS Compliance
Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationCompTIA Security+ (Exam SY0-410)
CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationCompliance and Unified Communication
Compliance and Unified Communication January 2015 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how
More informationBad Romance: Three Reasons Hackers <3 Your Web Apps & How to Break Them Up
Bad Romance: Three Reasons Hackers
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationHOSTING. Managed Security Solutions. Managed Security. ECSC Solutions
Managed Security Managed Security MANAGED SECURITY SOLUTIONS I would highly recommend for your company s network review... were by far the best company IT Manager, Credit Management Agency Presenting IT
More informationZscaler Internet Security Frequently Asked Questions
Zscaler Internet Security Frequently Asked Questions 1 Technical FAQ PRODUCT LICENSING & PRICING How is Zscaler Internet Security Zscaler Internet Security is licensed on number of Cradlepoint devices
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationLooking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015
WHITEPAPER Looking Behind the Attacks - Top 3 Attack Vectors to Understand in 2015 Malcolm Orekoya Network & Security Specialist 30 th January 2015 Table of Contents Introduction... 2 Identity Defines
More informationEl costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada
El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada The Traditional Approach is Changing. Security is no longer controlled and enforced through the
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationRedefining SIEM to Real Time Security Intelligence
Redefining SIEM to Real Time Security Intelligence David Osborne Security Architect September 18, 2012 Its not paranoia if they really are out to get you Malware Malicious Insiders Exploited Vulnerabilities
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationEffective Methods to Detect Current Security Threats
terreactive AG. Swiss Cyber Storm 2015. Effective Methods to Detect Current Security Threats Taking your IT security to the next level, you have to consider a paradigm shift. In the past companies mostly
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationDOMAIN NAME SYSTEM (DNS)
CPNI viewpoint 01/2008 DOMAIN NAME SYSTEM (DNS) may 2008 Abstract This Viewpoint considers some of the security considerations of the Domain Name System and makes some observations regarding how organisations
More informationADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT
ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationBefore the. Committee on Energy and Commerce Subcommittee on Communications and Technology United States House of Representatives
Testimony of Fiona M. Alexander Associate Administrator, Office of International Affairs National Telecommunications and Information Administration United States Department of Commerce Before the Committee
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationEvolution of attacks and Intrusion Detection
Evolution of attacks and Intrusion Detection AFSecurity seminar 11 April 2012 By: Stian Jahr Agenda Introductions What is IDS What is IDS in mnemoic How attacks have changed by time and how has it changed
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationInformation Security Threat Trends
Talk @ Microsoft Security Day Sep 2005 Information Security Threat Trends Mr. S.C. Leung 梁 兆 昌 Senior Consultant 高 級 顧 問 CISSP CISA CBCP M@PISA Email: scleung@hkcert.org 香 港 電 腦 保 安 事 故 協 調 中 心 Introducing
More informationIY2760/CS3760: Part 6. IY2760: Part 6
IY2760/CS3760: Part 6 In this part of the course we give a general introduction to network security. We introduce widely used security-specific concepts and terminology. This discussion is based primarily
More informationSecure Storage in the Cloud
Secure Storage in the Cloud 14. ISSS Berner Tagung für Informationssicherheit "Cloud Computing: Chancen und Risiken" 24. November 2011, Bern Prof. Dr. Michael Waidner Fraunhofer SIT, Direktor Technische
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationDeveloping an Architectural Framework towards achieving Cyber Resiliency. Presented by Deepak Singh
Developing an Architectural Framework towards achieving Cyber Resiliency Presented by Deepak Singh Presentation Content Cyber Threat Landscape Cyber Attack and Threat Profile Cyber Threat Map Cyber Security
More information