leo cyber security · 2017-11-17 · 1 tour of the darknet leo cyber security heath c renfrow,...
TRANSCRIPT
www.leocybersecurity.com1
TOUR OF THE DARKNET
LEO CYBER SECURITY
Heath C Renfrow, CISO, LEO Cyber Security
+1.210.551.1340
www.leocybersecurity.com
@LEOCyberSec
www.leocybersecurity.com2
Agenda
Darknet basics
What does it cost to get your stuff?
Dangers of Public WiFi
What’s your stuff worth?
www.leocybersecurity.com3
The Digital World
www.leocybersecurity.com4
Our Disclaimer Slide
www.leocybersecurity.com5
•Valuation of company assets•Monitoring of threat vectors•Identifying new targets•Understanding trends•Identifying breaches
Why Do We Care?
www.leocybersecurity.com6
•Conventional browsing runs through a number of commercial entities that can monitor activity.•Marketing•Law enforcement•Throttling
How is the Darknet Different?
www.leocybersecurity.com7
• Connecting to the Tor network
• How is data hid from the ISP?
How Does the Darknet Work?
www.leocybersecurity.com8
•A “candy” store of various goods
•The E-Bay of Darknet•Reviews•Ranking•Customer support•Gurantees
What is a Marketplace?
www.leocybersecurity.com9
•Credit cards•Online•Encoded on plastic
•Credentials•Social Security Numbers•Protected Health Information•Credit information•Social engineering information•Social media account
•Trojans•Key logger•Malicious spam•DDOS•Malware installation•WiFi cracker
ValuationValue of your stuff? Price to get your stuff?
www.leocybersecurity.com10
What’s it Worth?
www.leocybersecurity.com11
Credit Cards
www.leocybersecurity.com12
Email/Social Media
www.leocybersecurity.com13
ID or Company Badge
www.leocybersecurity.com14
Social Security Numbers
www.leocybersecurity.com15
Medical Records
www.leocybersecurity.com16
Tax Records
www.leocybersecurity.com17
Full/Partial Databases
www.leocybersecurity.com18
Cost to Attack
www.leocybersecurity.com19
ATM Malware
www.leocybersecurity.com20
Ransomware
www.leocybersecurity.com21
Dangers of Public WiFi
www.leocybersecurity.com22
First, the Scary
•Unsecured - No cracking•WEP - < 5 minutes•WPA - < 15 minutes•WPS - < 24 hours Reaver•WPA2 - Depends on length •KRACK - newest discovered vulnerability in WPA2•wpacracker.com•WiFi Pineapple•Rouge AP or EvilTwin Attack•Traffic Eavesdropping•Interception Manipulation
• Captive Portal Phishing for Company Computer Hostnames or Credentials
• Data Leakage over Insecure Protocols
• Leaking Shared Files and Folders on a Public Network
• Client Side attacks can lead to corporate network compromises
• Bluetooth and Ethernet Pivots• Bridging Air Gaps
www.leocybersecurity.com23
•[FIPS 140-2]•DoD Directive 8500.0•NIST Standards•Wireless Supplicants•EAP-TLS•VPN for WiFi•No Perfect Forward Secrecy•WIDS/WIPS•Wireless Traffic Monitoring
Second, the RealismRisk Mitigations Strategies
• Asset inventory
• Change default ID and password
• Two Factor Authentication (2FA) when possible, if not a strong password
•15 characters minimum;•At least two number, two letter, and two capital letter; and•If allowed, at least two punctuation character.
• Practice a regular timely patch schedule and/or enable automatic updates
• Disable unnecessary remote administration and features (MANAGE).
• Do not allow unfiltered access to the device from the Internet.
• Do not enable universal plug and play on IoT devices.
• Use secure protocols where possible, like HTTPS and SSH for device communications.
• Include IoT devices in regular vulnerability management programs
www.leocybersecurity.com24
Thank You
Questions?
www.leocybersecurity.com LEO Cyber Security
2000 McKinney Avenue, Suite 2125,
Dallas, TX 75201
+1.469.844.3608
www.leocybersecurity.com
Heath Renfow, CISO
LEO Cyber Security
+1 210 551 1340