Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Operations Security: Physical and Technical Controls(arbab)

No description
by

Faham Usman

on 5 June 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Operations Security: Physical and Technical Controls(arbab)

Information Security
Operations Security:

Awareness Campaign
Agenda
Salim is your Cyber Security Advisor.
About aeCERT
One of the initiatives of the UAE Telecommunications Regulatory Authority.
aeCERT is the United Arab Emirates Computer Emergency Response Team.
About aeCERT
Disk Encryption
Biometric Devices
Firewall
Security Controls
Physical Controls
Technical Controls
aeCERT
Salim (aeCERT)
@salim_aecert
For more information
www.aecert.ae
info@aecert.ae
Questions
Calls user impersonating as bank manager
Aims at promoting, building and ensuring a safer & secure cyber environment and culture in the UAE.
Physical and Technical Controls
Physical and Technical Controls
Data Center
Applications
Networks
Definition of Control
To exercise restraint or direction over; dominate; command.
To hold in check
To test or verify by a parallel experiment or other standard of comparison.
To eliminate or prevent the flourishing or spread of : to control a malware outbreak.
Obsolete. To check or regulate, originally by means of a duplicate register.
Types of Security Controls
Physical
Technical
Technical Controls: Purpose?
Physical Controls: Purpose?
Types of Physical Controls
Lock
Keypad
Biometric
devices
Locking computer for employees
Buy computers with no USB drive or no CD
Chain computers
to desks
Lock SAN
cabinet
Lock server
cabinet
Physical Attacks
Infecting systems with USB
Shoulder surfing
Cameras
Microphones or hardware keyloggers that capture keystrokes
Accelerometer that captures keystrokes
Stealing hard disks
How to Ensure Physical Security
Every employ or visitor should have an Identification card
Sensitive areas should be monitored and have restricted access
A physical security policy
should be enforced in the
organization
Employees should only be able to use there access cards during official
work time
Laptop Theft
Hard disk encryption
Hack laptop logon
Boot laptop in admin mode
Physical Control : Disk Encryption
IOS File Vault
Windows 8.1 Bit Locker File Encryption
Hackers: DRAM romance,
Princeton Researches
Hackers: Cold Attacks
Portable Device Theft
Thief steals
laptop
Goes to preyproject.org
control panel
Turns on GPS
Turn on camera
Track Thief
iOS uses serial number for passcode
Enter passcode
Encrypted disk data
Hash values
Private key
Apple encrypts memory
Encrypted key
In memory (DRAM)
Is unencrypted
Public key
decrypt
encrypt
Hacking Disk Encryption: DRAM and DMA Attacks
DMA attack
Protected memory
space
Stole decrypted
private key
Physical Control : Security Guards
In USA this is the job for people who can find no other job.
In regions like UAE and KSA, standards are a bit higher with tighter scrutiny and background checks.
Does one of them speak
Local language?
Who is vetting security
guards?
Physical Control : Biometric Devices
Ok to pass
Go home,
too ugly
Physical Control : Fire Suppression Systems
Mitigating Physical Attacks
Dispose off confidential Information by shredding it
Question people that don’t have an Identification card, ask for their identification card
Keep confidential documents off your desk
Be careful from “drafting” or “tailgating “, this is when someone follows you through a locked door.
Lock your computer when you are away from your desk
Mitigating Physical Attacks
Don’t leave sensitive documents on the printer/scanner/copier
Don’t leave your laptop in unlocked place or a public place
Scan any external device (USB, hard disk, etc.) before accessing its content.
Shield your keypad to prevent shoulder surfing
Use virtual keyboard to prevent keylogging
Mitigating Physical Attacks:Destroying Old Disks
01
02
03
When you erase a disk it erases nothing. Degauss or destroy disk.
Erasing data only removes index to data from FAT (file allocation table) VTOC (volume table of contents). So it erases the metadata and not the data.

“Flash-based solid-state drives nearly impossible to erase”—Computer World
Types of Technical Controls
Authentication
Network routing, design, firewalls,
intrusion detection, subnets
Malware detection
Packet inspection
Technical Control : Authentication
Types of Authentication
Application, web page, front door, elevator
SQL database
SSL certificate
LDAP database
SSL certificate
Decrypt credentials
Technical Control : Malware Detection
File Detection
By AMS
Matches Hash
from DB
Anti Malware System
Database of Virus
Signatures
Virus Detected
Verifies Hash
File is Clean
YES
NO
Virus Detection
...................................................
Attacker with infected USB
Updates antivirus with latest signature
Antivirus signature database
Plugs
USB content
Antivirus verifies contents of USB and prevents malicious files from spreading in the system and network
Technical Control : Email Security Solution
Spam
Legitimate email
Email with malware
Email security solution filters out spam and malicious emails
Filtered emails
Users
Technical Control : Firewall
Internet
Firewall
Public Facing
(DMZ)
Firewall
Middleware
Firewall
Back-end
System
Technical Control : Intrusion Detection System
Traffic
IDS
Server
Internet
Detects suspicious activities and alerts administrator
Administrator
Technical Control : Intrusion Prevention System
Internet
Malicious Traffic
IPS
Blocked
Legitimate Traffic
Vulnerability Profiling
Certifying Authority
Technical Controls
01
Which Windows service is started when a USB device is plugged in?
wudfsvc.dll
02
Which Windows service is started when a user connects to Wi-Fi?
bthserv
03
Bluetooth?
Services.msc
US Military Hacked
Agent.BTZ Malware
Malicious code was embedded in the USB
Free
Wow! Free disk.
US Central Command
Stolen data
Summary
It is surprising that physical attacks can be made by hackers.
Protecting assets is a technical and physical issue both. Attacks can be made physically too meaning people use using their hands and eyes or cameras or microphones.
Prevent malware spread or infection

Prevent attacker from executing malicious commands

Prevent data exfiltration

Protect data and business from loss

Authenticate users

Keep intruders out
Full transcript