THE DECADE BEHIND AND THE DECADE AHEAD - Saumil Shah

Information about THE DECADE BEHIND AND THE DECADE AHEAD - Saumil Shah

Published on January 29, 2020

Author: NSCONCLAVE

Source: slideshare.net

Content

1. NETSQUARE < THE DECADE BEHIND.. AND THE decade ahead > saumil shah - ceo, net-square

2. NETSQUARE NSCONCLAVE2020 #REPUBLICDAY सारे जहाँ से अ)छा

3. NETSQUARE #RepublicDaY2K

4. NETSQUARE # whoami - Saumil Shah THE ACCIDENTAL ENTREPRENEUR • 21 years in Infosec. • M.S. Computer Science Purdue University. • LinkedIn: saumilshah • Twitter: @therealsaumil

5. NETSQUARE YEAR 2000 Pentium 3 ~ 800MHz / 256M Ram / 20GB PCMCIA expansion, No USB Mobile Charges ₹14 / minute 64Kbps 1:4 "compressed broadband" The Dawn of WEB HACKING Hardware Used: Person to Person Communication: Internet Connectivity: Emerging Trends in Cybersecurity:

6. NETSQUARE EVOLUTION & MOORE'S LAW "THE NUMBER OF COMPONENTS PER INTEGRATED CIRCUIT SHALL DOUBLE EVERY COUPLE OF YEARS"

7. NETSQUARE Virginia Tech System X: Nov 2003 1100 PowerMac G5's 12 TFLOPS #3 Supercomputer in the world, November 2003 > 10 TFLOPS for < $10M Dr. Srinidhi Varadarajan

8. NETSQUARE NVIDIA AGX Xavier: Nov 2019

9. NETSQUARE 5 Minutes of Music 50MB 3.5MB 44.1KHz, Stereo 44.1KHz, Stereo

10. NETSQUARE Evolution's Outcomes

11. NETSQUARE 2007

12. NETSQUARE Again…Evolution

13. NETSQUARE The Evolution of Attacks: 2001-19

14. NETSQUARE Servers Applications Desktops Browsers Pockets Minds How Have Targets Shifted?

15. NETSQUARE IP:Port Applications on HTTP Broadband Networks HTML5 Wireless Connectivity Social Networks Target Enablers

16. NETSQUARE Attacks Follow The Money Defacement and DDoS ID Theft and Phishing Financial Fraud Targeted APT Ransomware Cambridge Analytica

17. NETSQUARE Evolution Quiz:

18. NETSQUARE

19. NETSQUARE FIREWALLS IDS/IPS ANTIVIRUS WAF DLP, EPS DEP, ASLR SANDBOX EVOLUTION OF DEFENSE 2001-19 DIFFERENT.... Reactive Approach Block the Bad Things and be Secure again

20. NETSQUARE FIREWALLS IDS/IPS ANTIVIRUS WAF DLP, EPS DEP, ASLR SANDBOX ONE-WAY ATTACK FRAGROUTER OBFUSCATION CHAR ENCODING DNS EXFIL ROP, INFOLEAK JAILBREAK DIFFERENT.... BUT SAME SAME

21. NETSQUARE Organizations have plenty volunteers to add layers of complexity… …but few none for attack surface reduction and reducing privileged code. THOMAS DULLIEN, "Why we are not building a defendable Internet" BH ASIA 2O17

22. NETSQUARE Security = "RISK REDUCTION" Rules Signatures Updates Machine Learning

23. NETSQUARE

24. NETSQUARE Microsoft 2001

25. NETSQUARE From: Bill Gates Sent: Tuesday, January 15, 2002 5:22 PM Subject: Trustworthy computing Every few years I have sent out a memo talking about the highest priority for Microsoft. Two years ago, it was the kickoff of our .NET strategy. Before that, it was several memos about the importance of the Internet to our future and the ways we could make the Internet truly useful for people. Over the last year it has become clear that ensuring .NET is a platform for Trustworthy Computing is more important than any other part of our work. If we don't do this, people simply won't be willing -- or able -- to take advantage of all the other great work we do. Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry to a whole new level of Trustworthiness in computing.

26. NETSQUARE

27. NETSQUARE 2005: Ciscogate – Michael Lynn https://www.schneier.com/blog/archives/2005/07/cisco_harasses.html

28. NETSQUARE 2009 CAN SEC WEST Photo credit: Garrett Gee

29. NETSQUARE Evolution of the Internet Physical Data Link IP TCP / UDP Session Presentation Application INTEROPERABILITY DECENTRALISED

30. NETSQUARE Evolution of the Internet HTTP WEB 1.0 WEB 2.0 CLOUDSocial N/W A.I. SKYNET HTTP IS THE DATAGRAM OF THE APPLICATION LAYER THE MATRIX VIRTUALISATION MOORE'S LAW BOSTON DYNAMICS F.A.A.N.G.

31. NETSQUARE

32. NETSQUARE

33. NETSQUARE A Brave New World

34. NETSQUARE Where Do We Live? #BREXIT #US Elections #CAA …typing

35. NETSQUARE PLANET CYBERSPACE NATURE'S AND PHYSICS' LAWS DON'T APPLY HERE. NEITHER DO YOUR GOVERNMENTS'

36. NETSQUARE Computerization, Discretion, Freedom Sergey Bratus, Anna Shubina December 31, 2015 Surveillance of social networking, pervasive user tracking in hopes of reaping profits promised by “big data”, and ubiquitous failure to secure stockpiled personal data went from being the concern of the few to making mainstream media. We’ve learned that what hurts privacy is also likely to hurt freedom. But, despite all these revelations, the worst and the most pervasive danger of computerizing our everyday lives has so far avoided public attention: that computers modify our behaviors related to discretion, professional autonomy, and, ultimately, moral choice. Computerization changes every area of human activity it touches, by bringing new rules and new metrics. With enough of these at work, humans must act with an eye to not just what they do (or should do) in the actual real-world situations, but also to how it will look in the computer representation of it—and the latter are never complete. And when they disagree, one must either spend the extra time and effort “fighting the system”, bend the rules—or give up.

37. NETSQUARE

38. NETSQUARE

39. NETSQUARE Alberto Brandolini @ziobrando (The Bullshit Asymmetry)

40. NETSQUARE THIS PERSON DOES NOT EXIST.COM Social Network Neighbourhood

41. NETSQUARE

42. NETSQUARE THE EVOLUTION OF ARTIFICIAL INTELLIGENCE

43. NETSQUARE

44. NETSQUARE CYBERSPACE BIOLOGY: CELLS = PIXELS • HUMAN FACULTIES FOR THREAT DETECTION FAIL IN CYBERSPACE. • FOR HUMANS, WHAT IS COMMON SENSE IN REALITY IS IGNORANCE IN VIRTUALITY. • FALSE SENSE OF SECURITY AND PRIVACY THROUGH INEFFECTIVE INFOSEC PRODUCTS.

45. NETSQUARE ELEMENTS OF A TRUSTWORTHY SYSTEM TRANSPARENCY METRICS RESILIENCE USERS

46. NETSQUARE BANK STATEMENTS Account Activity Spending Record Account Reconciliation Unauthorized Expenses

47. NETSQUARE Thomas Dullien http://addxorrol.blogspot.com/2018/03/a-bank-statement-for-app-activity-and.html "How could one empower users to account for their private data, while at the same time helping platform providers identify malicious software better? By providing users with the equivalent of a bank statement for app/software activity. The way I imagine it would be roughly as follows: A separate component of my mobile phone (or computer) OS keeps detailed track of app activity: What peripherals are accessed at what times, what files are accessed, etc." A BANK STATEMENT FOR APP/SOFTWARE ACTIVITY

48. NETSQUARE

49. NETSQUARE PEBKAC

50. NETSQUARE

51. NETSQUARE ROOT CAUSES OF "LACK OF TRUST" • THE INTERNET WAS DESIGNED FOR U.S. MILITARY COMMUNICATIONS. USER IDS WERE NEVER A PART OF ITS DESIGN. • ARE YOU ALLOWED TO DRIVE AN UNREGISTERED CAR ON THE ROAD, AND WITHOUT A DRIVERS' LICENSE?

52. NETSQUARE numberofusers infosec maturity HOPELESS UNINFORMED PROACTIVE ROCK STARS IDENTIFY YOUR TARGET USERS... Always going to be an enigma. If properly guided, these users are willing to improve their usage habits. The next Rock Star users. Leave them alone, and possibly learn from them.

53. NETSQUARE ...AND IMPROVE THEIR MATURITYnumberofusers infosec maturity HOPELESS UNINFORMED PROACTIVE ROCK STARS

54. NETSQUARE LET'S TALK ABOUT PASSWORDS

55. NETSQUARE https://xkcd.com/936 WE'VE SUCCESSFULLY TRAINED EVERYONE TO USE PASSWORDS THAT ARE HARD FOR HUMANS TO REMEMBER, BUT EASY FOR COMPUTERS TO GUESS.

56. NETSQUARE MAKE AUTHENTICATION GREAT AGAIN

57. NETSQUARE PUT THE USER IN CONTROL

58. NETSQUARE

59. NETSQUARE

60. NETSQUARE RESIST Pass The Parcel Rules, Signatures, Updates, Patches The Next Short-Lived Security Product Encumber Your Users INFOSEC: The business of selling FEAR

61. NETSQUARE RESONATE Take Ownership Build Defendable Systems Security and Trustworthiness as a core feature EMPOWER Your Users INFOSEC: The business of enabling TRUST

62. NETSQUARE JAI HIND [email protected] @therealsaumil

Related presentations


Other presentations created by NSCONCLAVE