6005 CEM

Week 3

Introduction

Topics

  • Round up of this weeks Offline work
  • (Break)
  • This weeks Labs

Key threats to Systems

What did we talk about

  • Cyber Attacks
  • People leaking data
  • Rockets Exploding…

What is the Biggest Threat?

  • http://www.strawpoll.me/21024188

Didn’t you just Cheat?

  • Second Guessing what you are going to say…..
  • A Lot of this does come down to human error, - If we wrote secure code it would be harder to the hackers… - It we made things properly, users would have less opportunity to screw up….

The problem with blaming hackers.

Discussion

  • Asked you to look at an attack
  • Some of you picked Not Petya
    • 2017, Possible Nation State
    • Great talk by Maserk about learning from it.

Technical Measures

Can Technology Alone Save us?

  • Poll.

Antivirus

  • Attempts to detect malware on our systems
  • Great for known malware, but….
    • Malware is always evolving
    • Some AV’s are better than others

Firewalls

  • Can block traffic to services and addresses
  • The Allow / Deny List problem
  • Tend to have looser rules when you are inside.

IDS

  • Systems that let us detect anomalies on the network
  • Ie Look for known patterns of malware in network traffic
  • HTTP / Deep Packet Inspection issue.

SEIM

  • Collects a massive amount of Logging data
  • Uses AI? to search through this looking for issues
  • Correlated events can give a much better idea of what is happening.

Secure Design Process

Principles behind secure design

  • Not rules, but thing we should consider when designing software

Defence in Depth

  • Multiple layers of security
    • Have the Hardware but don’t rely on it
    • Multiple levels of access.

Don’t Rely on Security by obscurity

  • Hidden information is not secure
  • Google will find it.
  • We can look in binaries / Github / etc.

Least Privilege

  • Don’t give the user any more rights than they need

Separation of Duties

  • Split responsibilities across the system
    • Should one persion control the firewall.
    • What bout Firewall and AV
    • Code audit on pull requests.

Keep Security Simple

  • It you cant understand it, then you dont know what its doing.
  • Good understanding of the Design == Good Documentation

Don’t Invent Security

  • DONT ever roll your own Crypto
  • Input sanitisation is hard
  • Lots of Well tested libraries that will help with this.

Audit

  • Have your system support audit.
    • Logging is Good
    • Remember GDPR

Fail Securely

  • If there is an error, try to drop privileges
  • Deny rather than Grant privileges

Secure Development Lifecycle

SDLC Design:

  • Planning
  • Requirements
  • Design

SDLC 2 Development:

  • Development
  • Testing
  • Maintenance

SDLC

  • As been applied to most of the standard development models
  • Things like Waterfall its clear where it fits

SDLC and Agile

  • So Is a slow methodical process compatible with Agile
  • Can you sprint Security.

Group work and Discussion

  • Discuss
  • Present.