Thursday, February 21, 2013
CISSP CPE - Introduction to Android Malware
length 01:00:00
presenter: Daan Raman - NVISIO
note: McAfee has blog about this:
http://blogs.mcafee.com/mcafee-labs/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan
presenter: Daan Raman - NVISIO
note: McAfee has blog about this:
http://blogs.mcafee.com/mcafee-labs/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan
Tuesday, February 19, 2013
CISSP CPE - Incident-Response, Malware Analysis, Digital Forensics
Length: 01:00:00
Incident-Response, Malware Analysis, Digital Forensics
Presenter: Steve Armstrong
Security Incident in Rasperry Pi.
Paterva / Maltego
Event Viewer -> MS -> Terminal Server
Incindent:
MGT:
- Risk
- Impact
- Progress
- Time left
DFIR:
- Progress
Dradis – for pen-test
Trello/SaaS
Exec: Mission mode / Saas
Cyber CPR: Crisis Planning Plan Room
PHP base
Test/light/asset/API/Mantego Tranform
Workflow.
Cockoo – malware analysis
Snort – pcap analysis
Tintan – IP intelligence analysis
CIF – Community analysis
Incident-Response, Malware Analysis, Digital Forensics
Presenter: Steve Armstrong
Security Incident in Rasperry Pi.
Paterva / Maltego
Event Viewer -> MS -> Terminal Server
Incindent:
MGT:
- Risk
- Impact
- Progress
- Time left
DFIR:
- Progress
Dradis – for pen-test
Trello/SaaS
Exec: Mission mode / Saas
Cyber CPR: Crisis Planning Plan Room
PHP base
Test/light/asset/API/Mantego Tranform
Workflow.
Cockoo – malware analysis
Snort – pcap analysis
Tintan – IP intelligence analysis
CIF – Community analysis
Monday, February 18, 2013
CISSP CPE Cloud Security
length: 01:00:00
1. It is
outsourcing, really
- someone
else has your stuff
- someone
else can cause harm
2.
virtualization security is critical
2008-20120:
vulnerabilities doubled
2011-2013: nasty
vulnerabilities
Amazon: Zen
VM lost some
code last year (3 days ago)
Virtual machine
escape – guess
VMtool
binary planting
3. Pay
attention to human side
OS
/Virt/Net/system Admin
No control
Priviledge uses
Monitoring (CPU monitoring)
CSP process
Termination procedure
Security clearance
4. Not all
Close are created equal
Amazon AWS:
pen-test, IAM, FW (stateless), multi factor authentication
MZ Azure:
little no network security, detailed SDLC program
Host close
security
Rackspace vs
terremark
5. Standard?
Zero standard - no format standard
CSA: Cloud
Security Alliance
ODCA Open
Data Center Alliance
Fed RAMP
ENISA
No “time” compliance
standard
6 Interoperability = Nightmare
Standard does
not always means interoperability
Identity and
Access Management
SAML or Not
VM format?
FW rule
Most CSP
application
SDLS – SaaS /
PaaS
API – notoriously
insecure
7 Do not
Fear the unknown
Scary cloud
What is in
there
Question:
CSA Consensus Assessment Initiatives
CSA Cloud Control Matrix
SSAE IG SOC,
SOC2, SOC3
How to
audit? Mostly don’t allow
CTP Cloud
Trust Protocol
8. Liability
& Risk Transfer
This is
impossible
Contract are
important than ever
SLA do not
begin to cover holes for:
-
Location of data representation
-
Verification & cross provision
-
Choice of law & venue
-
Ability to change term
-
Dispute resolution procedure
-
9 Data understanding
is the key
How long
data is retained?
Data
import/export
Data format
Data
location
Data
persistence
Case for law
enforcement
Encrypted?
10. You cant
have it your way
Most large
cloud provider will not make exception: security
Need to examine
the company/service
Security does
not control your operate
Business
does not control your operate
--
Last note:
if you think you don’t do cloud – you do cloud!!!
Google
standard contract: if we have data bearch max reimbursement 10’000 $
TO DO: read
the contract c a r e f u l l y
Conclusion:
Good news:
new option
Cloud
Passage:
Akamai
zScaler
okta
Questions:
1.
Can I trust the provider?
2.
How can I use the cloud?
3.
What are its unique capabilities?
Step1:
Determine
the needs Why?
Determine
type of provider?
Step2:
Determine
the Security needs?
No DLP?
Step 3:
Investigate
the provider(s)
Don’t fear
the cloud
There are
very good clouds out there
Live vite
Legal
Data interception.