LATEST ISSUES & TRENDS IN CYBER

SECURITY & THREATS

Mostly OverEstimated / UnderEstimated

Not
here to

Lets
try to
get

famili
ar with
the

threa

How many of
you have
seen these in
THEATRES ?

How many of
you have
FEW or ALL
of these in
your

LAPTOPS
and HDDs

Ever
thought of
Why is all
this FREE ?

How many
of you have
LINUX in
your

Workstati
ons ?

How many
of you have

Windows
in your

Workstati
ons ?

Collusion is an experimental
add-on for Firefox and allows you
to see all the third parties
that are tracking your
movements across the Web. It
will show, in real time, how
that data creates a spiderweb of interaction between
companies and other trackers.

UNWANTED

APPS

Friends List
Their Phone
Numbers
Their Addresses
Your SMS
Your MMS
Your Browsing
History
Your Chats
Your relatives
details

We are very POSITIVE on

web!!!!

Does it

Lets find out the

answer with two
scenarios.

In such times
Securing the IT
Environment
getting DIFFICULT
by day?

LETS GET BACK BY FEW YEARS!!!!

When securing the IT environment was easier than it is today.

LETS GET BACK BY FEW YEARS!!!!

users
locations, the applications they were
running and the types of devices they
Basic information such as

were using were known variables.

LETS GET BACK BY FEW YEARS!!!!

In addition, this

information was fairly

static, so security policies
scaled reasonably well

LETS GET BACK BY FEW YEARS!!!!

Applications ran on

servers

dedicated

in the data center

LETS GET BACK BY FEW YEARS!!!!

IT organization
controlled access to those
The

applications and established

enforce
security policies
boundaries to

LETS GET BACK BY FEW YEARS!!!!

for the most partthe network experienced

predictable traffic patterns

TOUCHING
MOMENT
HAPPY CISO!!!!!!

Welcome CLOUDS
Changing the way the network is Architected

Welcome
VIRTUALIZATION

Applications/Data may move between servers or

even data centers or countries

Welcome SMART PHONES

Multiple diverse mobile devices connect to the corporate

network from various locations

At the same time, users are

network
by going to the cloud for
extending the corporate

collaborative applications like

Dropbox or Google
IT no

longer knows which

devices may connect to the
network or their location.

Data isnt just safely resting in the

data center; it

is traversing
the countries.

BOTNETS

A botnet is a collection of internetconnected programs

communicating with other

similar programs in order to
perform tasks.

40% of the computers

are Botted

So all this
along with
these two

Current
Giants
make a
great

Attack
Surface

CRIMEWARE as a SERVICE

PRISM is a mass electronic surveillance data mining program known to have

been operated by the United States National Security Agency (NSA) since 2007

The Central Monitoring System is a mass

electronic
surveillance program installed by C-DOT, an Indian
Government owned agency.

The CMS gives India's security agencies and income tax

officials centralized

access to India's
telecommunications network and the ability to
listen in on & record mobile
landline and satellite calls and ) , and read
private emails, SMS and MMS and track the geographical
location of individuals, all

in real time.

Operation B70

Life :
2-3 Years

It is the type of attack

that takes advantage of
improper coding of your
web applications that
allows hacker to inject
SQL commands into say
a login form to allow
them to gain access to
the data held within
Refers to a hackingyour database.
technique that leverages
vulnerabilities in the code
of a web application to
allow an attacker to send
malicious content from an

Browser Exploits

of malicious code that takes

advantage of a flaw or vulnerability in an
operating system or piece of software with
the intent to breachbrowser securityto
alter a user's browser settings without their
knowledge
A

form

So we have an ever increasing

DYNAMIC ATTACK
SURFACE

Domains
of security

Sadly.till date the approach has been

Who
decides
the Security
QRs.?????
mostly
reactive
since we
have been
traditional in configuring SECURITY!!!!!!!

WHAT DO WE DO TODAY?
NO TWO ORG or USERS CAN HAVE SAME
MODEL OF SECURITY IMPLEMENTATION
THE NEED IS CUSTOMISED
FOR EVERYONE

MODEL

Know EAL of your product

TAKE CONTROLLED RISK

KEEP YOUR

EYES/EARS OPEN

Cryptography

Updates

OpenSourc
e
Stringent
Hardening

Monitoring
tools

Access
Controls
Analysis
tools
Cyber
Hygiene
IT IQ

Strong
Passwords
Live DVDs
Secure
Design

Firewalls/U
TMs
Know your

Common
Passwords
Cookies

And will keep

False
Identity

Imperson
ation

Failure
User Fraud

Unknown
Outsider
Attack
Breach of
Anonymity

Insider Attack

Threats

Unauth
Disclosure

Access
Revoked
Rights
DoS
Theft of
Access
Tokens

I AM NOT REFERRING TO SCI FI

TIME TRAVELLING ROBOTS FROM

THEstarts
FUTURE
Face recognition
getting perfect
Speech recognition starts getting perfect
Speaker recognition starts getting perfect
We dont have a good AI today
But we are improving on AI by day
We have cheap storage
We are recording what goes on.

AI will be able to scan our past in future

Time travelling robots
are not going to come in our
timesbut they will be there
to scan our past later
and in the future they will be

able to know
everything we did today

E-Mail : anupamtiwari@fedoraproject.org

Blog at : http://anupriti.blogspot.com
Twitter : @it_updates