Security 401.3 – Internet Security Technologies
On the third day of class, we started going into some of the actual technologies used in implementing security. The first topic covered is attack strategies and mitigation.
Know thy enemy – Sun Tzu
It’s important to know what your enemy uses in their attack in order to defend against them. The Mitnick-Shimomura attack is studied extensively in this topic as it provides a good insight into the steps Kevin Mitnick – World’s most famous hacker as Bryce says, uses in his famous hack. Bryce seems to know him personally though which has me thinking that these instructors have the skills, knowledge and exposure that they could easily fall into the dark side if they wanted to.
The best hackers don’t get caught
Back to Mitnick, not really wanting to demean him, but the reason why he’s famous is – he got caught. The latest news is he’s back at it and in the business of selling Zero-days.
Honey Pots, Honey Nets, Honey Tokens, Honey XXX
The next topic talks about firewalls as well as honey bleeps. Basically you can add honey in front of anything if it’s primary purpose is to draw your attackers in.
The firewall is not your silver bullet
Then we are reminded once again that the firewall is not your silver bullet by going through the topic of Threats & Vectors – ways to bypass your firewall. It’s important to note that intruders usually don’t try to get in through your strongest defence – the firewall. They like to find your weakest link – attacking from the inside, circumventing your firewall by getting through via wifi, spear phishing, social engineering. They like to recon and do a lot of that stealthily.
The fourth topic goes on about IDS/IPS/HIDS/HIPS, their advantages and shortcomings.
Last but not least, IT Risk management where we deal with some more Layer 8 & 9 topics in relation to building a business case for acquiring all these fancy security tools.
There’s a vendor expo held on the Wednesday of the SANS conference in which you get to visit a bunch of the security vendors and grab some of the goodies they gave away. None of the goodies were very good this year. The most memorable booth items were Palo Alto – where they gave out a multi USB cable for charging any smartphone as well as a pocket sized NG Firewall for dummy book. Other than that there was the odd T-shirt and a few rubber table top mascot thingys – Cisco Sourcefire was giving out their infamous Blue Snort Pig.
There was also a prize giveaway for an iPad providing you got all the stamps from all the booths – odds of winning and effort required drove me away. Then there was the extreme high sodium almost toppingless pizzas that they were putting out – Note to self, head over to Gordon Ramsay’s and grab a beer and sandwich next time.
The lab on the third day was useful and consisted of going over the use of HPING3 and NMAP. The exercises on NMAP really enforces the concepts used when performing reconnaissance. It highlights some of the methods used to perform stealthy SYN scans as well as methods used to identify the target OS and application characteristics. I use that a lot myself at times but I have better VAS tools now that can do that for me.