60
The Evolution of Network Security: How Networks Are Still Getting Hacked Omar Santos, PSIRT - Security Research and Operations [email protected] 1

Triangle bdpa wo vid

Tags:

Embed Size (px)

Citation preview

1. The Evolution of Network Security:How Networks Are Still Getting HackedOmar Santos, PSIRT - Security Research and [email protected] 2. DO YOU REMEMBER? 2 3. it was so easy back in the day3 4. SIMPLE NETWORKS4 5. BECAME BIGGER 5 6. AND BIGGER 6 7. AND BIGGER 7 8. and then we got virtualized 8 9. 9 10. 10 11. and then we got many clouds 11 12. 12 13. 13 14. 14 15. WHAT ELSE IS CHANGING?15 16. social mediamarketer big datascientists3 rd Degree Black Belt Security NinjaCyber Warrior 16 17. we all know about BYOD17 18. Modern workersparticularly youngMillennialswant thefreedom to browse the webnot only when and how they want to, but also with the devices they choose. 18 19. What ELSE?19 20. EVERYTHING WILL BE CONNECTED 20 21. the ANY to ANY dilemma: People to Machine Machine to Machine People to People From Any Device From Any Location At Any Time Data from Any Data Centerand from Any Cloud23 22. but in this new trend I am not only talkingabout these 24 23. but in this new trend I am not only talkingabout these 25 24. 26 25. Meters pre-configuredObjective Function DAO advertises IPv6with Utility Network (SSID)Rank = Minimum ETXaddress of meter andX.509 Cert, EUI-64 ID(pre-configured)parents 802.15.4 Rx Signal Meters only maintainStrength Indicator used to default route to DODAG qualify ETX rootDHCPv6 Client used for address autoconfigurationRPL in non-storing mode DHCPv6 Relay function Root generates sourcepasses all requests toroutes when needed FAR (DODAG root)DHCPv6 requests passed to DHCP server RPL run-time parametersconfigured at DODAG root using DIO message 26. 28 27. 29 28. 30 29. AND THERE IS SDN31 30. Basic Definitions What Is Software Defined Network (SDN)?What Is OpenFlow? In the SDN architecture, the control and data planes are open standard that enables researchers decoupled, network intelligence and state are logicallyto run experimental protocols in campus networks. Provides centralized, and the underlying network infrastructure isstandard hook for researchers to run experiments, without abstracted from the applications exposing internal working of vendor devices Source: www.opennetworking.orgSource: www.opennetworking.orgWhat is OpenStack?What is Overlay Network? Opensource software for building publicOverlay network is created on existing network infrastructure and private Clouds; includes Compute (Nova), Networking(physical and/or virtual) using a network protocol. Examples of (Quantum) and Storage (Swift) services.overlay network protocol are: MPLS, LISP, OTV and VXLANSource: www.openstack.org 31. In an SDN network, the controller could potentially be seen as a single point of failure risk for the network. If the controller is attacked, the entirenetwork it controls is potentially at risk.33 32. 34 33. 35 34. Cloud Internet of EverythingIdentityPrivacySocial MediaAPTMobility BYOD Advanced Malware Big DataNext Gen Data Centers Social Engineering 36 35. Video CloudData CenterConsolidationService CampusMobility/Provider VirtualizationBYOD& Cloud Branch Business ContinuitySecurityDisaster RecoveryData Center CAPACITYCOMPLEXITY COSTDo I have the rightHow do I simplifyHow can I be operationallyperformance to scale? deployments? efficient? The IT Management Challenge: Is My Network Ready? 36. Video CloudData CenterConsolidationService CampusMobility/Provider VirtualizationBYOD& Cloud Branch Business Continuity SecurityDisaster RecoveryData CenterCAPACITY COMPLEXITY COSTDo I have the rightHow do I simplifyHow can I be operationallyperformance to scale? deployments? efficient?The Security Staff Challenge: Is My Network Secure? 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 37. Source: Ciscos Annual Security Report 39 38. HOW CAN I BECOME MORE EFFICIENTAUTOMATION?40 39. Security Automation EvolutionThe perception of the security automation evolutionRobust support for relevant Security Automationstandards to ensure multi-layer interoperability / standardsinteroperabilityCLOSED SOLUTIONS EVOLVING MATURITYMATURE IMPLEMENTATIONSPAST FUTURE WE ARE ABOUT HERE 40. Vulnerability Machine Readable Content Cisco is committed to protect customers by sharing critical security-related information in different formats. OVAL: Cisco IOS Vulnerability AssessmentCommon Vulnerability Reporting Cisco PSIRT is including Open Vulnerability and Framework (CVRF) Assessment Language (OVAL) definitions in In addition to OVAL definitions, PSIRT is Cisco IOS security advisories. also publishing CVRF content for all Cisco OVAL provides a structured and standardsecurity advisories. machine-readable content that allows CVRF allows vendors to publish security customers to quickly consume securityadvisories in an XML (machine-readable) vulnerability information and identify affectedformat. devices. CVRF has been designed by the Industry OVAL can also be used to verify that the Consortium for Advancement of Security patches or fixes that resolve such on the Internet (ICASI), of which Cisco is a vulnerabilities were successfully installed. member and took a major role in its OVAL content can be downloaded from each development. Cisco IOS security advisories 41. Top Android Malware TypesAndroid malware encounters grew 2,577%over 2012However, mobile malware only makes up asmall percentage of total web malwareencounters.Source: Ciscos Annual Security Report43 42. Monthly Major Content Types 2012Source: Ciscos Annual Security Report 44 43. Exploit Content Types 2012Source: Ciscos Annual Security Report 45 44. http://eromang.zataz.com/uploads/oracle-java-exploits-0days-timeline.html 46 45. New or Old Attacks?47 46. RED OCTOBER (aka ROCRA)Large-scale cyber espionage campaign discovered byresearchers from Kaspersky Lab.Very clever attacks that many are now claiming have beentaking place for more than five years!Compared with other malware that has been associated withcyber espionage such as Duqu, Flame, and Gauss.http://blogs.cisco.com/security/red-october-in-january-the-cyber-espionage-era 48 47. RED OCTOBER (aka ROCRA)Some of the Vulns:CVE-2009-3129 -- Microsoft Office Excel Featheader Record Processing Arbitrary Code ExecutionCVE-2010-3333 - Microsoft Office Rich Text Format Content Processing Buffer OverflowCVE-2012-0158 - Microsoft MSCOMCTL.OCX ActiveX Control Remote Code ExecutionCVE-2011-3544 - Oracle Java Applet Rhino Script Engine arbitrary code execution vulnerabilityNetwork Device Configuration HarvestingMalware contained a large list of hardcoded commonly-used SNMP community strings that wereused to attack infrastructure devices.+ credential information collected from Word and Excel Documents on affected systems49 48. Just one example: OPERATION ABABILHuge DDoS attack (volumetrics) campaign which was aimed at U.S.-basedfinancial institutions.50 49. Weaponization ofModern EvasionTechniques 51 50. ANY GOOD NEWS?WHY DID I COME TO THISTRIANGLE BDPA MEETING 52 51. Well, SPAM traffic went downlast year Does that count? 53 52. Its still a good tool for manycybercriminals to exposeusers to malware andfacilitate a wide range ofscams.54 53. EVEN OUR VULN REPORTDATABASES GET PWNED! 55 54. 56 55. Go Back!We failed when we tried to fix cyber security! Cyber Security57 56. SO HOW CAN WE IMPROVE? 58 57. Sharing Ideas & Brainstorming59 58. THANK YOU! 60


2009 National BDPA Pre-Conference JOURNAL

2009 National BDPA Pre-Conference JOURNAL

Education
2014 National BDPA Awards Program

2014 National BDPA Awards Program

Business
BFTAW BDPA Workshop

BFTAW BDPA Workshop

Documents
Bdpa election

Bdpa election

Documents
BDPA Corporate Opportunities Portfolio (2011)

BDPA Corporate Opportunities Portfolio (2011)

Business
BDPA Chicago Corporate Portfolio (2011)

BDPA Chicago Corporate Portfolio (2011)

Business
Overview - BDPA Washington DC (2012)

Overview - BDPA Washington DC (2012)

Business
2011 BDPA Charlotte Membership Packet

2011 BDPA Charlotte Membership Packet

Business
BDPA Corporate Sales Presentation: Detroit (2013)

BDPA Corporate Sales Presentation: Detroit (2013)

Business
BDPA Technology Conference Flyer (2017)

BDPA Technology Conference Flyer (2017)

Education
BDPA Conference Ad: Life Technologies (2013)

BDPA Conference Ad: Life Technologies (2013)

Career
National BDPA Websites (1997-2014)

National BDPA Websites (1997-2014)

Business
Overview: BDPA Atlanta (2012)

Overview: BDPA Atlanta (2012)

Business
BDPA Imperatives (2016-2017)

BDPA Imperatives (2016-2017)

Government & Nonprofit
2010 BDPA Technology Conference Guide

2010 BDPA Technology Conference Guide

Technology
2012 National BDPA Technology Conference Building a BDPA Training Program around Moodle

2012 National BDPA Technology Conference Building a BDPA Training Program around Moodle

Documents
BDPA Chicago Corporate Portfolio (2010)

BDPA Chicago Corporate Portfolio (2010)

Business
BDPA Charlotte: Education Partnerships

BDPA Charlotte: Education Partnerships

Education
BDPA Richmond Chapter Overview

BDPA Richmond Chapter Overview

Business
BDPA Atlanta Chapter Initiatives (2011)

BDPA Atlanta Chapter Initiatives (2011)

Business
BDPA Los Angeles: Remembering 2010

BDPA Los Angeles: Remembering 2010

Education
BDPA Open Source 2012

BDPA Open Source 2012

Technology
BDPA Indianapolis: HSCC Accelerator

BDPA Indianapolis: HSCC Accelerator

Education
Newsletter: National BDPA (Sep 2002)

Newsletter: National BDPA (Sep 2002)

Business
Eversley Bdpa Jun 2010

Eversley Bdpa Jun 2010

Business
Newsletter: BDPA Washington DC (Jun 2010)

Newsletter: BDPA Washington DC (Jun 2010)

Technology
Newsletter: National BDPA (Dec 2002)

Newsletter: National BDPA (Dec 2002)

Business
Selling BDPA: Multiple Streams of Chapter Revenue Wayne Hicks ‘The BDPA Brotha ’

Selling BDPA: Multiple Streams of Chapter Revenue Wayne Hicks ‘The BDPA Brotha ’

Documents
Newsletter: BDPA Washington DC (May 2010)

Newsletter: BDPA Washington DC (May 2010)

Technology
BDPA history

BDPA history

Education