CYBER

SECURITY: ESSENTIALS
Daniel Medina [email protected]

NEWS
Last nights security meet-up:
Android app hacks, AFL talk

RECAP
Lets go over some networking
TCP vs UDP
Firewalls

APPLICATION SECURITY
Last class: soBware vulnerabiliDes
When do we do security during development?

APPLICATION SECURITY

[Separate slides: Assessing your maturity]

AUDITING

Audit what? (scope)

Performed by whom? (internal, external)

I+AAA
Who has access?
How is it provisioned?
How is it deprovisioned?
How is access logged?

Examples?

DR/BCP
Do you have backups?
Can you restore from backups?
What is your plan for $latest_disaster_movie?
How oBen to you exercise your disaster plan?

Examples?

DR/BCP

$disaster_movie scenarios by year?

Is there a common soluDon?

PERIMETER SECURITY
Do you have rewalls?
What do you block / allow?
Do you have network diagrams?

Examples?

VULNERABILITY MANAGEMENT
Do you have an asset inventory?
Do you know what version systems are at?
Are your assets under support contract?
How what is your patching strategy?

Examples?

LOGGING AND INCIDENTS

Similar to I+AAA
Do you log security events?
What acDon is taken in response to an event?
Do you have sucient data retained?

Examples?

CHANGE MANAGEMENT
How are changed deployed?
How are they approved?
How are unapproved changes detected?

Examples?

VENDOR MANAGEMENT
What external vendors / services are in use?
Who assessed those vendors, on what criteria?
What level of access to they have to data?

Examples?
Shadow IT

BREAK

ENFORCED BREAK HERE

INCIDENT RESPONSE

INCIDENT RESPONSE
Learn lessons from others!
CommunicaDons & Contacts are criDcal
PracDce; eventual events will be unexpected

STAKKATO
aka The Teragrid Incident
aka FBI Case 216
aka The Uppsala hacker
Went down something like this
Press coverage in the end:
NYT, Wikipedia, Wired (1, 2)

INCIDENT RESPONSE

[Separate slides / Learning from others]