Upload
wremes
View
843
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Presentation used at the (ISC)2 SecureMunich and SecureDusseldorf meetings.
Citation preview
BYO-IR
Build your own ‘incident response’Wim Remes - (ISC)2 - IOActive
--------RISK---------
COMPANY
IFVS.
WHEN
Wim Remes - [email protected]
A B C D E F G
compromise detected
attack occured
window of compromise
THE IR TIMELINE(reality)
PANIC!!!
Wim Remes - [email protected]
A B C D E F G
compromise detected
attack occured
window of compromise response
THE IR TIMELINE(for the pathological optimist)
Wim Remes - [email protected]
A B C D E F G
compromise detected
attack occuredwindow of compromise
response
THE IR TIMELINE(how it should be)
Wim Remes - [email protected]
A B C D E F G
compromise detected
attack occured
window of compromise response
THE IR TIMELINE(for the pathological liar)
WHO’S WHO?
Customers/Clients
Law Enforcement Press/Media
“The Angry Mob”(Y U USE MD5?)
Wim Remes - [email protected]
Wim Remes - [email protected]
IR SHOPPING LIST
a. Awesome people!b. Management Support (no kidding)c. IR Process + RACId. Supporting Technologye. Training & Test Drives
Wim Remes - [email protected]
AWESOME PEOPLE(Without me, you are just aweso)
Wim Remes - [email protected]
AWESOME PEOPLE(you already have them)
Wim Remes - [email protected]
MANAGEMENT SUPPORT
Wim Remes - [email protected]
IR PROCESS
PREPARE DETECT ANALYZE CONTAIN RECOVER
POST MORTEM
Wim Remes - [email protected]
C,I A R
C,I R,A C,I
R C,I A
External Communications
Initiate IR Process
Collect Evidence
IR RACI
TECHNOLOGY
because you don’t go to war in a speedo ...
TECHNOLOGY(it’s pretty basic really ...)
a. Segment your network !! b. Use PGP (and train your people to use it)c. Log everything you could possibly needd. Full network captures are helpful!e. How far can you take FOSS?f. Complement with commercial products.g. Train, train, train, train, train, train,...
(some demos)
Wim Remes - [email protected]
TRAINING & TEST
Wim Remes - [email protected]
In a real war you don’t fight soldiers with cleaning ladies, you fight with soldiers. In acyberwar, you fight hackers with hackers.“
”Thank you
Wim Remes - [email protected]