Upload
major-hayden
View
246
Download
7
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
EVADE THE BREACHBY CHANGING THE WAY YOU THINK ABOUT INFORMATION SECURITY
MAJOR HAYDEN RACKSPACE @majorhayden
FOR ACCRUENT INSIGHTS 2014, AUSTIN, TEXAS PHOTO CREDIT: CURTIS GREGORY PERRY [bit.ly/1k5ajws]
ABOUT MAJOR• Born in Austin
• At Rackspace since 2006
• Focused on Linux engineering, software development and information security
• Two kids and four chinchillas
THIS IS A CHINCHILLATHEY ARE AMAZING PETS AND I COULD TALK ABOUT THEM FOR A LONG TIME
AGENDA
Presentation 30 minutes
Q&A 30 minutes
Let's cover some critical concepts
SECURITY ISN'T EASY
YOUR BUSINESS DOESN'T EXIST TO BE SECURE
INSPIRED BY KEITH PALMGREN'S "13 ABSOLUTE TRUTHS OF SECURITY"
SECURITY HAS NO FINISH LINE
INSPIRED BY KEITH PALMGREN'S "13 ABSOLUTE TRUTHS OF SECURITY"
Reports that say...that something hasn't happened are always interesting to me,
because as we know, there are known knowns;
!there are things that we know that we know. We also know there are known unknowns;
!that is to say
we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.
—Donald Rumsfeld, United States Secretary of Defense
PUBLIC DOMAIN PHOTO BY THE UNITED STATES ARMY
THREE DEFENSIVE LAYERS
PreventativeMake yourself a hard target
DetectiveKnow when danger is on your doorstep
CorrectiveRemove the threat and repair the damage
PR
OC
ES
S IM
PR
OV
EM
EN
T
!F
EE
DB
AC
K L
OO
P
We can apply these layers to something
we all know well
How do we protect our homes?
PHOTO CREDIT: DPREVITE [bit.ly/1mC8QBi]
PHOTO CREDIT: DPREVITE [bit.ly/1mC8QBi]
We lock our doors
We put our lights on timers
We close the blinds
We install security cameras
We join the neighborhood watch
We set our security alarm
We have our alarm monitored
We buy homeowner's insurance
!
We buy firearms**
PHOTO CREDIT: DPREVITE [bit.ly/1mC8QBi]
We lock our doors
We put our lights on timers
We close the blinds
We install security cameras
We join the neighborhood watch
We set our security alarm
We have our alarm monitored
We buy homeowner's insurance
!
We buy firearms
PREVENTATIVE
PHOTO CREDIT: DPREVITE [bit.ly/1mC8QBi]
We lock our doors
We put our lights on timers
We close the blinds
We install security cameras
We join the neighborhood watch
We set our security alarm
We have our alarm monitored
We buy homeowner's insurance
!
We buy firearms
DETECTIVE
PHOTO CREDIT: DPREVITE [bit.ly/1mC8QBi]
We lock our doors
We put our lights on timers
We close the blinds
We install security cameras
We join the neighborhood watch
We set our security alarm
We have our alarm monitored
We buy homeowner's insurance
!
We buy firearms
CORRECTIVE
You now know two other concepts
DEFENSE IN DEPTHASSUME THE WORST AND BUILD LAYERS OF DEFENSE
PHOTO CREDIT: SZEKE [bit.ly/1mxjkzl]
RISK MANAGEMENTINVEST YOUR TIME SPENT ON SECURITY WISELY
PHOTO CREDIT: LORENZOCLICK [bit.ly/1f40rns]
Do your third party vendors invest in
security as much as you do?
How will you know for sure?
IT'S NOT EASY
PHOTO CREDIT: KEVIN DOOLEY [bit.ly/1ri0hej]
Let's review the facts
"Target gave network access to a third-party
vendor, a small Pennsylvania HVAC
company, which did not appear to follow broadly accepted
information security practices. The vendor’s weak security allowed
the attackers to gain a foothold
in Target’s network."
"Target appears to have
failed to respond to multiple automated
warnings from the company’s
anti-intrusion software that the
attackers were installing malware
on Target’s system."
"Attackers who infiltrated Target’s
network with a vendor credential
appear to have successfully moved from
less sensitive areas of Target’s network to
areas storing consumer data, suggesting that
Target failed to properly isolate its most sensitive
network assets."
"Target appears to have
failed to respond to multiple warnings from the company’s
anti-intrusion software regarding the
escape routes the attackers planned
to use to exfiltrate data
from Target’s network."
What can we learn from the Target breach?
Target's situation isn't unique
to Target
It's your responsibility to insulate yourself from third parties
Continually test your security layers so
you can trust them in an emergency
What about the vendors that
don't show up on your books?
PHOTO CREDIT: CLASPINGWALNUT [BIT.LY/1K5J5DT]
HOW ABOUT THE OPENSSL SOFTWARE
FOUNDATION?
HEARTBLEED: A QUICK SUMMARY
• Small coding error allows attackers to steal chunks of memory from remote servers
• Attackers repeatedly send requests to get different data from the server
• Announcement of the vulnerability was handled extremely poorly
• Much of the internet is still still vulnerable almost a month after the announcements
HEARTBLEED: LESSONS LEARNED
Layer your defenses
Segregate server duties
Make emergency plans
Rackspace has joined many other
companies in support of the Core Infrastructure Initiative
that provides funding for open source projects that
need assistance
LET'S WRAP IT UP
PHOTO CREDIT: TANAKAWHO [bit.ly/1mxiEd3]
Three takeaways:
(Or, if you fell asleep during the last half hour,
here's what I was talking about)
1. Layer your defenses
2. The security of your business is your business
3. Better security requires changes in people, process,
and technology
THANK YOU! !
PHOTO CREDIT: STUCK IN CUSTOMS [bit.ly/1k5nqha]
Blog: major.io Twitter: @majorhayden Email: [email protected]