a hackers perspective - dataprotection.org.gh challenges... · a hackers perspective. phd finalist,...
TRANSCRIPT
PhD Finalist, IT Convergence & Application Engineering
Pukyong National University Busan, South Korea
An Information Security Engineer Network/WebApp
Penetration Testing
&
Information Security Awareness/Training
at Information Security Architects
who am i?BRIGHT GAMELI MAWUDOR
PROBLEMS WITH TECHNOLOGY EVOLUTION
• The Internet was built without security in mind
• Thus leaves almost everything vulnerable
• Millions of data are on the move through all networks
• There is a high chance of it landing in the wrong hands
VulnerabilityThreat Risk+ =
PROBLEMS WITH TECHNOLOGY EVOLUTION
This calls for us to guard
information/ data with the
highest form of security
4 Cyber Criminals
3 Current state of Cyber Warfare (State Sponsored)
2 It landing into the wrong hands gives leverage
Information is power1
THE MISTAKES WE MAKE ABOUT
DATA PROTECTION
Social Engineering
(About the people) VSBad Infrastructure
implementation practices
(The Devices)
OTHER METHODS USED FOR
SOCIAL ENGINEERING
SPEAR PHISHING
ATTACKS
• Web site cloning
• Carefully crafted
message delivered
through email, chat,
social media
• network
PDF/ MICROSOFT
WORD DOCUMENTS
• Buffer/Heap Overflow
exploitation of PDF tools
such as Adobe and
• Foxit Reader
• Bugs in Microsoft
allowing for code
execution (hiding
macros in files)
COMPRESSION FILES AND
APPLICATION INSTALLERS
• Most antiviruses do not
scan the content of the
RAR file that might
• contain malicious
executable (Windows,
Linux & Macintosh)
• File Joiner/Binder helps
to social engineer a user
to disable
• Antivirus with its looks
and packaging
•Segregation of network can help minimize attacks
•Network architecture has to be carefully analyzed with security in mind before
deployment
MITIGATION PROCESS
DMZ Setup
Audit & Inventory
•One need to know the devices that are in the network to avoid rogue additions
•This ranges from user accounts to ports/services and even physical devices
(assets such as hard drives and routers)
MITIGATION PROCESS
• Installation of SIEM (Security Information and Event Management) can help keep an eye on
anomalies
• Frequent update of firewall signatures to avoid missing intrusions
Close Monitoring
• Due to new methods of packing malware and evasion techniques such as multiple encoding, it
gets harder to detect (Web and standalone executable) as antivirus companies rely on signatures
• Firewalls are only first line defense
• Anti-viruses however need to be kept up to date, firewall rules revised, use of other methods such
SE Linux or AppArmor, server patches
Anti-virus and Firewalls are almost dead
MITIGATION PROCESS
Awareness Training
• The staff has be frequently trained about the evolving methods of attacks
• Live demonstrations will be best be used
• Random checks on stuff to remind them
• Apps that are either created in the organization or being used need to frequently testing against
latest vulnerabilities
• Red teaming is outsourcing penetration testers to perform blackbox, whitebox or graybox testing
Testing Internally through apps & red teaming
• Hacking cannot be
stopped but minimized
• Define what is a Critical
Infrastructure
• Prioritize your assets
• Awareness between
organizations (e.g banks)
and countries
• Top Management need to
know business is hyper
extensive
-There are no
boundaries
-No perimeters to
their operation
-They have
partners,
contractors,
customers and
they all have access
to the network
-Leave a degree of
openness that never
existed a few
years ago
• All the above are risks
and needed to be
understood by the
business.
• Plan a good Information
Security program and
EXECUTE it
• Obligation to disclose
information e.g About a
method of being hacked
SUMMARY