Upload
thomashegel
View
65
Download
2
Embed Size (px)
Citation preview
About Me:
Thomas Hegel CISSP, GCFE
Incident Response and Security Analytics Engineer
Threat Intel Team
The Problem:
Users are the easiest way into a network
Commonly under attack
Little focus from security teams
Source: SplashData’s Worst Passwords of 2014
Password Strength
123456 Weak
password Weak
12345 Weak
12345678 Weak
qwerty Weak
123456789 Weak
1234 Weak!!
Most Common Passwords:
The Solution:
Three Step Program:
Play Teach Test
Hands On
Fun
Relevant
Drive Towards:
Stronger Security Posture
Compliance Goals
Improved MTTD & MTTRDetect Respond
Challenges
Spot the Phishing Email
Strong Password Creation
Improving Personal Security
Weekly/Monthly/Quarterly
CTF Events(Capture the Flag)
Correct answer (flag) generates point
Most points win
Challenge Levels for each skill of user
Friendly Competition (Team or Individual)
Beginner
Beginner Security Trivia
Myth or truth on security
Wireless best practices
Password Strength
Spot the Phish
Intermediate
Trivia on current events
Online Self Defense
Recon Social Networks
Phish the competition
Don’t Forget!
Fun for all
Rewards and Recognition
Participation and repetition
Avoid viewing it as “work”
Step 2: Teach
Relevant “security” information and guidance
Encourages discussions
Teaches the user to fend for themselves
blog.logrhythm.com/security/7-home-network-security-tips/
Wireless Setup
Device Updates
Password Management
Phishing Emails
Open Message Rate
Open Attachment Rate
Report as Phishing Rate
IR/Security Mean Time to Detect
IR/Security Mean Time to Respond
Click Though Rates
Flash Drive Drops
Report to Security Rate
IR/Security Mean Time to Detect
IR/Security Mean Time to Respond
Plug in Rate
Rogue Wi-Fi
https://youtu.be/v36gYY2Pt70
Setup Wi-Fi Access
Provide Fake Landing Page
Get Credentials!
http://www.slideshare.net/heinzarelli/wifi-hotspot-attacks
Connection Rate
Credential Submission Rate
Report to Security Rate
“Malicious” Coupons!
QR Destination as “Malicious” URL
Print > Place on Cars in Lot
Rate of Connections
Rate Reported to Security
Yes, this is Bob from IT.Social Engineering Calls
Most Vulnerable Departments/Teams
Rate of Information Gathering
Rate of User Acceptance
Rate Reported to Security
Email Filtering
Quarantine Emails
Reject Emails
Monitor Emails
SPF DKIM DMARC
Reduced Spam and Spoofing
Authorized
Source?
True
Source &
Signed?
How to
Handle It
Internal Network Monitoring
Volume of Transferred Content
Access Patterns
Time-Based Behavioral Analysis
Activities of Job Dissatisfaction
Source: Verizon DBIR 2015
Misc.
Disable USB Ports for Unauthorized Users
Monitor for Rogue Access Points
Strong Password Requirements
Auto Lock Workstation
Summary:
Technical Controls
Business Results:
Stronger Security Posture
Compliance Goals
Improved MTTD & MTTR
Three Step Program:
Play Teach Test