Better Safe Than Sorry

Similar documents

Take Your Mac OS X Security to NSA Standards June 19, 2014 by Larry Chafin

Guidance End User Devices Security Guidance: Apple OS X 10.9

End User Devices Security Guidance: Apple OS X 10.10

Administering FileVault 2 on OS X Lion with the Casper Suite. Technical Paper July 2012

Securely Yours LLC We secure your information world. www. SecurelyYoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

OS X 10.6 SNOW LEOPARD: KEYCHAIN ACCESS MANAGING & UNDERSTANDING KEYCHAIN

Using Mac OS X 10.7 Filevault with Centrify DirectControl

CRYPTUS DIPLOMA IN IT SECURITY

How to Password Protect Files & Folders in Mac OS X with Disk Images

Mac Integration Basics Adding a Mac to a Network That Uses Windows or Other Standards

How To Harden Ancient Mac Xp On Mac Moonlight (Mac) On A Macbook V.Xo (Apple) With A Hardening Mode On A Windows Xp On A

Setup and Configuration Setup Assistant Migration Assistant System Preferences Configuration Profiles System Information

Why you need. McAfee. Multi Acess PARTNER SERVICES

The safer, easier way to help you pass any IT exams. Exam : 9L OS X Server Essentials 10.8 Exam. Title : Version : Demo 1 / 6

Security for Mac Computers in the Enterprise

A Decision Maker s Guide to Securing an IT Infrastructure

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Certified Secure Computer User

Frequently Asked Questions

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

Chapter 37. Secure Networks

Modern Trends in Apple Management. How I learned to stop worrying and love the App Store.

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Configuring Your Network s Security

Mac OS X Security Checklist:

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

Administering FileVault 2 on OS X Mavericks with the Casper Suite v9.2 or Later. Technical Paper October 2013

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

Quick Start Guide to Logging in to Online Banking

Mac OS VPN Set Up Guide

10 steps to better secure your Mac laptop from physical data theft

Cyber Security: Beginners Guide to Firewalls

CHARTER BUSINESS custom hosting faqs 2010 INTERNET. Q. How do I access my ? Q. How do I change or reset a password for an account?

Simple defence for your business

End User Devices Security Guidance: Apple ios 8

Mobile Device Security and Encryption Standard and Guidelines

Certified Secure Computer User

Using TS-ACCESS for Remote Desktop Access

Use of EASE Code of Practice. This code of practice is also qualified by The University of Edinburgh computing regulations, found at:

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Global VPN Client Getting Started Guide

How to configure Mac OS X Server

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

Administrator's Guide

Section 12 MUST BE COMPLETED BY: 4/22

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

USER MANUAL DataLocker Enterprise

Catapult PCI Compliance

STRONGER ONLINE SECURITY

Application Intrusion Detection

Office 365 Windows Intune Administration Guide

Configuring the WT-4 for ftp (Ad-hoc Mode)

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

OS X Support Essentials Exam Preparation Guide

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

FAQ - Frequently Asked Questions Sections of Questions

NETWORK AND INTERNET SECURITY POLICY STATEMENT

USER GUIDE: MaaS360 Services

Chapter 8: Security Measures Test your knowledge

INFORMATION SECURITY FOR YOUR AGENCY

Full version is >>> HERE <<<

How To Use 1Bay 1Bay From Awn.Net On A Pc Or Mac Or Ipad (For Pc Or Ipa) With A Network Box (For Mac) With An Ipad Or Ipod (For Ipad) With The

Installing Ubuntu LTS with full disk encryption

Using Time Machine to Backup Multiple Mac Clients to SNC NAS and 1000

United States Trustee Program s Wireless LAN Security Checklist

VPN Configuration Guide. Dell SonicWALL

Analyzing the Security Schemes of Various Cloud Storage Services

Symantec AntiVirus Corporate Edition Patch Update

McAfee.com Personal Firewall

Sophos SafeGuard Native Device Encryption for Mac Administrator help. Product version: 7

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Office of Information Technology Desktop Security and Best Practices

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback -

PCI PA - DSS. Point ipos Implementation Guide. Version VeriFone Vx820 using the Point ipos Payment Core

ADM:49 DPS POLICY MANUAL Page 1 of 5

When enterprise mobility strategies are discussed, security is usually one of the first topics

Security Considerations White Paper for Cisco Smart Storage 1

Charter Business Desktop Security Administrator's Guide

Phone: Fax: Box: 230

Multi-Factor Authentication (FMA) A new security feature for Home Banking. Frequently Asked Questions 8/17/2006

Did you know your security solution can help with PCI compliance too?

FileVault 2 Decoded. Rich Trouton Howard Hughes Medical Institute, Janelia Farm Research Campus

K7 Business Lite User Manual

Absolute Manage MDM. John Wu Systems Engineer

Addressing document imaging security issues

2015 NTX-ISSA Cyber Security Conference (Spring) Kid Proofing the Internet of Things

Activity 1: Scanning with Windows Defender

Passware Kit User Guide

ios How to Back Up from icloud

Multi-Factor Authentication

Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices

Configuring Your Network s Security

Secure USB Flash Drive. Biometric & Professional Drives

Getting the most from Apple Mail

Transcription:

Better Safe Than Sorry Security and OS X patrik@jerneheim.se

SECURITY An Unexpectedly long Journey

Agenda Threats Protection Configurations Best Practices?

Let s talk security

Distrust and causion are the parents of security Benjamin Franklin

Then No viruses No malware Secure by design and of course very cool

Once the market share starts growing, then There are definitively viruses for Mac out there Well, don t be stupid Windows users are more aware of security, i.e. more secure I have friends who knows how it s done You absolutely need anti-virus protection on Mac

Now Gatekeeper Application Sandboxing Malware Detection Full Disk Encryption

Apple Security Device Security Platform Security Data Security Network Security

Apple Security Philosophy Ease of use Guide the users Secure defaults Freedom to choose

In the Hacker Toolbox the quieter you become, the more you are able to hear

A hacker to me is someone creative who does wonderful things Sir Tim Berners-Lee

Who s the Hacker? Hacking for fun Hacking for profit Governments

Tools of the trade nmap Wireshark Cain & Able John the Ripper Metasploit metasploit

Demo Playing with fire

Device Security Securing the box

Amateurs hack systems, professionals hack people Bruce Schneier

Device Security EFI firmware password icloud locking Configuration profiles Policy management

Firmware Password UI tool on the Recovery HD

Firmware Password UI tool on the Recovery HD Prevents modifier keys setregproptool -m full What if you forget it?!

icloud Locking icloud / Find My iphone Can only use 4 digit code Survives reboot / reset pram

icloud Locking icloud / Find My iphone Can only use 4 digit code Survives reboot / reset pram but is it secure?

Demo Setting a Firmware Password

Platform Security Securing the processes

People who are serious bout software should make their own hardware Alan Kay

Platform Security Application Sandboxing Code Signing Gatekeeper XProtect & Quarantine

Mandatory Access Control Application Sandboxing Entitlements sandbox-exec -n

openbsm Audit Logging above and beyond system events and user events praudit for reading audit trails

Demo Roll your own IDS

Data Security Securing the information

There is no castle so strong that it cannot be overthrown by money Cicero

Data Security Full Disk Encryption Keychain Access / icloud Keychain Encrypted Containers Secure Erase

FileVault 2 Rich Trouton has the full story derflounder.com

FileVault 2 Rich Trouton has the full story derflounder.com What about performance?! before

FileVault 2 Rich Trouton has the full story derflounder.com What about performance?! after

Encrypted Container Disk Utility or hdiutil 128 or 256-bit encryption Password in a keychain Password in an external keychain

Demo A poor mans 2-factor authentication

Network Security Securing the traffic

Users will take dancing pigs over security everytime Bruce Schneier

Network Security Encrypted traffic Encrypted authentication Firewalls

Firewalls Application Layer Simple UI setup Packet based IPv4 & IPv6 CLI or IceFloor 2

Demo Computer Lockdown, extraordinaire

Encryption Primer Talk is cheap, if unencrypted

Meet our friends Eve Alice Bob

Yes, it s apple123 Do you have the password? Clear text is not a secure way of transmitting secrets on a network

Yes, it s apple123 pwnd! Thank you! Clear text is not a secure way of transmitting secrets on a network

Yes, it s ******** Do you have the password? We really need to encrypt any secret information before it is sent

Yes, it s ********?? We really need to encrypt any secret information before it is sent

Yes, it s ********?? but, how do we share encryption keys without everyone on the network getting them?

Let s do DHX Do you have the password? Diffie Hellman Exchange

Here s (x1) Diffie Hellman Exchange Secret * p1 = x1!!

Here s (x1) OK, here s (x2) Diffie Hellman Exchange! Secret * p1 = x1 x1 * p2 =! x2!!

OK, here s x3 OK, here s (x2) Diffie Hellman Exchange! Secret * p1 = x1 x1! * p2 =! x2! x2 / p1 =! x3

OK, here s x3 $#*! Thanx! Diffie Hellman Exchange! Secret * p1 = x1 x1! * p2 =! x2 x2! / p1 =! x3 x3 / p2 = Secret

Crack the Code What is the password on the encrypted USB-stick?

Diffie Hellman Exchange lite Alice first send x1 = 22 729 to Bob Bob send x2 = 250 019 back to Alice Alice then send x3 = 14 707 back to Bob x1 = secret * p1 x2 = x1 * p2 x3 = x2 / p1 x3 / p2 = secret

It can only be attributable to human error HAL 9000

Practice what you learn

Can you hack it? Setup with security in focus

Can you read the content in the PDF in the Shared folder?

Security Setup Firmware Password - setregproptool -m full FileVault2 Encrypted Secure Container - 256-bit encrypted Password stored in external keychain Encrypted PDF All passwords 22 characters

Dave, this conversation can serve no purpose anymore

Goodbye