Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing your company's networks

Benjamin Scott
December 25, 2013
Technology
0
69

Securing your company's networks

I walk through the basics of protecting a large organization from today's threats.

NOTE: This deck has most of its content in the speaker notes.

Benjamin Scott

December 25, 2013
Tweet

More Decks by Benjamin Scott

See All by Benjamin Scott
Practical Cross-Side Request Forgery
benjaminxscott
0
45
Starting your Infosec Career
benjaminxscott
0
360
Intrusions and the Modern Web
benjaminxscott
1
130
Lie To Me: Mitigating Intrusions using Deception
benjaminxscott
0
68
Internet Security for Everyone
benjaminxscott
1
53
Beneath the Radar: covert traffic on the web
benjaminxscott
0
78
Internet Forensics 101
benjaminxscott
0
63
Intro to Binary Analysis
benjaminxscott
0
37
Analyzing Evil PDF Files with peepdf
benjaminxscott
0
120

Other Decks in Technology

See All in Technology
Documentação de Produtos: Artefatos essenciais na prática
rigolon
1
190
いいたいことちゃんという
tkengo
0
250
R3のコードから見る実践LINQ実装最適化・コンカレントプログラミング実例
neuecc
3
3.2k
Python と Snowflake はズッ友だょ!~ Snowflake の Python 関連機能をふりかえる ~
__allllllllez__
2
150
.NET Profiler in 2024.
kkamegawa
2
2.1k
「知的単純作業」を自動化する、地に足の着いた大規模言語モデル (LLM) の活用
nrryuya
0
250
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
5
37k
How to Lead? Testimonial of a Lead Android Engineer
oleur
1
120
Handling focus in 2024
tahia910
0
410
2024春 注目のWeb系 OSS & SaaS 3選
makies
0
190
競技としてのKaggle、役に立つKaggle
yu4u
7
2.4k
コードファーストの考え方。 Amplify Gen2から学ぶAWS次世代のWeb開発体験
yoshiitaka
2
500

Featured

See All Featured
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
22
1.4k
Rebuilding a faster, lazier Slack
samanthasiow
74
8.2k
Gamification - CAS2011
davidbonilla
77
4.6k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
117
18k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
123
39k
Atom: Resistance is Futile
akmur
260
25k
Stop Working from a Prison Cell
hatefulcrawdad
267
19k
How GitHub (no longer) Works
holman
305
140k
Raft: Consensus for Rubyists
vanstee
133
6.3k
Building Applications with DynamoDB
mza
88
5.6k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
20
1.8k

Transcript

  1. Spying in a Digital World Benjamin Scott [email protected]

  2. github.com/bschmoker Propaganda and information control Cheap do-it-yourself SIGINT Valuable data

    is pooled in weak points The Problem

  3. github.com/bschmoker The Truth Convenience beats Security Everything has bugs Users

    always click

  4. github.com/bschmoker The Risk to Gov’t Strategic Intrusions • military advantage

    • diplomatic maneuvering Blunting economic edge • wide-scale industrial espionage • research and engineering copying

  5. github.com/bschmoker Losing economic value • vulnerable clients / social networks

    Theft and abuse of Assets • certificates / hosting / user accounts The Risk to Companies

  6. github.com/bschmoker The Threat Major Players: - Intelligence agencies - Mercenaries

    - Sympathizers Differences: - intent / goals - budget / workforce - stealthiness

  7. github.com/bschmoker For Instance APT28 - Uses Sofacy and Chopstick to

    spy on NATO targets APT29 - Uses Cozicar to spy on US targets Mercenaries - Uses Potao / BlackEnergy / UltraVNC on targets aligned with Russian conflicts

  8. github.com/bschmoker Spam Exploit Botnet Cashout Intrusion The Underground As a

    Service

  9. github.com/bschmoker The Solution Block Delivery Stop the Install Prevent Comms

    Sweep for Infections Respond and Fix

  10. github.com/bschmoker Assume you are compromised Deter the correct bad guys

    Build herd immunity The Mentality