Creative Commons License: You are free to share and remix but you must provide attribution and you must share alike. Information Security A Practical Introduction Michael McDonnell GIAC Certified Intrusion Analyst michael@winterstorm.ca What is (Information) Security About? InfoSec is… about Hackers InfoSec is… about Vandalism InfoSec is… about Backups InfoSec is… about Theft InfoSec is… about Uptime InfoSec is… about Phones InfoSec is… about Information Information Security is an Outcome "Our systems are secure from hackers“ "We have blocked 17,342 viruses to date“ “Our systems are all online“ “Insiders cannot steal our information” “We have backups” “We are Secure” Information Security is a Process “We want to improve security“ “We want to be more Secure” "We need to protect against more threats" "We want to reduce risk" "We want to increase customer confidence" "We want to decrease the number of compromises" InfoSec is… Risk Management Identify What is at Risk? Confidentiality Integrity Availability Defence in Depth lowers Risk Process leads to Outcome Firewalls do not make you secure Anti-virus does not make you secure Policies do not make you secure VPNs do not make you secure Guards do not make you secure Passwords do not make you secure Together they all make you MORE secure Threat: Denial of Service Counter: Firewalls and Switches Threat: Unintentional DoS ? An unpatched server was compromised and used to distributed 20 GB of videos with French language titles. The problem was discovered when the server was blocked for excessive bandwidth usage. French Puppet Videos! The server was distributing 20 GB of French Puppet Videos. The cleanup time was 7 hours. If they had just asked we would have probably found someone to host the videos for them! Counter: Change Management Counter: Monitoring Threat: SQL Injection Attack Counter: Vulnerability Scanning Counter: Developer Training Counter: Web Application Firewall Threat: The Man-in-the-Middle The Weaponized Pineapple 1. Pretends to be YOUR home wifi network. 2. Records what you do on the Internet. Counter: 2 Factor Authentication YUBIKEY SecurID Google 2FA Threat: Insiders Counter: DLP and DPI Deep Packet Inspection (DPI): Firewalls inspect every packet on the network and rebuild the entire message. Data Loss Prevention (DLP): Uses DPI and pattern matching to look for suspicious content being sent FROM your network. Threat: Malvertisements Threat: It never rains… it pours 1. 2. 3. 4. 5. 6. The OS Vendor stopped providing patches The server was hacked A hard disk failed A cooling fan died & it crashes every 2hr The software vendor wanted more money Hardware support had not been paid for Final Threat: The A.P.T. Advanced Persistent Threat InfoSec is… Everyone’s Responsibility Confidentiality Integrity Availability More Threats 1. Spear-phishing 1. Credible emails, highly targeted, but malicious 2. USB Viruses: usb virus scanner, autorun, readonly storage 1. Automated Questions? Email: michael@winterstorm.ca Slides: http://winterstorm.ca/download/