vulnerability and threat management and prevention
play

Vulnerability and Threat Management and Prevention Weston Hecker - PowerPoint PPT Presentation

May 05, 2023 •676 likes •925 views

A1 Vulnerability and Threat Management and Prevention Weston Hecker Security Expert With KLJ Systems Network Analyst/Penetration Tester/President Of Computer Security Association Of North Dakota Slide 1 A1 Author, 9/16/2013 About Me About Me:

  1. A1 Vulnerability and Threat Management and Prevention Weston Hecker Security Expert With KLJ Systems Network Analyst/Penetration Tester/President Of Computer Security Association Of North Dakota

  2. Slide 1 A1 Author, 9/16/2013

  3. About Me • About Me: CISSP, CEH, CCNP Security, Certified Microsoft Professional, Security + Licensed Penetration Tester, Computer Science/Geophysics, and spoke at Defcon 22 • About 10 years pen ‐ testing, disaster recovery, security design, and security research experience • Research including DHS contract to attack 911 systems in the USA. Skim Bad software project. • NERC, FFIEC, FISMA/NIST, ISO, GLBA and FDIC, Compliance audits HIPAA, Omnibus, HI ‐ TECH

  4. What is being covered • How is it different in The Midwest? What are hackers using to compromise networks? • How has it changed, Why is hacking in the news so much. • Tools of the trade “Fleet of Fake I phones”. • Key loggers and Raspberry Pi hacking machines. • RFID “Radio Badges” and physical security portion of Pentesting. • Distributed Denial of Service Phone Systems “What it is how its used” “How it affects businesses” • Credit card skimming methods, POS memory scraping malware, and phone DDOS.

  5. Methods Blackhat Hackers Use to Get Into Networks/Methods Found In ND • Findings from Pentests in ND and the Midwest • How does it differ from rest of USA • Why would people target ND we are to small to be noticed … • Types of audits • Need for Security Framework • Forced compliance • What can IT staff do to secure their networks • When does a 3 rd party pay? Everyone thinks North Dakota has oil money why are companies still paying 90s prices for security services

  6. Fleet of Fake iPhones With Teensy 3.0

  7. Key Stroke Catchers Rouge USB Drives

  8. Computers Used Specifically for Password Cracking, USB Plugged into USB Monitor GPU Farm Built for $2400, 13 Billion Password attempts a second

  9. Raspberry Pi Hacking Boxes, Alfa Card with promiscuous mode chip set, RP Recording calls from VOIP phone.

  10. Bump Keys 80% of Locks Can Be “Bumped” Physical Security RFID Badge Hacking Tailgating Doors Left Open

  11. RFID Badge Cloning Hardware, Front door Cards Read up to 10ft Away

  12. RFID Badge Reader Scans Through Seat Where Customers Wallet Would Be.

  13. Everyone is familiar with DDOS it has been a problem for more than 15 years Computers are asked to respond to Think of it as 30 people driving threw a drive threw at lunch hour and ordering food then more requests than it can handle driving off.

  14. This Prepaid Cell Phone Can Deny Legitimate Phone Calls for 5 Days Strait • Anonymous Purchase • 2 Dollars Days That it is Used • Untraceable Can be Charged With Solar USB Charger PRL List Hopping. • GPS Not Recoverable Unless in 911 Mode.

  15. Cell Phone DDOS call Some one non stop two times a second for 5 days for $14.00 Firmware Flashed To Become $14 Dollar Prepaid Phone Anonymous DDOS Attack

  16. Malware, DDOS, Ransomware, Web Application Injection, Spearfishing. Why Scanning tools don’t always What is a SQL Injection catch these methods?

  17. Sanitize your inputs Most application exploits come from not sanitizing inputs. • Assume that any data you do not have control over is malicious. • Have web applications made by third parties undergo an audit. • Scanning tools are ineffective at finding any more than the most basic vulnerabilities. •

  18. Malware, DDOS, Ransomware, Spearfishing. Targeted Malware In ND Spoofed Emails, J:// Encrypted over Malware custom made for the weekend Ooooo no. customers in ND

  19. What Are The Hackers After? Personally identifiable information • Financial information ex. Credit card number, Bank account numbers • Trade secrets ex. Customer data, Bid information, Volume license information • Network Resources ex. Servers, email accounts, desktops used to attack and infect other • systems

  20. Credit Card Skimmer Used to Steal Magnetic Data on Cards.

  21. Where Do they Sell Credit card Data and SSN#

  22. POS Skimming Malware How It Works How It Can Be Defeated.

  23. Thank You For Inviting Me and For Your Time Any Questions, Please Contact Me. Weston.Hecker@kljeng.com westonhecker@twitter WWW.KLJNETWORKSOLUTIONS.COM Phone Number 701 ‐ 934 ‐ 1292

Recommend

Metastore About Metastore Solutions Timeline Mainframe ICT Security Threat and Vulnerability

Metastore About Metastore Solutions Timeline Mainframe ICT Security Threat and Vulnerability

Metastore About Metastore Solutions Timeline Mainframe ICT Security Threat and Vulnerability Management z/OS Security Management Identity, Access and Entitlement Management z/OS Operations Management 1992 2016 Windows Server Data

304 views • 9 slides
Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a cybersecurity flaw in a system that leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system

407 views • 16 slides
Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be defined as: A person whose immediate activity can cause death and/or serious injury An active threat can involve a firearm or another

395 views • 15 slides
Measuring Risk Ron Gula NSA Pen Tester Cloud Security Network IDS Who is Ron Gula???

Measuring Risk Ron Gula NSA Pen Tester Cloud Security Network IDS Who is Ron Gula???

Measuring Risk Ron Gula NSA Pen Tester Cloud Security Network IDS Who is Ron Gula??? Vuln Management Cyber Companies THREAT X VULNERABILITY = RISK THREAT X VULNERABILITY = RISK Out of date browser on server One

458 views • 30 slides
FRESHWATER under THREAT S O U T H A S I A Vulnerability Assessment of Freshwater

FRESHWATER under THREAT S O U T H A S I A Vulnerability Assessment of Freshwater

FRESHWATER under THREAT S O U T H A S I A Vulnerability Assessment of Freshwater Resources to Environmental Change Ganges-Brahmaputra-Meghna River Basin Helmand River Basin Indus River Basin Mukand S. Babel Shahriar M. Wahid

479 views • 44 slides
Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
Vulnerability management with OpenVAS Henri Doreau henri.doreau@greenbone.net 12 th LSM -

Vulnerability management with OpenVAS Henri Doreau henri.doreau@greenbone.net 12 th LSM -

Vulnerability management with OpenVAS Henri Doreau henri.doreau@greenbone.net 12 th LSM - Strasbourg 2011 OpenVAS Vulnerability management Project news Conclusion Outline OpenVAS 1 Introduction Architecture Vulnerability management 2

691 views • 29 slides
Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3

Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3

Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3 Denial of Service Attack (DoS) 4 THREAT CATEGORY THREAT ACTION TYPE Malware/Badware Send data to the external entity/site, Trapdoor/Backdoor Entry,

719 views • 23 slides
What is Our Greatest Cyber-Security Threat? OT vulnerability explained and national conversation

What is Our Greatest Cyber-Security Threat? OT vulnerability explained and national conversation

What is Our Greatest Cyber-Security Threat? OT vulnerability explained and national conversation about security and privacy urged at ASU Biodesign presentation Where is the U.S. most vulnerable to cyber-security attack? And, what is the greatest

80 views • 4 slides
New Threat Vectors for ICS/SCADA Networks and How to Prepare for Them June 27, 2017 Phil

New Threat Vectors for ICS/SCADA Networks and How to Prepare for Them June 27, 2017 Phil

New Threat Vectors for ICS/SCADA Networks and How to Prepare for Them June 27, 2017 Phil Neray, VP of Industrial Cybersecurity Why Now? Featuring CyberXs threat intelligence & vulnerability research 3 Key Trends Driving ICS

537 views • 25 slides
Welco come me! 2019 N New Z Zeala land S Sea ea Li Lion on T Threat M Management P

Welco come me! 2019 N New Z Zeala land S Sea ea Li Lion on T Threat M Management P

Welco come me! 2019 N New Z Zeala land S Sea ea Li Lion on T Threat M Management P Plan Advisor ory Gr Grou oup Purp rpose To build an understanding of the results of the past years Sea Lion Threat Management Plan work

514 views • 23 slides
Responding to an Intensifying Threat Paul Walton CBD Hierarchical Approach Prevention Early

Responding to an Intensifying Threat Paul Walton CBD Hierarchical Approach Prevention Early

INNS, Borders and Biosecurity Responding to an Intensifying Threat Paul Walton CBD Hierarchical Approach Prevention Early detection and Rapid response Control Efforts to mitigate invasions have not been effective enough to keep up

390 views • 20 slides
Client volume as a marker of vulnerability among Female Sex Workers to refine focus of prevention

Client volume as a marker of vulnerability among Female Sex Workers to refine focus of prevention

Client volume as a marker of vulnerability among Female Sex Workers to refine focus of prevention services in India: A National Representative Study of Female Sex Workers Authors: Manideep Govindu, Yujwal Raj * and Kh.Jitendra Kumar Singh ** *

248 views • 3 slides
Client Alert An Ounce Of Prevention: Dealing With The Threat Of Counterfeit Pharma- Contact

Client Alert An Ounce Of Prevention: Dealing With The Threat Of Counterfeit Pharma- Contact

Client Alert An Ounce Of Prevention: Dealing With The Threat Of Counterfeit Pharma- Contact Attorney Regarding ceuticals This Matter: Alan G. Minsk* Introduction 404.873.8609 - direct 404.873.8691 - fax Unlike counterfeit handbags,

332 views • 6 slides
CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020 Previous Class The CIA Triad as security objectives Threat: potential Attack: attempt Compromise: success Vulnerability: security

660 views • 29 slides
Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a significant shock that brings welfare below a socially accepted level (Khl, 2003) Vulnerability increases when there is uncertainty with respect to

529 views • 21 slides
Community Vulnerability Tools Presented to C/CAG Resource Management and Climate Protection

Community Vulnerability Tools Presented to C/CAG Resource Management and Climate Protection

Community Vulnerability Tools Presented to C/CAG Resource Management and Climate Protection Committee May 20, 2020 Outline Why use Community Vulnerability Tools? Major tools Benefits and examples of how to use them Discussion

362 views • 24 slides
Contents What is vulnerability? Why conduct vulnerability assessments? Defining

Contents What is vulnerability? Why conduct vulnerability assessments? Defining

6/19/2015 Vulnerability and Capacity Assessment Index (VCAI) for Climate Change Adaptation SVRK Prabhakar USAID ADAPT Asia-Pacific Presented at NABARD Training Workshop, Mumbai on 18 June 2015 Contents What is vulnerability? Why

705 views • 21 slides
Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Analysis and Food Aid W orking Group Chaired by W FP/ VAM Unit Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1 Overview 1 . Methodology of the VA 2 0 0 4 2 . Highlights of

703 views • 28 slides
Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Honeymoon Threat Restoration Rescue Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to normal living. A disaster has not yet oc- curred, but there is a sense of impending doom. Individual

604 views • 6 slides
Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and migration systems Purpose Intended to guide & inform frontline workers & decision makers on the relevance of vulnerability factors to

507 views • 19 slides
Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures Islamabad Pakistan Assessment and Vulnerability Assessment and Vulnerability Reduction Measures Reduction Measures adpc Asian Disaster

702 views • 46 slides
Youve Got Your Nice List of Bugs, Now What? Vulnerability Discovery and Management

Youve Got Your Nice List of Bugs, Now What? Vulnerability Discovery and Management

Youve Got Your Nice List of Bugs, Now What? Vulnerability Discovery and Management Processes in the Wild Noura Alomar, Primal Wijesekera, Edward Qiu, and Serge Egelman University of California (Berkeley) and ICSI Motivation Many

688 views • 23 slides
DATA LOSS PREVENTION AND PROTECTION Last Revised: 4-20-14 MD InfraGard Insider Threat Special

DATA LOSS PREVENTION AND PROTECTION Last Revised: 4-20-14 MD InfraGard Insider Threat Special

MD InfraGard Insider Threat MD InfraGard Insider Threat Special Interest Group Special Interest Group DATA LOSS PREVENTION AND PROTECTION Last Revised: 4-20-14 MD InfraGard Insider Threat Special Interest Group MD InfraGard Insider Threat

689 views • 49 slides

More recommend