Embed Size (px)
Citation preview
Secure yourself, practice what we preach
Michael Gough – Founder
MalwareArchaeology.com
Who am I
• Blue Team Defender Ninja, Logoholic, Malware Archaeologist
• @HackerHurricane also my Blog
• Inventor of the Malware Management Framework
• I love logs – they tell us Who, What, Where, When and hopefully How
This talk is a discussion
• Your input is required
• Don’t be a Ding Dong, and you might get one!
• Share, Share, Share!
• We all want to know what you know
Why this talk?
• It dawned on me we are not talking about our personal experiences
• We have personal systems
• We have work systems
• We have families and they have systems
• How can we ask our employers to secure stuff if we don’t do it ourselves?
Which method is best?
• Let’s avoid this area, it will take too long
• Let’s focus on What is being used and get other options for everyone to investigate
• This is about sharing
• So we can protect ourselves
• And practice what we preach
• Take that to our employers and improve the condition there too
The Anthem Breach
• And many others that leaked our PII
• Can be used to apply for credit
• Steal your identity
• File a fake tax return
• Etc.
Credit Cards• Thank you Target… (last year’s motto)• Screw you Anthem (thus this year’s motto)
• Due to Target I stopped using my Debit Card except at one location where I can get cash and gas and gift cards (MY MONEY !!!)
• Credit Cards for everything (their money not mine)
• Two cards, one for everyday (popped 3 times in 2014)
• One for online only
Your Credit
• Putting a “Freeze” on your credit is one way to prevent your credit misuse
• Cost vary by State
• Texas is $10-$10.83 for each Credit Reporting agency
• You have to do all 3 Reporting Agencies
• Credit Monitoring
Credit Freeze
EXPERIAN:• To request a security freeze, • log on to www.experian.com/freeze, • Call 1 888 EXPERIAN (1 888 397 3742)
TRANSUNION:• Place a Security Freeze on your TransUnion Credit Report• Online: https://freeze.transunion.com• Phone: 888-909-8872
EQUIFAX:• For other ways to add a Security Freeze to your credit file, • please contact our Automated Security Freeze System at (800) 349-9960.• https://www.freeze.equifax.com
How you build your system
• We need to backup our data
• Build your system with an OS drive and a Data drive
• NO DATA on your OS drive
• Make it easy to rebuild if something fishy happens
Build Standards
• Center for Internet Security
• CIS Benchmarks can help you know what to set
• Both personally and for the enterprise
• Windows
• MAC
• Linux
• IE, FireFox, Safari
Backups
• Encrypt it !
• On-Site – multiple copies
• Off-Site – Drive at family or friend
• Cloud– CloudBerry
• Amazon S3
• Glacier
– CrashPlan
– Carbonite
Password Managers
• LastPass– YubiKey– Google Auth
• Dashlane– Google Auth
• Password Safe– Yubikey
• KeyPass• 1Password• RoboForm
Multi-Factor Auth
• Fido
• Yubikey
• Google Auth
• Lots of standards
• PayPal
• eBay
Browsers• Don’t use IE• FireFox
– Script Block– Web of Trust– AdBlock Plus– EFF – Privacy Badger
• Chrome– Script Block– Web of Trust– AdBlock Plus– EFF – Privcy Badger
• Safari• Aviator
Search Engines
• Bing
• Yahoo
• DuckDuckGo
• Yandex
Drive Encryption
• TruCrypt – 7.1a
• BitLocker
• File Vault
Cloud Storage
• Do you store your data in the Cloud?
• InstantCryptor.com
– Browser based encryption – FireFox & Chrome
– DropBox
– Google Drive
• Trucrypt 7.1a
Bookmarks
• Xmarks
• Sync your bookmarks so recovery is easy
• Save stuff at home, see it at work and visa-versa
• FireFox Sync
DNS
• OpenDNS
– Nice for your family - FREE
• Google DNS
Remote Access
• VNC
• GoToMyPC
• OpenVPN
• Your FW HW
• TOR
Mac, PC or Linux?
• We could spend an hour on this topic alone
• Windows is ~85% of our systems
• MAC’s get less malware, but still get malware
• Linux?
• Whatever you use, don’t be an Administrator
• 90% reduction of risk
MAC
Knock Knock - github.com/synack/knockknock
• KnockKnock displays persistent items (scripts, commands, binaries, etc.), that are set to execute automatically on OS X. For a comprehensive presentation on OS X malware, persistence, and KnockKnock, see the following slides.
• $ python knockknock.py
Cell Phones
• I use an Apple…
• It gets updated
• What do you do ?
• CIS Benchmarks for IOS and Android
Software Restrictions
• Windows only
• AppBlocker (service – Audit mode)
• Software Restriction Policies
• Only on Pro, Ultimate and Enterprise
• Stops .EXE from running in C:\Users
• Can really slow down the malwarez
Software Restrictions
Software Restrictions
• https://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx
Software Restrictions
• EventCode = 866
*
Logs
• Windows Logging Cheat Sheet
• Enable the logs
• Collect locally
• Learn how to read them
• Try and send to a Log Management solution– SumoLogic
– Splunk server
– ELK stack
– Or do it manually
Wireless
• Anything we don’t know?
• WPA
• Use Guest for guests
• Set OpenDNS as the DNS server to affect all users
– Provides reporting
Cell Phones
• ATT Smart Limits
• Sprint Parent Controls
• Verizon Family Safeguards
• T-Mobile Family Allowances
• Great for our kids
Social Networking
• Etc…
Privacy
• Lots of breaches here
• NSA, GCHQ, etc…
• Social Networking
• What do you do ?
• 5 min discussion
Questions?
• HackerHurricane.com
• @HackerHurricane
• MalwareArchaeology.com
