it's okay to touch yourself - derbycon 2013
DESCRIPTION
It takes a company an average of 35 days to detect when they have been compromised. For some, it can take years. As fast as software changes and new vulnerabilities are discovered, waiting for an annual penetration test is just not enough. In this talk, I will show you how we perform self-audits on our own network on a continual basis. You will learn about the tools that we use so that you can audit your own network to determine if your technical and physical controls will detect a security incident. I will show you how our self-audits and 'fire drills' engage our IT team, allowing us to learn both how to detect when an incident is occurring and how to react. I will also share some mistakes I've made and give you tips on performing a self-assessment without disrupting your business. You will see how this has strengthened our awareness education and our overall security posture. If you've never performed a self-audit this talk will be a great introduction. It's okay to touch your...network.TRANSCRIPT
It's Okay To Touch Yourself!
DerbyCon 2013
Ben Ten(@Ben0xA)
About Me
●12+ years experience in Health CareInformation Systems
●Vice President & Security Officer●Developer (Builder)●Security Consultant, Trainer
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
About Me
●Federal Regulation Compliance Oversight (HIPAA, HITECH, PCI, Meaningful Use, Red Flag)
●Manager●Gamer●Love Science Fiction
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Overview
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
This talk is SFW!
Overview
●State of Breach Detection●What is a Self Assessment●Performing Fire Drills●Pitfalls to Avoid●Tools●Acknowledgments●Q&A
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#10
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#9
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#8
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#7
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#6
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#5
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#4
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#3
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#2
DerbyConTest
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
#1
Why This Talk? Why Me?
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
A @dave_rel1k story...
Why This Talk? Why Me?
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
64% of businesses did not detect they had a breach
until after 90 days!
Source: 2013 Global Security Report ~ Trustwavehttps://www2.trustwave.com/2013GSR.html
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Approximately 70% of breaches were discovered
by external parties who then notified the victim.
Source: 2013 Data Breach Investigations Report ~ Verizonhttp://www.verizonenterprise.com/DBIR/2013/
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Source: 2013 Data Breach Investigations Report ~ Verizonhttp://www.verizonenterprise.com/DBIR/2013/
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
But we have these tools!!!11!!!two
●SIEM●DLP●IDS/IPS●Logs
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
So, what's the problem?
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
●Poorly implemented tools
●Lack of implemented tools
●Or maybe it's a perception issue...
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Security by Obscurity
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Security by Vicinity
State of Breach Detection
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Security by Divinity
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
It's time to get intimate with your...network!
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
At the very least, the critical parts of your network!
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
PTES – An Intro
● Pre-engagement Interactions● Intelligence Gathering● Threat Modeling● Vulnerability Analysis● Exploitation● Post Exploitation● Reporting
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
● Pre-engagement Interactions● Intelligence Gathering● Threat Modeling● Vulnerability Analysis● Exploitation● Post Exploitation● Reporting
PTES – An Intro
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
http://www.pentest-standard.org/index.php/Vulnerability_Analysis
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
http://www.pentest-standard.org/index.php/Vulnerability_Analysis
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
http://www.pentest-standard.org/index.php/Vulnerability_Analysis
DISCLAIMER
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
●I am not a professional penetration tester. But, I am staying at the Hyatt.
●Do not attempt anything on any network unless you have written permission!
●Do not do this on production first. Use a test environment!
DISCLAIMER
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
DISCLAIMER
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Getting Intimate
Know your Ports!
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Getting Intimate
Know your Logs!
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Getting Intimate
Know your Software!
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
https://www2.trustwave.com/cpn-hackers-playbook-2013-sm.html
Self Assessment
Self Assessment
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Tools● NeXpose (Rapid7)
● Nessus (Tenable)
● BurpSuite
● Health Monitor
● nmap/zenmap
● ninite
Fire Drills
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Why?
Fire Drills
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
● Are your tools working?
● Does your team react appropriately?
● What is happening during that nmap,nexpose, nessus, scan?
● What's the Incident Response plan and is itworking?
Pitfalls to Avoid
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
● Verify Scope!
● Start Small / Focused
● Be wary of untested tools!
● Secure your results
● Don't DoS yourself
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
“[T]he ultimate goal should be to develop an environment in which
security events are discovered innately—by both responsible
security professionals or others in the organization.”
Source: 2013 Global Security Report ~ Trustwavehttps://www2.trustwave.com/2013GSR.html
New Tool
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
My Big Security Idea!
New Tool
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
New Tool
Will Steele @pen_test
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
New Tool
Conclusion
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
In Conclusion
Acknowledgments
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
●@securitymoey●@jwgoerlich●@jaysonstreet●@elizmmartin●@rogueclown●@dualcoremusic●@derbycon
Conclusion
PoshSec Developers
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
●@mwjohnson●@jwgoerlich●@securitymoey●@mortprime●@rjcassara●@PoshSec
Conclusion
PoshSec Framework - Beta
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
http://github.com/poshsec/poshsecframework
Conclusion
View the ReadMe!
Contact Information
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
●@Ben0xA●Ben0xA on Freenode (IRC)●[email protected]●http://ben0xa.com●http://github.com/Ben0xA●http://github.com/PoshSec
Questions?
Conclusion
Thank You!
It's Okay To Touch YourselfBen0xA - DerbyCon 2013
Conclusion