Published on January 29, 2020
1. NETSQUARE < THE DECADE BEHIND.. AND THE decade ahead > saumil shah - ceo, net-square
2. NETSQUARE NSCONCLAVE2020 #REPUBLICDAY सारे जहाँ से अ)छा
3. NETSQUARE #RepublicDaY2K
4. NETSQUARE # whoami - Saumil Shah THE ACCIDENTAL ENTREPRENEUR • 21 years in Infosec. • M.S. Computer Science Purdue University. • LinkedIn: saumilshah • Twitter: @therealsaumil
5. NETSQUARE YEAR 2000 Pentium 3 ~ 800MHz / 256M Ram / 20GB PCMCIA expansion, No USB Mobile Charges ₹14 / minute 64Kbps 1:4 "compressed broadband" The Dawn of WEB HACKING Hardware Used: Person to Person Communication: Internet Connectivity: Emerging Trends in Cybersecurity:
6. NETSQUARE EVOLUTION & MOORE'S LAW "THE NUMBER OF COMPONENTS PER INTEGRATED CIRCUIT SHALL DOUBLE EVERY COUPLE OF YEARS"
7. NETSQUARE Virginia Tech System X: Nov 2003 1100 PowerMac G5's 12 TFLOPS #3 Supercomputer in the world, November 2003 > 10 TFLOPS for < $10M Dr. Srinidhi Varadarajan
8. NETSQUARE NVIDIA AGX Xavier: Nov 2019
9. NETSQUARE 5 Minutes of Music 50MB 3.5MB 44.1KHz, Stereo 44.1KHz, Stereo
10. NETSQUARE Evolution's Outcomes
11. NETSQUARE 2007
12. NETSQUARE Again…Evolution
13. NETSQUARE The Evolution of Attacks: 2001-19
14. NETSQUARE Servers Applications Desktops Browsers Pockets Minds How Have Targets Shifted?
15. NETSQUARE IP:Port Applications on HTTP Broadband Networks HTML5 Wireless Connectivity Social Networks Target Enablers
16. NETSQUARE Attacks Follow The Money Defacement and DDoS ID Theft and Phishing Financial Fraud Targeted APT Ransomware Cambridge Analytica
17. NETSQUARE Evolution Quiz:
19. NETSQUARE FIREWALLS IDS/IPS ANTIVIRUS WAF DLP, EPS DEP, ASLR SANDBOX EVOLUTION OF DEFENSE 2001-19 DIFFERENT.... Reactive Approach Block the Bad Things and be Secure again
20. NETSQUARE FIREWALLS IDS/IPS ANTIVIRUS WAF DLP, EPS DEP, ASLR SANDBOX ONE-WAY ATTACK FRAGROUTER OBFUSCATION CHAR ENCODING DNS EXFIL ROP, INFOLEAK JAILBREAK DIFFERENT.... BUT SAME SAME
21. NETSQUARE Organizations have plenty volunteers to add layers of complexity… …but few none for attack surface reduction and reducing privileged code. THOMAS DULLIEN, "Why we are not building a defendable Internet" BH ASIA 2O17
22. NETSQUARE Security = "RISK REDUCTION" Rules Signatures Updates Machine Learning
24. NETSQUARE Microsoft 2001
25. NETSQUARE From: Bill Gates Sent: Tuesday, January 15, 2002 5:22 PM Subject: Trustworthy computing Every few years I have sent out a memo talking about the highest priority for Microsoft. Two years ago, it was the kickoff of our .NET strategy. Before that, it was several memos about the importance of the Internet to our future and the ways we could make the Internet truly useful for people. Over the last year it has become clear that ensuring .NET is a platform for Trustworthy Computing is more important than any other part of our work. If we don't do this, people simply won't be willing -- or able -- to take advantage of all the other great work we do. Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry to a whole new level of Trustworthiness in computing.
27. NETSQUARE 2005: Ciscogate – Michael Lynn https://www.schneier.com/blog/archives/2005/07/cisco_harasses.html
28. NETSQUARE 2009 CAN SEC WEST Photo credit: Garrett Gee
29. NETSQUARE Evolution of the Internet Physical Data Link IP TCP / UDP Session Presentation Application INTEROPERABILITY DECENTRALISED
30. NETSQUARE Evolution of the Internet HTTP WEB 1.0 WEB 2.0 CLOUDSocial N/W A.I. SKYNET HTTP IS THE DATAGRAM OF THE APPLICATION LAYER THE MATRIX VIRTUALISATION MOORE'S LAW BOSTON DYNAMICS F.A.A.N.G.
33. NETSQUARE A Brave New World
34. NETSQUARE Where Do We Live? #BREXIT #US Elections #CAA …typing
35. NETSQUARE PLANET CYBERSPACE NATURE'S AND PHYSICS' LAWS DON'T APPLY HERE. NEITHER DO YOUR GOVERNMENTS'
36. NETSQUARE Computerization, Discretion, Freedom Sergey Bratus, Anna Shubina December 31, 2015 Surveillance of social networking, pervasive user tracking in hopes of reaping profits promised by “big data”, and ubiquitous failure to secure stockpiled personal data went from being the concern of the few to making mainstream media. We’ve learned that what hurts privacy is also likely to hurt freedom. But, despite all these revelations, the worst and the most pervasive danger of computerizing our everyday lives has so far avoided public attention: that computers modify our behaviors related to discretion, professional autonomy, and, ultimately, moral choice. Computerization changes every area of human activity it touches, by bringing new rules and new metrics. With enough of these at work, humans must act with an eye to not just what they do (or should do) in the actual real-world situations, but also to how it will look in the computer representation of it—and the latter are never complete. And when they disagree, one must either spend the extra time and effort “fighting the system”, bend the rules—or give up.
39. NETSQUARE Alberto Brandolini @ziobrando (The Bullshit Asymmetry)
40. NETSQUARE THIS PERSON DOES NOT EXIST.COM Social Network Neighbourhood
42. NETSQUARE THE EVOLUTION OF ARTIFICIAL INTELLIGENCE
44. NETSQUARE CYBERSPACE BIOLOGY: CELLS = PIXELS • HUMAN FACULTIES FOR THREAT DETECTION FAIL IN CYBERSPACE. • FOR HUMANS, WHAT IS COMMON SENSE IN REALITY IS IGNORANCE IN VIRTUALITY. • FALSE SENSE OF SECURITY AND PRIVACY THROUGH INEFFECTIVE INFOSEC PRODUCTS.
45. NETSQUARE ELEMENTS OF A TRUSTWORTHY SYSTEM TRANSPARENCY METRICS RESILIENCE USERS
46. NETSQUARE BANK STATEMENTS Account Activity Spending Record Account Reconciliation Unauthorized Expenses
47. NETSQUARE Thomas Dullien http://addxorrol.blogspot.com/2018/03/a-bank-statement-for-app-activity-and.html "How could one empower users to account for their private data, while at the same time helping platform providers identify malicious software better? By providing users with the equivalent of a bank statement for app/software activity. The way I imagine it would be roughly as follows: A separate component of my mobile phone (or computer) OS keeps detailed track of app activity: What peripherals are accessed at what times, what files are accessed, etc." A BANK STATEMENT FOR APP/SOFTWARE ACTIVITY
49. NETSQUARE PEBKAC
51. NETSQUARE ROOT CAUSES OF "LACK OF TRUST" • THE INTERNET WAS DESIGNED FOR U.S. MILITARY COMMUNICATIONS. USER IDS WERE NEVER A PART OF ITS DESIGN. • ARE YOU ALLOWED TO DRIVE AN UNREGISTERED CAR ON THE ROAD, AND WITHOUT A DRIVERS' LICENSE?
52. NETSQUARE numberofusers infosec maturity HOPELESS UNINFORMED PROACTIVE ROCK STARS IDENTIFY YOUR TARGET USERS... Always going to be an enigma. If properly guided, these users are willing to improve their usage habits. The next Rock Star users. Leave them alone, and possibly learn from them.
53. NETSQUARE ...AND IMPROVE THEIR MATURITYnumberofusers infosec maturity HOPELESS UNINFORMED PROACTIVE ROCK STARS
54. NETSQUARE LET'S TALK ABOUT PASSWORDS
55. NETSQUARE https://xkcd.com/936 WE'VE SUCCESSFULLY TRAINED EVERYONE TO USE PASSWORDS THAT ARE HARD FOR HUMANS TO REMEMBER, BUT EASY FOR COMPUTERS TO GUESS.
56. NETSQUARE MAKE AUTHENTICATION GREAT AGAIN
57. NETSQUARE PUT THE USER IN CONTROL
60. NETSQUARE RESIST Pass The Parcel Rules, Signatures, Updates, Patches The Next Short-Lived Security Product Encumber Your Users INFOSEC: The business of selling FEAR
61. NETSQUARE RESONATE Take Ownership Build Defendable Systems Security and Trustworthiness as a core feature EMPOWER Your Users INFOSEC: The business of enabling TRUST
62. NETSQUARE JAI HIND [email protected] @therealsaumil