This session was Q&A with an experts panel with Laura Chappell, Marcus Murray, Andy Malone, and Paula Januszkiewicz.
Of interest from the panel:
- All companies have unmaintained devices, whether authorized or not. These include smart phones, embedded OS devices (printers, etc.), and tablets.
- HP wireless printers collect all information on wireless networks they detect and being unsecured these can be an easy way to gather information.
- Marcus Murray has an Evan Hilton fake Facebook account for informational and entertainment purposes.
- APT (advanced persistent threats) is a targeted attack, and is being over-used in the media for attacks that are not targeted.
- Watch your DNS traffic for destinations being looked up, particularly for command and control servers for malware. Some of these are moving to cloud services.
- Implement security that does not rely on users or their training, as even trained users can be compromised.
- Security training is useless without testing of the training (requiring a passing mark) and policy based consequences for not passing.
- Laura likes to social engineer her parents for fun and profit. I’ll have to see if there are resources or stories about people doing this. This concept both coexists and conflicts with eDarwinism.
- IPv6 largest security issue is assuming you are not using it. Most new devices have IPv6 enabled and are not managed, making them easier to hack.
- Phishing has morphed to spearphishing, which is reducing the numbers but more effective.
- Make sure your kids are using computers in a shared area and are using parental control software such as Bluecoat K9
0 comments:
Post a Comment