Security intro.

Mahmoud El-NaggarSenior Information Security Engineer

Agenda• Files Concept.

• Files Requirements.

• Now! Files = $$$

• Operation Triangle.

• Attacker vs Defender.

• Defense Tech. [Kill Chain].

• Security Layers Standard

Data Files

• Don’t be confused and consider any type of data as a file.

• Originally any file type (.exe, .png, .c, … , etc.) was a text file and got some processing operation.

• ex, this presentation(txt pptx).

Files Requirements• Files needs some HW to store,

process and operate.

• Files needs also some SW to manage, organize, edit, and present.

Now! Files = $$$• Credit cards, Banking files,

Password files, Source codes, Military designs and plans, all and more must be secured.

• Security must be established on firm bases.

Operation Triangle

• Security vs. functionality vs. Ease of use.

• Any system must has a value in the 3 variables.

• Optimize your needs, Think for security.

Attacker vs. Defender

- Attacker acting with OR concept. - Defender must act with AND concept.

- Now, Attacks is targeted and advanced. - Defenders must think as Attackers

“AND” & “OR” Meanings- The Attacker thinking as “OR” function, a “1/True” in the equation is

enough, as information he gathered about the target as the variety of attacking vector he can exploit.

- Variety of attacking vectors seems like Swiss knife in hand of the attacker which he can use any of it’s tools to successful the attack

- The Defender must think as “AND” function, which all variables must be “1/True”, only one “0/False” is enough to successes the attack.

- So, the Defender must raise all shields in front of the Attackers, and keep monitor the Attackers manipulation.

Kill Chain

• Kill Chain, is a known steps/chain that Advanced Threats may pass.

• Understanding this chain for each attack, will help to protect against the attack, and also in remediation.

• Some attacks pass all the chain, some pass only some steps, but the protection approach must have the ability to cut/kill the chain in any step.

• Protection approach also must have a clear strategy for detectpassed/ more advanced attacks ( failed to defend against), and give a detailed information about, which will help to take a fast- correct decision and defeat the advanced attacks with minimum impacts.

• Any critical Subjects, like Information Security, Military and Defense, Aviation, etc., is very wide and difficult to specialize in all it’s divisions.

• Easier, Divide this critical subject into main layers and each layer to main topics, then cover each topic with variety of technologies.

• Then, Well integrate between each part to make a full security solution in defense, detection, defeating, testing and monitoring.