Professional Documents
Culture Documents
TO YOUR BUSINESS?
Jayson Ferron, CEO, Interactive Security Training
20 April 2017
Audio is streamed over your computer Use the Papers tab to find the following:
Dial in numbers and codes are on the left PDF Copy of todays presentation
Jay Ferron
CEHi, CISSP, CHFIi, C)PTEi, CRISC, CSXp
Trainer, CVEi, MCITP, MCSE, MCT, MVP, NSA
Past President ISACA Greater Hartford Chapter
Blog: Blog.mir.net
Manufacturing Real-Estate
Software Utilities & Energy
Financial Media
Construction Non-Profit
Government & Defense E-Commerce
Education ALL experienced increases
Healthcare in both general AND
Retail targeted attacks in 2015
Transportation
Telecom
Wearables
Home Health Monitoring Devices
Talking Devices appealing to all ages
Cloud Based
Wireless transmission capable
Cheaper infrastructure for users and
care providers
10
Education
Email
Online classes
Research
Collaboration
Communication
Email
Instant messenger
Social networks
11
EXAMPLES:
proctorChrLdr
ClintonBball#22
RFAGoalie
NthUticaJIM
SylvanSally
BikiniBabe
HPDiver
NHHottie
12
BAD EXAMPLES:
SpongeBob
Pink
BTRFan
volleyball
Scruffy
Strough
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
DarkNet-Peer-to-Peer (P2P)
Nodezilla
Vuze
Morpheus
Luckywire
36
Invisible Internet Project (I2P) adds another layer to normal internet based traffic. Similar to the
TOR network, I2P uses computers and servers running as an I2P node. Once you have installed the
I2P client software, it automatically adds your system to the known node list for others to relay
through, but you can control how many systems your computer is allowed to relay for
37
Before we go further, Be warned you are about to dive into the depths of
the DeepWeb and DarkNet
If you do it please do it securely
Never, ever do this on a government or corporate asset
Laptop
PDA
Tablet
Smartphone
Regardless of OS and security precautions
Only do this on personal devices, that have been secured
As in dont infect a machine that your children may log onto when you are at work
38
Secure Laptop/Tablet
Fully Patched, AV,AntiMalware all up to date
Install Timefreeze on the host (Free,Do not enable it yet)
Inside the VM
Install Sandboxie
http://www.sandboxie.com/index.php?DownloadSandboxie
39
Almost done
40
Semi-Secure Setup
41
Good Alternatives
Kali Linux https://www.kali.org/downloads/
AnonymOS http://sourceforge.net/projects/anonym-os/
42
43
44
45
How many of YOU know what your employees, vendor, partner, or your
supplier is doing with YOUR data? In the CLOUD?
46
47
48
49
Many tools
Many services
Many Companies claiming to do it better than anyone else
Very few Actually are
Very Simple, to catch a Hacker you have to think like one. To catch a
To find your Corporate Data, you have to know where they put it The DarkNet
50
51
52
This individual has been posting his internal configurations all over the forum, internal IP
architecture etc. Needless to say the data has been replicated on several areas on the DarkNet.
(Those were traced back to this example)
53
54
55
Copyright 2017 by the Information Systems Audit and Control Association, Inc. (ISACA). All rights reserved. This
webinar may not be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system, or
transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise).
56