This presentation is on the basics of cyber security and cloud computing, where it also addresses the aspects ethical hacking in detail.
The url of the live presentation: http://syscolabs.lk/blog/cyber-security-and-cloud-computing/
4. Best Practices and Measures
taken to protect a computer or
a computer system, against an
unauthorized access or attack
• Hardware, Software, Data...
• Security Standards
• Ethical Hacking
• Best Practices
CYBER SECURITY
Cyber Security
8. This uses a simple file containing
words that can be surprisingly
found in a dictionary.
• “Iamthebest”
• “Iloveblahblah”
CRYPTANALYSIS
Dictionary Attacks
9. dictionary + non-dictionary words
by working through all possible
alpha-numeric combinations
• “aaaa901”
• “Iloveblahblah2233a”
CRYPTANALYSIS
Brute Force Attack
10. Keeps a table of hashes for all
possible password combinations.
Adding salts will make this task
even tougher
• “aaaa901”
• “fsdfwer232532”
CRYPTANALYSIS
Rainbow Table Attack
11. Ask the user for his or her
password. A phishing email leads
the unsuspecting reader to a faked
portal and collect credentials
• Sending a fake email related to
bank payments
CRYPTANALYSIS
Phishing
12. Social engineering takes the whole
‘ask the user’ concept outside of
the inbox that phishing tends to
stick with and into the real world.
• Call a person posing as a bank
or other security guy
CRYPTANALYSIS
Social Engineering
16. • Reconnaissance (“Gathering information about a potential target”)
• Scanning (“Using the info gathered during reconnaissance to examine
the network”)
• Gaining access (“Owning the system”)
• Maintaining access (“Backdoors, Rootkits, Trojans”)
• Covering tracks (“Alter log entries, removing alarms”)
5 Phases in Computer Hacking
COMPUTER HACKING
18. • Discuss the need for testing
• Sign an NDA
• Tiger team prepares a schedule for testing
• Conduct tests
• Analysis and report preparation
• Present the report to the client
Conducting Ethical Hacking
COMPUTER HACKING
19. Legality in Sri Lanka
COMPUTER HACKING
source: http://www.slcert.gov.lk/Downloads/Acts/Computer_Crimes_Act_No_24_of_2007(E).pdf
24. Security in the cloud is much like
security in your on-premises data
centers - only without the costs of
maintaining facilities and
hardware.
In the cloud, you don’t have to manage
physical servers or storage devices.
Instead, you use software-based
security tools to monitor and
protect the flow of information into
and of out of your cloud resources.
CLOUD SECURITY BASICS
Cloud Security
25. How Secure is the Cloud?
CLOUD SECURITY
source: https://www.youtube.com/watch?v=8g0NrHExD3g
Layer 1:
• Perimeter Defense
Layer 2:
• Clear Zone
Layer 3:
• Facility facade/ reception area
Layer 4:
• Hallway/ Escorted Area/ Gray Space
Layer 5:
• Data Center Room/ White Space
Layer 6:
• Data Center Cabinet/ White Space
29. 1. Data Breaches
2. Data Loss
3. Account or Service Traffic Hijacking
4. Insecure Interfaces and APIs
5. Denial of Service
6. Malicious Insiders
7. Abuse of Cloud Services
8. Insufficient Due Diligence
9. Shared Technology Vulnerabilities
NOTORIOUS NINE THREATS
32. AWS Shield
AWS CLOUD SECURITY
• AWS Shield is a managed Distributed Denial
of Service (DDoS) protection service
• AWS Shield provides always-on detection and
automatic inline mitigations that minimize
application downtime and latency
• Happens real-time (No support needed)
33. AWS WAF
AWS CLOUD SECURITY
• AWS WAF is a web application firewall that
helps protect your web applications from
common web exploits
• AWS WAF gives you control over which traffic
to allow or block to your web applications
• block common attack patterns, such as SQL
injection or cross-site scripting
34. AWS IAM
AWS CLOUD SECURITY
• Access Control
• Use AWS Identity and Access Management
(IAM) to control users' access to AWS services
• Create and manage users and groups, and
grant or deny access