Thursday, February 21, 2013

CISSP CPE - Patching your employee's brain

length: 01:00:00

Presenter: Pieter Danhieux




Labels: ,

CISSP CPE - Introduction to Android Malware

length 01:00:00

presenter: Daan Raman - NVISIO


















note: McAfee has blog about this:
http://blogs.mcafee.com/mcafee-labs/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan
















Labels: ,

Tuesday, February 19, 2013

CISSP CPE - Incident-Response, Malware Analysis, Digital Forensics

Length: 01:00:00

Incident-Response, Malware Analysis, Digital Forensics

Presenter: Steve Armstrong

Security Incident in Rasperry Pi.

Paterva / Maltego

Event Viewer -> MS -> Terminal Server

Incindent:

MGT:
-    Risk
-    Impact
-    Progress
-    Time left

DFIR:
-    Progress

Dradis – for pen-test
Trello/SaaS

Exec: Mission mode / Saas


Cyber CPR: Crisis Planning Plan Room

PHP base

Test/light/asset/API/Mantego Tranform

Workflow.
Cockoo – malware analysis
Snort – pcap analysis
Tintan – IP intelligence analysis
CIF – Community analysis

Labels: ,

Monday, February 18, 2013

CISSP CPE Cloud Security


length: 01:00:00

Presenter: Dave Shackleford

1. It is outsourcing, really
- someone else has your stuff
- someone else can cause harm

2. virtualization security is critical
2008-20120: vulnerabilities doubled
2011-2013: nasty vulnerabilities

Amazon: Zen
VM lost some code last year (3 days ago)

Virtual machine escape – guess
VMtool binary planting


3. Pay attention to human side
OS /Virt/Net/system Admin
No control
Priviledge uses Monitoring (CPU monitoring)
CSP process
Termination procedure
Security clearance

4. Not all Close are created equal

Amazon AWS: pen-test, IAM, FW (stateless), multi factor authentication
MZ Azure: little no network security, detailed SDLC program

Host close security 
Rackspace vs terremark


5. Standard?

Zero standard  - no format standard
CSA: Cloud Security Alliance
ODCA Open Data Center Alliance
Fed RAMP
ENISA
No “time” compliance standard

6 Interoperability  = Nightmare
Standard does not always means interoperability
Identity and Access Management
SAML or Not
VM format?
FW rule
Most CSP application
SDLS – SaaS / PaaS
API – notoriously insecure

7 Do not Fear the unknown

Scary cloud
What is in there
Question: CSA Consensus Assessment Initiatives
 CSA Cloud Control Matrix

SSAE IG SOC, SOC2, SOC3
How to audit? Mostly don’t allow
CTP Cloud Trust Protocol

8. Liability & Risk Transfer

This is impossible
Contract are important than ever
SLA do not begin to cover holes for:
-          Location of data representation
-          Verification & cross provision
-          Choice of law & venue
-          Ability to change term
-          Dispute resolution procedure
-           
9 Data understanding is the key

How long data is retained?  
Data import/export
Data format
Data location
Data persistence
Case for law enforcement
Encrypted?

10. You cant have it your way

Most large cloud provider will not make exception: security

Need to examine the company/service


Security does not control your operate
Business does not control your operate


--
Last note: if you think you don’t do cloud – you do cloud!!!

Google standard contract: if we have data bearch max reimbursement 10’000 $

TO DO: read the contract c a r e f u l l y



Conclusion:

Good news: new option

Cloud Passage:
Akamai
zScaler
okta


Questions:
1.       Can I trust the provider?
2.       How can I use the cloud?
3.       What are its unique capabilities?

Step1:
Determine the needs Why?
Determine type of provider?

Step2:
Determine the Security needs?
No DLP?

Step 3:
Investigate the provider(s)



Don’t fear the cloud
There are very good clouds out there
Live vite
Legal
Data interception.

Labels: ,