Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security: Myths and Mistakes

Similar presentations

Presentation on theme: "Computer Security: Myths and Mistakes"— Presentation transcript:

1 Computer Security: Myths and Mistakes
Mark “Simple Nomad” Loveless Hacker

2 Hello Current employer, MITRE Corporation1
I am not doing a “soft sell” I do not consult I have not written a book 1 - The author's affiliation with The MITRE Corporation is provided for identification purposes only, and is not intended to convey or imply MITRE's concurrence with, or support for, the positions, opinions or viewpoints expressed by the author.

3 Myth #1 My company is small, no one will attack us Yes they will
Botnets Bandwidth for spam Identity theft

4 Myth #2 My firewall will protect me No it will not E-mail
Ingress vs. Egress and web surfing Trusted partners, vendors, clients Rogue wireless Even old dialup

5 Myth #3 My IDS/IPS will protect me
Hackers know how to not only avoid these systems, but can actually fingerprint them Using the fingerprint information, an attack can be tailored to avoid detection

6 Fun Fact #1 Hackers have jobs, and any company that says they don’t hire them are lying, or they don’t know There are blackhats out there working in IT, for security vendors, and even auditing firms

7 Myth #4 My anti-virus software will protect me No it will not
All anti-virus companies miss things By the time you get updated signatures, the new variant is out, and the new malware code is updated in the field 0day is big business Bad guys are aware of how the AV vendors operate and have changed tactics Spear phishing is an excellent example

8 Myth #5 Wireless is mature and ready for the enterprise Not exactly
WEP is broken WPA2 or nothing Key management is difficult at best Consider an additional layer, such as a VPN as well And don’t make the VPN PPTP

9 Myth #6 That plastic reader on the outside of my building is safe
Hardly If it is on the outside of the building, inexpensive hardware can be used to render it a massive security liability

10 Fun Fact #2 “Modern jazz isn’t dead, it just smells funny”
Frank Zappa “Perimeter security isn’t dead, it just smells funny” Me, in early 2000’s “Perimeter security is dead” Me, in 2005

11 Myth #7 Road warriors are safer than ever
They are more at risk than ever before Targeted as a group via wireless/bluetooth issues Targeted individually or as an industry at conventions

12 Myth #8 Getting compliant with <acronym> will hurt and take forever Yes and no, but mainly “no” if you have been doing Security 101 stuff all along Don’t let vendors or consultants tell you otherwise Most vendors “invent” compliance packages based upon Security 101 stuff anyway (I have worked for some of those vendors in the past) No one tool, appliance, or software product will make you compliant Learn where you are decent, and use these technologies solely as tools to fill the gaps

13 Fun Fact #3 Money is ruining the hacker underground

14 Questions?

Download ppt "Computer Security: Myths and Mistakes"

Similar presentations

Ads by Google