SlideShare a Scribd company logo

Defending Servers - Cyber security webinar part 3

F-Secure Corporation
F-Secure Corporation

There are many ways to protect servers from cyber-attacks. However, in the end, your best defense is to limit the attacker’s options. You can do this by minimizing the possible entry points into your network, by minimizing the tools available on the server, by making the data difficult to access in various ways, and by making the data useless when extracted from the content. Learn more about the ways to defend servers by watching the webinar recording from the following link and find more information in this presentation slides. https://business.f-secure.com/defending-servers-recording-from-cyber-security-webinar-3/

Technology
1 of 16
Download to read offline
1 DEFENDING SERVERS CYBERSECURITY WEBINARPART3 JARNONIEMELÄ F-SECURE 21st ofSeptember2015
CYBERSECURITY WEBINAR SERIES-PART3 © F-Secure2 • INTRODUCTION TO CYBERSECURITY • DEFENDING WORKSTATIONS • DEFENDING SERVERS – NOW • DEFENDING NETWORK 15TH OCTOBER 2015 • RESPONDING TO AN INCIDENT 9TH NOVEMBER 2015 • BUILDING SECURE SYSTEMS 3RD DECEMBER 2015 RECORDINGS: HTTPS://BUSINESS.F-SECURE.COM
3 DEFENDING SERVERS JARNONIEMELÄ SENIORRESEARCHER F-SECURE
SERVERS ANDWORKSTATIONS HAVETHESAMETHREATS  Software vulnerabilities and exploits  Anything that is accessible can be attacked  However attacker has interactive access  Software misconfigurations  If access control can be bypassed, exploit is not needed  Badly configured software will leak, crypto can be degraded  Credential cracks and leaks  Bad passwords are the most common cause for a breach  And even a strong password does not protect you if it is leaked © F-Secure4
https://www.exploit-db.com/exploits/18121/http://www.w3schools.com/sql/sql_injection.asp TYPICAL ATTACKSAGAINST SERVERS  Code execution attacks  Attacker is able to feed bad data and take over a service  SQL and other query injection  Attacker is able to give commands to DB server  For example read all data on the server, or modify it  Cross site scripting  Attacker is able to feed the victim a link which changes behavior of your web service  More info https://www.owasp.org/index.php/Top_10_2013-Top_10 © F-Secure5 https://www.exploit-db.com/exploits/38105/
GETTHEBASICSRIGHT  Choose the right OS and install the latest feasible version  E.g. Windows server 2012 has a lot of improvements over 2008  Close all services that you don’t need  And have minimal configurations for what you need  Follow OS and service security baselines and best practices  Microsoft security baseline, NSA guides, NIST guides, CIS , Sans CSC, etc  Isolate services with sandboxes or at least account and access controls  Use memory hardening tools © F-Secure6
MAKEUSEOFVIRTUALIZATION  Run services in hardware only if you really have to  Each function should have its own well-isolated virtual instance  Don’t get too attached to servers you have virtualized  Aim to have stateless systems that you can create and destroy at will  If a system alarms on a likely compromise, freeze the instance and launch a new one  Cycle VMs once per a couple of hours, make the attacker work for his foothold  However, don’t go naked into the clouds  Hosting servers or services in an environment you don’t own adds its own risks  Bring Your Own Encryption (BYOE) © F-Secure7
MAKESUREYOUHAVE VISIBILITY  Logs are critical for investigation  Log to a remote system and store logs long enough, at least 12 months  ELK stack (Elastic search, Logstash and Kibana) for the win  Collect and maintain integrity logs  Use an integrity checker to spot any new executables  If you use VMs, make sure you regularly compare against the base image  Have alerts for critical situations  Have log monitoring systems that send email or SMS alerts on critical problems © F-Secure8
MAKESUREYOURSERVICES ARESECURE  The most common cause for a server breach is third party services  Thus make sure you follow the security announcements and update  Especially WordPress  Also update any components used by your own code  Make sure that secure coding is practiced in your own code  https://www.owasp.org  http://www.cert.org/secure-coding/publications/index.cfm  http://resources.infosecinstitute.com/secure-code-review-practical-approach/ © F-Secure9
MAKEITDIFFICULTFORTHE ATTACKER  Most attacks rely on exploits, EMET breaks most of the exploits  http://microsoft.com/emet  Even as some attacks run in memory, many drop executables  So use application control to prevent unknown EXEs  Many attackers circumvent detections by using PowerShell  allow only signed PowerShell scripts, or disable it  http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/17/hey-scripting-guy-how-can-i- sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2.aspx © F-Secure10
AUDIT,MAKESURETHINGS STAYSECURE  Do regular audits, or at least use vulnerability and configuration scanners  F-Secure Karhu, Nessus, OpenVAS  Spot the vulnerabilities before attacker  Focus on mitigations that fix a class of vulnerability  If you lack time, use consulting  Audit by a consultant is cheaper than Incident Response services © F-Secure11
PROTECT YOURSECRETS  Ashley Madison hack, et al were possible because of bad hygiene  Store only the user info you need, drop the rest  Do not store any info in internet facing servers  Have separate DB servers, preferably with HTTP or other API, no SQL, CQL,etc  Where possible crypt the user info with the user’s password  Do not just hash passwords, use PBKDF#2, Scrypt, key derivation functions  Monitor access to data  If the web or other server starts to read tons of data that is a cause for alarm © F-Secure12
UPCONVERT WHENCHANGING ALGORITHM  Originally AM was using MD5 hash  Later they updated to bcrypt with proper work factor  Unfortunately they failed to convert old accounts  Thus passwords for 11 million accounts could be cracked  http://cynosureprime.blogspot.in/2015/09/csp-our-take-on-cracked-am-passwords.html © F-Secure13 http://thehackernews.com/2015/09/ashley-madison-password-cracked.html
CONCLUSION  Servers are hard to defend as attackers are interactive  Thus your best defense is to limit the attackers’ options  Minimize attack surface  Minimize tooling available in the server  Make the data difficult to access  Make the data useless when taken out from the context © F-Secure14
© F-Secure15 Q&A
THANK YOUFORYOUR PARTICIPATION! 16 STAY TUNED FOR THE FUTURE CYBER SECURITY WEBINAR SERIES: 15 October 2015 at 11.00 EET: “Defending network” 9 November 2015 at 11.00 EET: “Responding to an incident” 3 December 2015 at 11.00 EET: “Building secure systems” The Recording will be available at the BUSINESS SECURITY INSIDER https://business.f-secure.com

Recommended

Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2F-Secure Corporation
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeF-Secure Corporation
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Sophos Benelux
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
Xamarin security talk slideshare
Xamarin security talk slideshareXamarin security talk slideshare
Xamarin security talk slideshareMarcus de Wilde
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Quick Heal Technologies Ltd.
 

Recommended

Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2F-Secure Corporation
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeF-Secure Corporation
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Sophos Benelux
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesAnant Shrivastava
 
Xamarin security talk slideshare
Xamarin security talk slideshareXamarin security talk slideshare
Xamarin security talk slideshareMarcus de Wilde
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Quick Heal Technologies Ltd.
 
Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla IsolationCybryx
 
Internet gatekeeper
Internet gatekeeperInternet gatekeeper
Internet gatekeeperF-Secure Corporation
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
September 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionSeptember 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionKaseya
 
Protection Service for Business
Protection Service for BusinessProtection Service for Business
Protection Service for BusinessF-Secure Corporation
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
Web Intrusion Detection
Web Intrusion Detection Web Intrusion Detection
Web Intrusion Detection Abhishek Singh
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomwareCharles Steve
 
F secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF-Secure Corporation
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíMarketingArrowECS_CZ
 
Sandboxing
SandboxingSandboxing
SandboxingLan & Wan Solutions
 
Client Security - Best security for business workstations
Client Security - Best security for business workstationsClient Security - Best security for business workstations
Client Security - Best security for business workstationsF-Secure Corporation
 
Psb mobile security
Psb mobile securityPsb mobile security
Psb mobile securityF-Secure Corporation
 
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Trish McGinity, CCSK
 
Owasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListOwasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListVamsi K
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningSymantec
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
Encryption in the Cloud
Encryption in the CloudEncryption in the Cloud
Encryption in the CloudSVForum Cloud SIG
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 

More Related Content

What's hot

Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla IsolationCybryx
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
September 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionSeptember 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionKaseya
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
Web Intrusion Detection
Web Intrusion Detection Web Intrusion Detection
Web Intrusion Detection Abhishek Singh
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomwareCharles Steve
 
F secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF-Secure Corporation
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíMarketingArrowECS_CZ
 
Client Security - Best security for business workstations
Client Security - Best security for business workstationsClient Security - Best security for business workstations
Client Security - Best security for business workstationsF-Secure Corporation
 
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Trish McGinity, CCSK
 
Owasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListOwasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListVamsi K
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningSymantec
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 

What's hot (20)

Spikes Security Isla Isolation
Spikes Security Isla IsolationSpikes Security Isla Isolation
Spikes Security Isla Isolation
 
Internet gatekeeper
Internet gatekeeperInternet gatekeeper
Internet gatekeeper
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
September 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionSeptember 2012 Security Vulnerability Session
September 2012 Security Vulnerability Session
 
Protection Service for Business
Protection Service for BusinessProtection Service for Business
Protection Service for Business
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
Web Intrusion Detection
Web Intrusion Detection Web Intrusion Detection
Web Intrusion Detection
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomware
 
F secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and management
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included features
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucí
 
Sandboxing
SandboxingSandboxing
Sandboxing
 
Client Security - Best security for business workstations
Client Security - Best security for business workstationsClient Security - Best security for business workstations
Client Security - Best security for business workstations
 
Psb mobile security
Psb mobile securityPsb mobile security
Psb mobile security
 
Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3Andrew Useckas Csa presentation hacking custom webapps 4 3
Andrew Useckas Csa presentation hacking custom webapps 4 3
 
Owasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListOwasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities List
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 

Similar to Defending Servers - Cyber security webinar part 3

Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteImperva Incapsula
 
Owasp top 10 Vulnerabilities by cyberops infosec
Owasp top 10 Vulnerabilities by cyberops infosecOwasp top 10 Vulnerabilities by cyberops infosec
Owasp top 10 Vulnerabilities by cyberops infosecCyberops Infosec LLP
 
University Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical DataUniversity Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical DataNasser Hassan
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...Neil Matatall
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanEC-Council
 
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012WordCamp Sydney
 
Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012Vlad Lasky
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSMuhammad FAHAD
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attackAnalynk Wireless, LLC
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsMiller Energy, Inc.
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackCTi Controltech
 

Similar to Defending Servers - Cyber security webinar part 3 (20)

Encryption in the Cloud
Encryption in the CloudEncryption in the Cloud
Encryption in the Cloud
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
OWASP Top 10 2017
OWASP Top 10 2017OWASP Top 10 2017
OWASP Top 10 2017
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server security
 
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure WebsiteJoomla Security Simplified —  Seven Easy Steps For a More Secure Website
Joomla Security Simplified —  Seven Easy Steps For a More Secure Website
 
Windows network security
Windows network securityWindows network security
Windows network security
 
Owasp top 10 Vulnerabilities by cyberops infosec
Owasp top 10 Vulnerabilities by cyberops infosecOwasp top 10 Vulnerabilities by cyberops infosec
Owasp top 10 Vulnerabilities by cyberops infosec
 
Network Security
Network SecurityNetwork Security
Network Security
 
University Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical DataUniversity Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical Data
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
 
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir ValtmanFrom 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
From 0 to Secure in 1 Minute - Securing laaS - Nir Valtman
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012
 
Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICS
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attack
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 

More from F-Secure Corporation

How do you predict the threat landscape?
How do you predict the threat landscape?How do you predict the threat landscape?
How do you predict the threat landscape?F-Secure Corporation
 
Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!F-Secure Corporation
 
The Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security ServiceThe Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security ServiceF-Secure Corporation
 
Security A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important termsSecurity A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important termsF-Secure Corporation
 
Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espace Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espace F-Secure Corporation
 
Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espaceLes attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espaceF-Secure Corporation
 
F-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Corporation
 
Best business protection for windows
Best business protection for windowsBest business protection for windows
Best business protection for windowsF-Secure Corporation
 
Six things to take into account when choosing cloud solutions
Six things to take into account when choosing cloud solutionsSix things to take into account when choosing cloud solutions
Six things to take into account when choosing cloud solutionsF-Secure Corporation
 
Small and midsize business security is big business
Small and midsize business security is big businessSmall and midsize business security is big business
Small and midsize business security is big businessF-Secure Corporation
 
大きなビジネスを生み出す中小中堅企業
大きなビジネスを生み出す中小中堅企業大きなビジネスを生み出す中小中堅企業
大きなビジネスを生み出す中小中堅企業F-Secure Corporation
 
Why should you care about government surveillance?
Why should you care about government surveillance?Why should you care about government surveillance?
Why should you care about government surveillance?F-Secure Corporation
 
Arbeta var du vill- eBook om modern mobilitet
Arbeta var du vill- eBook om modern mobilitetArbeta var du vill- eBook om modern mobilitet
Arbeta var du vill- eBook om modern mobilitetF-Secure Corporation
 
Best corporate end-point protection 2013
Best corporate end-point protection 2013Best corporate end-point protection 2013
Best corporate end-point protection 2013F-Secure Corporation
 
Business Suite - Gain control of your IT security
Business Suite - Gain control of your IT securityBusiness Suite - Gain control of your IT security
Business Suite - Gain control of your IT securityF-Secure Corporation
 

More from F-Secure Corporation (20)

Post-mortem of a data breach
Post-mortem of a data breachPost-mortem of a data breach
Post-mortem of a data breach
 
How do you predict the threat landscape?
How do you predict the threat landscape?How do you predict the threat landscape?
How do you predict the threat landscape?
 
Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!
 
The Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security ServiceThe Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security Service
 
Security A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important termsSecurity A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important terms
 
Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espace Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espace
 
Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espaceLes attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espace
 
F-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior control
 
The State of the Net in India
The State of the Net in IndiaThe State of the Net in India
The State of the Net in India
 
Best business protection for windows
Best business protection for windowsBest business protection for windows
Best business protection for windows
 
Six things to take into account when choosing cloud solutions
Six things to take into account when choosing cloud solutionsSix things to take into account when choosing cloud solutions
Six things to take into account when choosing cloud solutions
 
Small and midsize business security is big business
Small and midsize business security is big businessSmall and midsize business security is big business
Small and midsize business security is big business
 
大きなビジネスを生み出す中小中堅企業
大きなビジネスを生み出す中小中堅企業大きなビジネスを生み出す中小中堅企業
大きなビジネスを生み出す中小中堅企業
 
Why should you care about government surveillance?
Why should you care about government surveillance?Why should you care about government surveillance?
Why should you care about government surveillance?
 
Arbeta var du vill- eBook om modern mobilitet
Arbeta var du vill- eBook om modern mobilitetArbeta var du vill- eBook om modern mobilitet
Arbeta var du vill- eBook om modern mobilitet
 
Powerful email protection
Powerful email protectionPowerful email protection
Powerful email protection
 
Best corporate end-point protection 2013
Best corporate end-point protection 2013Best corporate end-point protection 2013
Best corporate end-point protection 2013
 
Virtual Security
Virtual SecurityVirtual Security
Virtual Security
 
Surfing Safe on the Road
Surfing Safe on the RoadSurfing Safe on the Road
Surfing Safe on the Road
 
Business Suite - Gain control of your IT security
Business Suite - Gain control of your IT securityBusiness Suite - Gain control of your IT security
Business Suite - Gain control of your IT security
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Defending Servers - Cyber security webinar part 3

  • 2. CYBERSECURITY WEBINAR SERIES-PART3 © F-Secure2 • INTRODUCTION TO CYBERSECURITY • DEFENDING WORKSTATIONS • DEFENDING SERVERS – NOW • DEFENDING NETWORK 15TH OCTOBER 2015 • RESPONDING TO AN INCIDENT 9TH NOVEMBER 2015 • BUILDING SECURE SYSTEMS 3RD DECEMBER 2015 RECORDINGS: HTTPS://BUSINESS.F-SECURE.COM
  • 4. SERVERS ANDWORKSTATIONS HAVETHESAMETHREATS  Software vulnerabilities and exploits  Anything that is accessible can be attacked  However attacker has interactive access  Software misconfigurations  If access control can be bypassed, exploit is not needed  Badly configured software will leak, crypto can be degraded  Credential cracks and leaks  Bad passwords are the most common cause for a breach  And even a strong password does not protect you if it is leaked © F-Secure4
  • 5. https://www.exploit-db.com/exploits/18121/http://www.w3schools.com/sql/sql_injection.asp TYPICAL ATTACKSAGAINST SERVERS  Code execution attacks  Attacker is able to feed bad data and take over a service  SQL and other query injection  Attacker is able to give commands to DB server  For example read all data on the server, or modify it  Cross site scripting  Attacker is able to feed the victim a link which changes behavior of your web service  More info https://www.owasp.org/index.php/Top_10_2013-Top_10 © F-Secure5 https://www.exploit-db.com/exploits/38105/
  • 6. GETTHEBASICSRIGHT  Choose the right OS and install the latest feasible version  E.g. Windows server 2012 has a lot of improvements over 2008  Close all services that you don’t need  And have minimal configurations for what you need  Follow OS and service security baselines and best practices  Microsoft security baseline, NSA guides, NIST guides, CIS , Sans CSC, etc  Isolate services with sandboxes or at least account and access controls  Use memory hardening tools © F-Secure6
  • 7. MAKEUSEOFVIRTUALIZATION  Run services in hardware only if you really have to  Each function should have its own well-isolated virtual instance  Don’t get too attached to servers you have virtualized  Aim to have stateless systems that you can create and destroy at will  If a system alarms on a likely compromise, freeze the instance and launch a new one  Cycle VMs once per a couple of hours, make the attacker work for his foothold  However, don’t go naked into the clouds  Hosting servers or services in an environment you don’t own adds its own risks  Bring Your Own Encryption (BYOE) © F-Secure7
  • 8. MAKESUREYOUHAVE VISIBILITY  Logs are critical for investigation  Log to a remote system and store logs long enough, at least 12 months  ELK stack (Elastic search, Logstash and Kibana) for the win  Collect and maintain integrity logs  Use an integrity checker to spot any new executables  If you use VMs, make sure you regularly compare against the base image  Have alerts for critical situations  Have log monitoring systems that send email or SMS alerts on critical problems © F-Secure8
  • 9. MAKESUREYOURSERVICES ARESECURE  The most common cause for a server breach is third party services  Thus make sure you follow the security announcements and update  Especially WordPress  Also update any components used by your own code  Make sure that secure coding is practiced in your own code  https://www.owasp.org  http://www.cert.org/secure-coding/publications/index.cfm  http://resources.infosecinstitute.com/secure-code-review-practical-approach/ © F-Secure9
  • 10. MAKEITDIFFICULTFORTHE ATTACKER  Most attacks rely on exploits, EMET breaks most of the exploits  http://microsoft.com/emet  Even as some attacks run in memory, many drop executables  So use application control to prevent unknown EXEs  Many attackers circumvent detections by using PowerShell  allow only signed PowerShell scripts, or disable it  http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/17/hey-scripting-guy-how-can-i- sign-windows-powershell-scripts-with-an-enterprise-windows-pki-part-2-of-2.aspx © F-Secure10
  • 11. AUDIT,MAKESURETHINGS STAYSECURE  Do regular audits, or at least use vulnerability and configuration scanners  F-Secure Karhu, Nessus, OpenVAS  Spot the vulnerabilities before attacker  Focus on mitigations that fix a class of vulnerability  If you lack time, use consulting  Audit by a consultant is cheaper than Incident Response services © F-Secure11
  • 12. PROTECT YOURSECRETS  Ashley Madison hack, et al were possible because of bad hygiene  Store only the user info you need, drop the rest  Do not store any info in internet facing servers  Have separate DB servers, preferably with HTTP or other API, no SQL, CQL,etc  Where possible crypt the user info with the user’s password  Do not just hash passwords, use PBKDF#2, Scrypt, key derivation functions  Monitor access to data  If the web or other server starts to read tons of data that is a cause for alarm © F-Secure12
  • 13. UPCONVERT WHENCHANGING ALGORITHM  Originally AM was using MD5 hash  Later they updated to bcrypt with proper work factor  Unfortunately they failed to convert old accounts  Thus passwords for 11 million accounts could be cracked  http://cynosureprime.blogspot.in/2015/09/csp-our-take-on-cracked-am-passwords.html © F-Secure13 http://thehackernews.com/2015/09/ashley-madison-password-cracked.html
  • 14. CONCLUSION  Servers are hard to defend as attackers are interactive  Thus your best defense is to limit the attackers’ options  Minimize attack surface  Minimize tooling available in the server  Make the data difficult to access  Make the data useless when taken out from the context © F-Secure14
  • 16. THANK YOUFORYOUR PARTICIPATION! 16 STAY TUNED FOR THE FUTURE CYBER SECURITY WEBINAR SERIES: 15 October 2015 at 11.00 EET: “Defending network” 9 November 2015 at 11.00 EET: “Responding to an incident” 3 December 2015 at 11.00 EET: “Building secure systems” The Recording will be available at the BUSINESS SECURITY INSIDER https://business.f-secure.com