LATEST ISSUES & TRENDS IN CYBER SECURITY & THREATS

Mostly OverEstimated / UnderEstimated

Not here to

Lets try to get

familia r with
the

threat
vectors!!!

How many of you have seen these in THEATRES ?

How many of you have FEW or ALL of these in your LAPTOPS and HDDs thru TORRENTZ ?

Ever thought of Why is all this FREE ?

How many of
you have LINUX in your

Workstation s?

How many of
you have

Windows in
your

Workstation s?

Collusion is an experimental addon for Firefox and allows you to see all the third parties that are tracking your movements across the Web. It will show, in real time, how that data creates a spider-web of interaction
between companies and other trackers.

UNWANTED

APPS

Friends List Their Phone Numbers Their Addresses Your SMS Your MMS Your Browsing History Your Chats Your relatives details Your preferences

We are very POSITIVE on web!!!!

Does it Matter ?

Lets find out the answer with two scenarios.

In such times Securing the IT Environment getting DIFFICULT by day?

LETS GET BACK BY FEW YEARS!!!!

When securing the IT environment was easier than it is today.

LETS GET BACK BY FEW YEARS!!!!

Basic information such as users

locations, the applications they were running and the types of devices they were using were known variables.

LETS GET BACK BY FEW YEARS!!!!

In addition, this information

was fairly static, so security

policies scaled reasonably well

LETS GET BACK BY FEW YEARS!!!!

Applications ran on dedicated data center

servers in the

LETS GET BACK BY FEW YEARS!!!!

The IT

organization controlled access to those applications and established boundaries to enforce security policies

LETS GET BACK BY FEW YEARS!!!!

for the most partthe network experienced

predictable traffic patterns

TOUCHING MOMENT

HAPPY CISO!!!!!!

Changing the way the network is Architected

Applications/Data may move between servers or even data centers or countries

Multiple diverse mobile devices connect to the corporate

network from various locations

At the same time, users are

network by going to the cloud for

extending the corporate
collaborative applications like Dropbox or Google

IT no

longer knows which devices may connect to the

network or their location.

Data isnt just safely resting in the data center; it

is traversing the countries.

BOTNETS

A botnet is a collection of internetconnected programs

communicating with other similar programs in order to

perform tasks.

40% of the computers are Botted

So all this along with these two

Current Giants make

a great

Attack Surface

CRIMEWARE as a SERVICE

PRISM is a mass electronic surveillance data mining program known to have

been operated by the United States National Security Agency (NSA) since 2007

The Central Monitoring System is a mass

electronic surveillance program installed by C-DOT, an Indian Government owned agency.

The CMS gives India's security agencies and income tax

officials centralized

access to India's telecommunications network and the ability to listen in on & record mobile landline and satellite calls and ) , and read
private emails, SMS and MMS and track the geographical location of individuals, all

in real time.

Operation B70

It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. Refers to a hacking technique that leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an enduser and collect some type of

Browser Exploits

A form of malicious code that takes advantage of a flaw or vulnerability in an operating system or piece of software with the intent to breach browser security to alter a user's browser settings without their knowledge

Domains of security

Sadly.till date the approach has been mostly Who decides the have Security QRs.????? reactive since we been traditional in configuring SECURITY!!!!!!!

WHAT DO WE DO TODAY?
NO TWO ORG or USERS CAN HAVE SAME MODEL OF SECURITY IMPLEMENTATION THE NEED IS CUSTOMISED FOR EVERYONE

MODEL

Know EAL of your product

TAKE CONTROLLED RISK

KEEP YOUR

EYES/EARS OPEN

Cryptography OpenSource

Updates
Monitoring tools Strong Passwords Live DVDs Secure Design Common Passwords Cookies

Stringent Hardening
Access Controls Analysis tools

Cyber Hygiene
IT IQ

Firewalls/UTM s Know your

And will keep

False Identity

Impersonati on Failure User Fraud

Unknown Outsider Attack

Insider Attack

Threats
Breach of Anonymity

Unauth Disclosure

Access Revoked Rights DoS Theft of Access Tokens

TIME TRAVELLING ROBOTS FROM THE FUTURE Face recognition starts getting perfect
Speech recognition starts getting perfect Speaker recognition starts getting perfect We dont have a good AI today But we are improving on AI by day We have cheap storage We are recording what goes on.

I AM NOT REFERRING TO SCI FI

AI will be able to scan our past in future

Time travelling robots
are not going to come in our timesbut they will be there to scan our past laterand in the future they will be able to know everything we did today

E-Mail : anupamtiwari@fedoraproject.org

Blog at : http://anupriti.blogspot.com Twitter : @it_updates