Attacking the enterprise security.
A guide for office managers and sales people
What security is not...
1
A theater
2
A firewall, antivirus, IDS/IPS
3
A gun or knife in your pocket
4
Security is a chain, it is as strong as it's weakest link
6
Security is a compromise
7
Information security...
... protects the confidentiality, integrity, and availability of information on the devices that store, manipulate, and transmit the information through products, people, procedures
8
CIA triad
9
Security layers
Products. People. Procedures.
10
How can the confidential data get compromised?
11
- Social Engineering
- Phishing
- USB key malware
- Scanning from the Internet
- Guessing/brute-forcing passwords
- WiFi
- Stolen credentials
- Using password recovery functionality
- Insider information
- And many more...
12
In technology...
Core Internet protocols (ARP, SMTP, FTP, DNS)
14
In humans...
Social Engineering, phishing, etc
15
Common scenario
17
- Reconnaissance
- Scanning and enumeration
- Gaining access
- Escalation of privilege
- Maintaining access
- Covering tracks and placing backdoors
Facebook, LinkedIn, Google
19
Sucking data out of corporate network without wireless device
Johnny Long
21
22
23
24
25
26
27
How can you protect the data?
28