• Home

  • Documents

  • Architectural Revolutions of Cyber Security Ken Higuchi General Manager, Sales Division INFOSEC...

Click here to load reader

prev
next
of 26

Architectural Revolutions of Cyber Security Ken Higuchi General Manager, Sales Division INFOSEC CORPORATION Presentation for CodeBali September 22 nd,

Embed Size (px)

Citation preview

PowerPoint

Architectural Revolutions of Cyber Security

Ken Higuchi

General Manager, Sales DivisionINFOSEC CORPORATION

Presentation for CodeBaliSeptember 22nd, 2015

()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

IntroductionINFOSEC CORPORATION, established in 2001, is a group of cyber security professionals who provide a broad range of cyber security solutions and services.Head Office : Tokyo, JapanShareholders : NEC Corporation(60%) Mitsubishi Corporation(40%)Employees: 110Customers : Military, Government, Financials, Power Utilities, Transportations, Telecommunications, Broadcasters, Manufacturers, Educations, etc.Solutions: SOC Design/Deployment/Operation, Pen-testing, AppSecurity Support, Training & Education, etc.Official Website : http://www.infosec.co.jp/Copytight Infosec Corporation 2015. All Rights Reserved.2()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Crisis : Breaking the Chain of Trust()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

CASE-1

Japan Pension Service

(June 2015)

()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Cyber Attacks hitting Japan Pension Service (1)On June 1st, 2015Japan Pension Service, a public organization who manages national pension fund, announced thatthey were attacked by APT malwares, and1.25 Million Personal Data were stolen Name / Address / Birthday / Pension ID NumberCopytight Infosec Corporation 2015. All Rights Reserved.5()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Cyber Attacks hitting Japan Pension Service (2)Japanese Government is ready to introduce My Number social system from October 2015

My Number is a unique ID used for taxation and pension management Social Security NumberCopytight Infosec Corporation 2015. All Rights Reserved.6()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Cyber Attacks hitting Japan Pension Service (3)If My Number Systems are compromised by highly-sophisticated cyber attacks, WHAT WOULD BE HAPPENED ?Create SpoofingOnline Accounts ? Create MaliciousBank Account?Copytight Infosec Corporation 2015. All Rights Reserved.7UnexpectedTaxations? ()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

The Reality isHere are some examples of recent cases:Central District of California. A woman pleaded guilty to federal charges of using a stolen Social Security number to obtain thousands of dollars in credit and then filing for bankruptcy in the name of her victim. More recently, a man was indicted, pleaded guilty to federal charges and was sentenced to 27 months' imprisonment for obtaining private bank account information about an insurance company's policyholders and using that information to deposit $764,000 in counterfeit checks into a bank account he established.Central District of California.Two of three defendants have pleaded guilty to identity theft, bank fraud,and related charges for their roles in a scheme to open bank accounts with both real and fake identification documents, deposit U.S. Treasury checks that were stolen from the mail, and withdraw funds from those accounts.Middle District of Florida.A defendant has been indicted on bank fraud charges for obtaining names, addresses, and Social Security numbers from a Web site and using those data to apply for a series of car loans over the Internet.Copytight Infosec Corporation 2015. All Rights Reserved.8(REF) http://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

CASE-2

Remote Control Trojan IESYS.exe

(2012-13)

()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Remote Control Trojan IESYS.exe (1)Through Jul-Sep 2012,4 Japanese men were arrested by the cyber police, accused of posting murder and bombing notices at SNSOn Oct 9th and 10th 2012,Two letters were posted on the media, which stated;I am the guy who posted those criminal notices using my Trojan iesys.exe. Whats the hell, police has arrested innocent people under my remote controls !Copytight Infosec Corporation 2015. All Rights Reserved.10()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Remote Control Trojan IESYS.exe (2)Jan 2013,Two emails was posted on the media, in which CTF-like (Capture-the-Flag) 5 questions were described. Police challenged this questions and found SD-Card with a source code of iesys.exeCopytight Infosec Corporation 2015. All Rights Reserved.11Feb 2013,A man was arrested in Tokyo, accused of (a)creating iesys.exe and (b)remotely infecting and controlling the innocent victims by this Trojan malware()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Remote Control Trojan IESYS.exe (3)The guy claimed I am innocent too, one of the victims of iesys.exe!Copytight Infosec Corporation 2015. All Rights Reserved.12May 2014, the guy finally confessed that he did all.()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Crisis: Breaking the Chain of Trust Who are you?Crisis of trust for online identificationCopytight Infosec Corporation 2015. All Rights Reserved.13Who is good/bad?Crisis of trust for intentions()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

If the analogy comes to Banking Trojans?Copytight Infosec Corporation 2015. All Rights Reserved.14

Remote ControlXX BANKUnintendedTransaction

Cash Transfer

XX BANKCompensationTrojan Infected

How do you trust him?()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Mission Impossible : The Challenge()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Mission ImpossibleGiven ConditionsEndpoint devices (PC/Smartphones) are infected by malwaresUser credentials (ID/PW) are compromisedInternet traffics can easily be tapped / modifiedThere are certain number of evils at the user sideCopytight Infosec Corporation 2015. All Rights Reserved.16Distinguish trusted transactionsunder untrusted circumstances()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Mission Impossible: Untrusted CircumstancesCopytight Infosec Corporation 2015. All Rights Reserved.17

INTERNETSERVICERS

USERSADVERSARIESTROJANCredentialsMaliciousRemote ControlsEasy Deploymentof MaliciousCodes & ProcessesEasy to Tap or Modify the Traffics / DataBad Guys,Sometimes()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Mission Impossible: Five-Step ChallengesCopytight Infosec Corporation 2015. All Rights Reserved.18Issue a private key with user-dependent, specific parameters (Blocking spoofing logins) The Servicer can only be connected through the Trusted Virtual Network (Blocking Bad-DNS, Man-in-the-Middle) Traffics between the client and the Servicers shall be fully encrypted (Blocking Man-in-the-Middle)Block all the remote sessions excluding single session with the edge node (Disabling remote controls, session hijacking)Stop all the programs & processes otherwise the Servicer permits (Disabling Trojans, Man-in-the-Browser) ()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Im Possible: Blocking Compromised AccountCopytight Infosec Corporation 2015. All Rights Reserved.19

INTERNET

USERSADVERSARIESTROJAN

Credentials

Machine-dependentGeo-Locational InfoPrivate KeyTrusted VirtualNetwork

Edge Node

SERVICERSSpoof Login()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Im Possible: Disabling Session Hijack & TrojanCopytight Infosec Corporation 2015. All Rights Reserved.20

INTERNETSERVICERS

USERSADVERSARIESTROJANTrusted VirtualNetwork

Edge Node

Policy EnforcementSession ControlApps/Process ControlTraffic EncryptionMachine SpecificGeo-LocationPrivate Key()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Project OzoneArchitectural Revolutions of Cyber Security

()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Copytight Infosec Corporation 2015. All Rights Reserved.22Ozone represents Risk Zero Zone with a molecule of three key components of cyber security

()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

WE ARE POSSIBLE - Change the Game Rules by OzoneCopytight Infosec Corporation 2015. All Rights Reserved.23

The InternetOZONE

RealtimeThreatIntelligenceRealtimeTransactionMonitoringCentralized Applications Repository

Trusted identity, Trusted location and Trusted single connectionTrusted transaction,Trusted applications,Trusted location and Trusted single connection()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Copytight Infosec Corporation 2015. All Rights Reserved.24Ozone Network SecurityOzone File SecurityOzone ID Federation PlatformOzone Transaction SecurityFor all the people who want highly secured network accessFor all the people who want to protect their information/data even if those are stolenFor all the people who want highly secured e-business environmentFor all the people who want to trust your usersWE ARE POSSIBLE - Solutions enabled by Ozone()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Copytight Infosec Corporation 2015. All Rights Reserved.25For more information,Please contact NEC/Infosec.()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []

Thank [email protected] Infosec Corporation 2015. All Rights Reserved.26()

[] [] [] [] [] [] [] [] [] ( 1 ) Shift [] [] [] [] 7.5[] [] [] [] [] [] [ ()] [] [] [ 1] (1 2 ) [] [] [] [] 2 pt[] [] [] [] [] [] [5 pt 1] (1 1 ) [] [] [ 1] (1 1 ) [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 7.55 [] [] [][][] [] [] [] [] [] [] [] [] [] [] [] []

[] [] [ ] [] [] [] [Arial] [ ] [28] [] [] [] [ 1] (1 1 ) [] [] []

[] [] [] [] [] [] [] [ ()] [] [] [] 90[] [] [] 2 [] 1 [] 40%[] [] [ 1] (1 2 ) [] 0% [] 100%[] [] [ 1 + 50%] (2 2 ) [] 0%

[] [] [] [] [] [] [] [] [] [] [] [] 0.5 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] 1 [] [] [] []


DOD INFOSEC Education, Training , Awareness & … INFOSEC 310 Windows NT Security for SAs (5 days) Training Materials (Po werpoint) l INFOSEC 201: ... 101 l INFOSEC inputs provided

DOD INFOSEC Education, Training , Awareness & … INFOSEC 310 Windows NT Security for SAs (5 days) Training Materials (Po werpoint) l INFOSEC 201: ... 101 l INFOSEC inputs provided

Documents
Infosec cert service

Infosec cert service

Technology
Ir Higuchi

Ir Higuchi

Business
Rio 2016 Hopefuls Cox Higuchi Debut in Freestyle … 2016 Hopefuls Cox Higuchi...Subject: Rio 2016 Hopefuls Cox, Higuchi Debut in Freestyle World Rankings ... Rio 2016 Hopefuls Cox,

Rio 2016 Hopefuls Cox Higuchi Debut in Freestyle … 2016 Hopefuls Cox Higuchi...Subject: Rio 2016 Hopefuls Cox, Higuchi Debut in Freestyle World Rankings ... Rio 2016 Hopefuls Cox,

Documents
Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy

Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy

Documents
October 29, 2015 The University Information Security Policy & InfoSec one year on… Tom Anstey Weatherall Institute of Molecular Medicine & InfoSec infosec@it.ox.ac.uk

October 29, 2015 The University Information Security Policy & InfoSec one year on… Tom Anstey Weatherall Institute of Molecular Medicine & InfoSec [email protected]

Documents
COBIT5 and InfoSec

COBIT5 and InfoSec

Documents
CONGRESISTA KENJI GERARDO FUJIMORI HIGUCHI …

CONGRESISTA KENJI GERARDO FUJIMORI HIGUCHI …

Documents
Infosec Audit Lecture_4

Infosec Audit Lecture_4

Documents
Thinking revolutions - Commercial and Scientific Revolutions

Thinking revolutions - Commercial and Scientific Revolutions

Education
InfoSec Policy ISO17799

InfoSec Policy ISO17799

Documents
PMP, InfoSec & Chan

PMP, InfoSec & Chan

Self Improvement
Infosec Gateway

Infosec Gateway

Documents
Japanese-style Restaurant Higuchi. 095-844-5522

Japanese-style Restaurant Higuchi. 095-844-5522

Documents
I-Ching & InfoSec

I-Ching & InfoSec

Technology
The Infosec Revival

The Infosec Revival

Technology
London Infosec MVS

London Infosec MVS

Documents
Weiqi and InfoSec

Weiqi and InfoSec

Technology
InfoSec Syllabus V7.3

InfoSec Syllabus V7.3

Documents
Higuchi Ichiyo - Childs Play

Higuchi Ichiyo - Childs Play

Documents
Hacked Vehicles - InfoSec

Hacked Vehicles - InfoSec

Technology
Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012

Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012

Documents
Ichiyo Higuchi

Ichiyo Higuchi

Education
Simulacion dinamica Higuchi

Simulacion dinamica Higuchi

Documents
InfoSec Contest : 2 | InfoSec Tip : 3 | InfoSec Tools : 4 ... · Malwarebytes Anti-Malware Free Malwarebytes Anti-Malware Free utilizes Malwarebytes powerful technology to detect

InfoSec Contest : 2 | InfoSec Tip : 3 | InfoSec Tools : 4 ... · Malwarebytes Anti-Malware Free Malwarebytes Anti-Malware Free utilizes Malwarebytes powerful technology to detect

Documents
FELICIES-INFOSEC 4011

FELICIES-INFOSEC 4011

Documents
Revolutions and Counter-Revolutions

Revolutions and Counter-Revolutions

Documents
InfoSec 2012 Program

InfoSec 2012 Program

Documents
Beazley InfoSec

Beazley InfoSec

Documents
Glossary InfoSec

Glossary InfoSec

Documents