How to prevent another SONY PS3 Attack

No description »
Dragos Lungu 

SONY PS3 Attack Anatomy
How To Prevent a 100 Million CC Theft
Provision Security Days 2011
George Francis Hotz
alias geohot, million75 or simply mil
R. I. P. SONY
January 11, 2011
We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
Expect us.
Sony acknowledged that they were "aware certain functions of the PlayStation Network"
April 20, 2011
April 21, 2011
Sony stated they were "investigating the cause" of downtime and that "it may be a full day or two" while also expressing appreciation for their customer's patience.
April 22, 2011
Sony stated that an "external intrusion" had affected the PlayStation Network and Qriocity services
April 23, 24, 25  2011
We are re-building our system to further strengthen our network infrastructure
We'll keep you updated...
Blah, blah, blah
Valued PlayStation Network/Qriocity Customer:
We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.
April 26, 2011
a.k.a Catastrophic Crisis Communication
Impact
$171.4 million
30+ days downtime
lost cofidence (there's an app for that!)
HOW
DID
THEY
DO IT ?
Perimeter Security is by default. We use ACLs !
Vulnerability Management ? We do nmap / nessus
MD5 is strong "encryption". Isn't it April 1992?
And... WE ARE PCI COMPLIANT !!!
SONY Security Assumptions
Assumption is the mother
of all fuckups
- the sin within
No firewalls
Vulnerable Apache servers
Weak hash / encryption of CC data
NO Database audit / security policy
NO Encryption of PII
NO Security Event Management
Harsh Reality
SIEM
Vulnerability
Management
Database
Encryption
Web Application
Security
Best Vulnerability Management Tool
February 15, 2011
May 2011
Imperva Wins 'Product or Service of the Year' at AUSCERT 2011 May 18, 2011
encrypt data at the column-level within databases
encrypt data at the application layer
encrypt data during batch-driven data transformation and transactions.
The Better Way
SONY, 1st May 2011
• Added automated software monitoring and configuration management to help defend against new attacks
• Enhanced levels of data protection and encryption
• Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
• Implementation of additional firewalls
Thank You !

Loading comments...

Please log in to add your comment.

Report abuse

More presentations by Dragos Lungu

More prezis by author

Popular presentations

More popular prezis in Explore>