Thursday, February 21, 2013

CISSP CPE - Patching your employee's brain

length: 01:00:00

Presenter: Pieter Danhieux

Labels: ,

CISSP CPE - Introduction to Android Malware

length 01:00:00

presenter: Daan Raman - NVISIO

note: McAfee has blog about this:

Labels: ,

Tuesday, February 19, 2013

CISSP CPE - Incident-Response, Malware Analysis, Digital Forensics

Length: 01:00:00

Incident-Response, Malware Analysis, Digital Forensics

Presenter: Steve Armstrong

Security Incident in Rasperry Pi.

Paterva / Maltego

Event Viewer -> MS -> Terminal Server


-    Risk
-    Impact
-    Progress
-    Time left

-    Progress

Dradis – for pen-test

Exec: Mission mode / Saas

Cyber CPR: Crisis Planning Plan Room

PHP base

Test/light/asset/API/Mantego Tranform

Cockoo – malware analysis
Snort – pcap analysis
Tintan – IP intelligence analysis
CIF – Community analysis

Labels: ,

Monday, February 18, 2013

CISSP CPE Cloud Security

length: 01:00:00

Presenter: Dave Shackleford

1. It is outsourcing, really
- someone else has your stuff
- someone else can cause harm

2. virtualization security is critical
2008-20120: vulnerabilities doubled
2011-2013: nasty vulnerabilities

Amazon: Zen
VM lost some code last year (3 days ago)

Virtual machine escape – guess
VMtool binary planting

3. Pay attention to human side
OS /Virt/Net/system Admin
No control
Priviledge uses Monitoring (CPU monitoring)
CSP process
Termination procedure
Security clearance

4. Not all Close are created equal

Amazon AWS: pen-test, IAM, FW (stateless), multi factor authentication
MZ Azure: little no network security, detailed SDLC program

Host close security 
Rackspace vs terremark

5. Standard?

Zero standard  - no format standard
CSA: Cloud Security Alliance
ODCA Open Data Center Alliance
No “time” compliance standard

6 Interoperability  = Nightmare
Standard does not always means interoperability
Identity and Access Management
SAML or Not
VM format?
FW rule
Most CSP application
SDLS – SaaS / PaaS
API – notoriously insecure

7 Do not Fear the unknown

Scary cloud
What is in there
Question: CSA Consensus Assessment Initiatives
 CSA Cloud Control Matrix

How to audit? Mostly don’t allow
CTP Cloud Trust Protocol

8. Liability & Risk Transfer

This is impossible
Contract are important than ever
SLA do not begin to cover holes for:
-          Location of data representation
-          Verification & cross provision
-          Choice of law & venue
-          Ability to change term
-          Dispute resolution procedure
9 Data understanding is the key

How long data is retained?  
Data import/export
Data format
Data location
Data persistence
Case for law enforcement

10. You cant have it your way

Most large cloud provider will not make exception: security

Need to examine the company/service

Security does not control your operate
Business does not control your operate

Last note: if you think you don’t do cloud – you do cloud!!!

Google standard contract: if we have data bearch max reimbursement 10’000 $

TO DO: read the contract c a r e f u l l y


Good news: new option

Cloud Passage:

1.       Can I trust the provider?
2.       How can I use the cloud?
3.       What are its unique capabilities?

Determine the needs Why?
Determine type of provider?

Determine the Security needs?

Step 3:
Investigate the provider(s)

Don’t fear the cloud
There are very good clouds out there
Live vite
Data interception.

Labels: ,