DATA PROTECTION CHALLENGES FACED BY I.T PROFESSIONALS AND ADMINISTRATORS

A HACKERS PERSPECTIVE

PhD Finalist, IT Convergence & Application Engineering

Pukyong National University Busan, South Korea

An Information Security Engineer Network/WebApp

Penetration Testing

&

Information Security Awareness/Training

at Information Security Architects

who am i?BRIGHT GAMELI MAWUDOR

PROBLEMS WITH TECHNOLOGY EVOLUTION

• The Internet was built without security in mind

• Thus leaves almost everything vulnerable

• Millions of data are on the move through all networks

• There is a high chance of it landing in the wrong hands

VulnerabilityThreat Risk+ =

PROBLEMS WITH TECHNOLOGY EVOLUTION

Cyber Security

All involves data

Information Security

PROBLEMS WITH TECHNOLOGY EVOLUTION

This calls for us to guard

information/ data with the

highest form of security

4 Cyber Criminals

3 Current state of Cyber Warfare (State Sponsored)

2 It landing into the wrong hands gives leverage

Information is power1

CONFIDENTIALITY INTEGRITY AVAILABILITY

AN ORGANISATION’S FOCUS

HIGH REVENUE

Cloud Computing

SERVER

CELLULAR

LAPTOP

PRINTER

PC

TV

ROUTER

EVOLUTION OF COMPUTING AND ACCESS

THE MISTAKES WE MAKE ABOUT

DATA PROTECTION

Social Engineering

(About the people) VSBad Infrastructure

implementation practices

(The Devices)

D E M O

KNOWN METHODS USED

OTHER METHODS USED FOR

SOCIAL ENGINEERING

SPEAR PHISHING

ATTACKS

• Web site cloning

• Carefully crafted

message delivered

through email, chat,

social media

• network

PDF/ MICROSOFT

WORD DOCUMENTS

• Buffer/Heap Overflow

exploitation of PDF tools

such as Adobe and

• Foxit Reader

• Bugs in Microsoft

allowing for code

execution (hiding

macros in files)

COMPRESSION FILES AND

APPLICATION INSTALLERS

• Most antiviruses do not

scan the content of the

RAR file that might

• contain malicious

executable (Windows,

Linux & Macintosh)

• File Joiner/Binder helps

to social engineer a user

to disable

• Antivirus with its looks

and packaging

SPEAR PHISHING ATTACKS SUCCESS

APPLE FACEBOOK

TWITTERWINDOWS

Same Method (Spear Phishing)

SPEAR PHISHING ATTACKS SUCCESS

•Segregation of network can help minimize attacks

•Network architecture has to be carefully analyzed with security in mind before

deployment

MITIGATION PROCESS

DMZ Setup

Audit & Inventory

•One need to know the devices that are in the network to avoid rogue additions

•This ranges from user accounts to ports/services and even physical devices

(assets such as hard drives and routers)

MITIGATION PROCESS

• Installation of SIEM (Security Information and Event Management) can help keep an eye on

anomalies

• Frequent update of firewall signatures to avoid missing intrusions

Close Monitoring

• Due to new methods of packing malware and evasion techniques such as multiple encoding, it

gets harder to detect (Web and standalone executable) as antivirus companies rely on signatures

• Firewalls are only first line defense

• Anti-viruses however need to be kept up to date, firewall rules revised, use of other methods such

SE Linux or AppArmor, server patches

Anti-virus and Firewalls are almost dead

MITIGATION PROCESS

Awareness Training

• The staff has be frequently trained about the evolving methods of attacks

• Live demonstrations will be best be used

• Random checks on stuff to remind them

• Apps that are either created in the organization or being used need to frequently testing against

latest vulnerabilities

• Red teaming is outsourcing penetration testers to perform blackbox, whitebox or graybox testing

Testing Internally through apps & red teaming

• Hacking cannot be

stopped but minimized

• Define what is a Critical

Infrastructure

• Prioritize your assets

• Awareness between

organizations (e.g banks)

and countries

• Top Management need to

know business is hyper

extensive

-There are no

boundaries

-No perimeters to

their operation

-They have

partners,

contractors,

customers and

they all have access

to the network

-Leave a degree of

openness that never

existed a few

years ago

• All the above are risks

and needed to be

understood by the

business.

• Plan a good Information

Security program and

EXECUTE it

• Obligation to disclose

information e.g About a

method of being hacked

SUMMARY

brightzeed@gmail.com

bright.gameli@ISA.com.gh

+82-10-2814-1337

+254-­‐712-­‐421-­‐951

T H A N K Y O U