1 00:00:00,080 --> 00:00:11,009 it's a no goodnight not done my job as a prisoner but things are internal network 2 00:00:11,009 --> 00:00:18,240 and the targets do not work we're not going to be talking about external just 3 00:00:18,240 --> 00:00:24,278 gonna say that up front so a little bit about me or my name mcconnell 4 00:00:24,279 --> 00:00:33,250 adults and one of their red team members networking mobile security so I'm 5 00:00:33,250 --> 00:00:37,480 generally not the guy that's going to be honest I'm going to set aside neither 6 00:00:37,480 --> 00:00:42,640 britain remotely working on boxes on your network reporter mobile 7 00:00:42,640 --> 00:00:52,340 applications by me my mom three node is laying out the Dec one channel GMAC also 8 00:00:52,340 --> 00:00:57,620 much better if you have questions want to know anything after this my email in 9 00:00:57,620 --> 00:00:58,519 McConnell 10 00:00:58,520 --> 00:01:06,290 works for me gmail.com so I wanna do hoon here is responsible for your 11 00:01:06,290 --> 00:01:17,080 organization's security and I T three organization that much everybody so 12 00:01:17,080 --> 00:01:24,250 russia now everyone you are responsible for your organization's it doesn't 13 00:01:24,250 --> 00:01:30,000 matter if you're not if you're an employee for an organization 14 00:01:30,000 --> 00:01:41,880 you are responsible for security so what this isn't anything new advanced we're 15 00:01:41,880 --> 00:01:47,050 not going to talk about the tax we're not gonna talk about many things we're 16 00:01:47,050 --> 00:01:53,979 not covering anything super in the reason why I don't need it because I'm 17 00:01:53,979 --> 00:02:02,170 attaching and that works as a red team member whether it be physically break in 18 00:02:02,170 --> 00:02:10,830 and whether I get in touch whatever i dont not need to exploit I don't need to 19 00:02:10,830 --> 00:02:14,320 use super advanced on your network 20 00:02:14,320 --> 00:02:21,609 compromise your data what I used is very basic simple attacks but rules that are 21 00:02:21,610 --> 00:02:32,330 already on your network to access their street years in my mind of what security 22 00:02:32,330 --> 00:02:39,890 information system security you have your human aspect and this isn't just 23 00:02:39,890 --> 00:02:41,559 presentation 24 00:02:41,560 --> 00:02:46,750 information security reason being that I'm gonna try to explain this in such a 25 00:02:46,750 --> 00:02:55,590 way that makes sense that you're human aspect you cannot assume you can't 26 00:02:55,590 --> 00:03:03,160 change and the psychology about train on a human being is so real documented so 27 00:03:03,160 --> 00:03:10,130 wrong now it doesn't matter I rolled their retailer we someone in your 28 00:03:10,130 --> 00:03:11,190 organization 29 00:03:11,190 --> 00:03:16,230 no questions asked and you can assume that if I get one person to click on a 30 00:03:16,230 --> 00:03:25,299 link in your organization compromising on your network there's just no 31 00:03:25,300 --> 00:03:26,590 questions about it 32 00:03:26,590 --> 00:03:35,090 the second thing about it is this a security problem you're gonna face 33 00:03:35,090 --> 00:03:42,030 there's two real dilemmas one there's no way to keep me out of your building 34 00:03:42,030 --> 00:03:50,730 unless you work in a missile silo that's buried under you know hundreds of armed 35 00:03:50,730 --> 00:03:57,429 guards and there's only one point otherwise I really wanna I've got enough 36 00:03:57,430 --> 00:03:59,940 seats for a term I am coming to a wall 37 00:03:59,940 --> 00:04:08,030 yeah the door I'm given your building brick through the window you know those 38 00:04:08,030 --> 00:04:14,770 are very destructive violent attacks but now let's go to him or her side of human 39 00:04:14,770 --> 00:04:26,750 and physics to carry such as tell you you know that's how many times have you 40 00:04:26,750 --> 00:04:33,820 to someone carrying a box aesthetics UPS guy and you're building a couple boxes 41 00:04:33,820 --> 00:04:34,969 what do you do 42 00:04:34,969 --> 00:04:43,339 here let me help you as much as I love all do that all day every day walk on 43 00:04:43,339 --> 00:04:48,979 your network settings boxes down somewhere good luck my devices networks 44 00:04:48,979 --> 00:04:55,889 and walk away you won't see it you know what's there and now I've got a 45 00:04:55,889 --> 00:05:03,689 compromise that is why for those two things it's imperative that we talked 46 00:05:03,689 --> 00:05:07,209 some information security those two things are beaten every day 47 00:05:07,209 --> 00:05:13,749 information security of your so there's no emotion there's how ramifications 48 00:05:13,749 --> 00:05:21,749 there's no instinctive response by particular it does exactly what it says 49 00:05:21,749 --> 00:05:28,339 goodbye and its guests now in May behaved inappropriately because the two 50 00:05:28,339 --> 00:05:33,809 attackers altitude but it is doing exactly what I was told 51 00:05:33,809 --> 00:05:49,689 examples of this job fairly early lockdown lobby they couldn't get past 52 00:05:49,689 --> 00:05:55,509 the guards so they can buy the physical and human aspect to pave 53 00:05:55,509 --> 00:06:02,190 started taking a piss everyone 54 00:06:02,190 --> 00:06:09,660 been dropping to god statues everybody comes all the other patrons took a 55 00:06:09,660 --> 00:06:11,580 worker walks up behind them 56 00:06:11,580 --> 00:06:18,039 the elevators when it was game over at that point they walked out with access 57 00:06:18,040 --> 00:06:29,100 about 36 hours everything they want that one 58 00:06:29,100 --> 00:06:41,330 focus on that she doesn't matter if you don't build that you're protecting your 59 00:06:41,330 --> 00:06:52,280 assets it does so there's this is not so organizations 60 00:06:52,280 --> 00:07:00,270 down approach how many of you and hear how to deal with compliance ok how many 61 00:07:00,270 --> 00:07:01,590 of you in here 62 00:07:01,590 --> 00:07:06,390 directives from management that says you have to secure your environment you have 63 00:07:06,390 --> 00:07:13,789 to be security to make it so we don't incidence you know that's not the 64 00:07:13,790 --> 00:07:25,940 problem but it doesn't do anything to security team members PCI HIPAA the year 65 00:07:25,940 --> 00:07:35,280 two socks that does not sound environment in such a way that it is it 66 00:07:35,280 --> 00:07:50,969 is very much 67 00:07:50,969 --> 00:08:06,479 100 companies over a billion dollar five hundred billion dollar company ninety 68 00:08:06,479 --> 00:08:13,998 percent of their security was still based on scams Nexus how we know that's 69 00:08:13,999 --> 00:08:20,079 not buildings we have this is what our friends this is how we do not follow yes 70 00:08:20,079 --> 00:08:27,839 ninety percent of the time and where the stock started from was that will not 71 00:08:27,839 --> 00:08:37,708 catch this thing works it will not just any day of the week and then here's the 72 00:08:37,708 --> 00:08:45,849 other parts of you ensure an unlimited budget in here have a very small tight 73 00:08:45,850 --> 00:08:51,699 budget you can buy a new product or maybe you can upgrade that machine you 74 00:08:51,699 --> 00:09:05,378 need for most stuff from here built environments from the ground up with 75 00:09:05,379 --> 00:09:13,029 security in mind how many of you in here at something happens we need to put them 76 00:09:13,029 --> 00:09:20,329 on our VPN where we need to put it in this day on her email or we have to set 77 00:09:20,329 --> 00:09:28,040 stricter passive policy because every user having the password really you know 78 00:09:28,040 --> 00:09:33,149 it doesn't make sense we have to build a top we bought today it's not in our 79 00:09:33,149 --> 00:09:42,120 environments and that's why I try to get slapped why don't you dance this is 80 00:09:42,120 --> 00:09:51,069 right now it's actually dive into some of the actual things up I will exploit 81 00:09:51,069 --> 00:09:53,339 on a daily basis 82 00:09:53,339 --> 00:10:02,179 tax compromise network how many of you and hear how such a structure that you 83 00:10:02,179 --> 00:10:08,589 will turn up you can secure and the new go back and disabled every pore except 84 00:10:08,589 --> 00:10:18,459 the ones you need reports he don't need because if you don't have free access 85 00:10:18,459 --> 00:10:27,630 how many of you also actually figure Europe for two specific match if you 86 00:10:27,630 --> 00:10:45,519 don't do that I'm going to target device to a PC devices to be how many of you in 87 00:10:45,519 --> 00:10:52,990 here will actually do to keep your car wash on DHCP for Microsoft 88 00:10:52,990 --> 00:11:06,720 say a lot of this is very much focused for ceramics FreeBSD 89 00:11:06,720 --> 00:11:15,730 environments however most corporations that are most networks I see windows on 90 00:11:15,730 --> 00:11:26,550 the network that I can use these acts as if you you know it doesn't matter 91 00:11:26,550 --> 00:11:37,969 also however I need to expand access to data and continue to evolve or do you 92 00:11:37,970 --> 00:15:02,019 see Config configured to get for these distracted us in this range 93 00:15:02,019 --> 00:15:40,690 will you be 94 00:15:40,690 --> 00:17:13,380 that's a hundred million dollars 95 00:17:13,380 --> 00:17:25,839 so I would say about a nine hundred and ninety billion dollar company they do 96 00:17:25,839 --> 00:17:31,610 they manage tight on money so hundred-million to them but when a drop 97 00:17:31,610 --> 00:17:41,850 in the bucket that a given in yet they still into thinking about that the next 98 00:17:41,850 --> 00:17:51,429 trouble here are some of my absolute favorite doing here as ever and one 99 00:17:51,430 --> 00:17:57,270 person couple people ran tom cat do you know where the users are configured 100 00:17:57,270 --> 00:18:06,590 within the comp project director about it 101 00:18:06,590 --> 00:18:19,949 capacity for all your clear text interactive logon ko system access but 102 00:18:19,950 --> 00:18:26,580 there's a good likelihood its operations missions have been screwed up and I'm 103 00:18:26,580 --> 00:18:33,040 able to just connect directly to it and pulled out box up five got it now I've 104 00:18:33,040 --> 00:18:39,800 got the child abusers Tom channel but not successfully run system 105 00:18:39,800 --> 00:18:48,990 be grabbed that user login tom cat employees do I gotta show I can be 106 00:18:48,990 --> 00:18:55,690 hashes I can dump everything in like this since tom cat is also a fabrication 107 00:18:55,690 --> 00:19:05,030 using to close its hot summer months large tracts a lot of time domain admin 108 00:19:05,030 --> 00:19:15,020 are seen as key configs where the root password to the database they don't get 109 00:19:15,020 --> 00:19:22,830 their asses they use room with the root password database 110 00:19:22,830 --> 00:19:27,250 lot of times people don't change their passwords across multiple databases so 111 00:19:27,250 --> 00:19:34,799 the root password for one database is the same for every database great 112 00:19:34,799 --> 00:19:41,450 wonderful the last week he isn't sure how many of you in here have an internal 113 00:19:41,450 --> 00:20:49,940 Richie SharePoint something that you used documents 114 00:20:49,940 --> 00:21:05,049 shared 115 00:21:05,049 --> 00:21:47,670 going through that 116 00:21:47,670 --> 00:22:22,980 500 117 00:22:22,980 --> 00:23:05,930 monitor every time my laptop fire up here to pick Cebu your network as I 118 00:23:05,930 --> 00:23:10,970 start to image in your image to employees generally speaking what 119 00:23:10,970 --> 00:23:13,510 happens when you deploy again 120 00:23:13,510 --> 00:23:22,990 can get it wrapped ready and then what do you do it's actually the next thing 121 00:23:22,990 --> 00:23:32,150 you want to do for that machine anybody 122 00:23:32,150 --> 00:24:06,400 done prior to joining machine to the elevated 123 00:24:06,400 --> 00:24:33,290 day one 124 00:24:33,290 --> 00:24:46,070 reason you're not going to hear what I want to monitor your pics of your 125 00:24:46,070 --> 00:24:52,460 deployment watch 126 00:24:52,460 --> 00:24:54,050 yeah 127 00:24:54,050 --> 00:25:00,550 I didn't think about this either and tell the sex I actually I don't have tax 128 00:25:00,550 --> 00:25:06,820 imaging you build a golden image you deploy everything we need 129 00:25:06,820 --> 00:25:13,950 k road works your workstations needs to be able to fix the computer quickly run 130 00:25:13,950 --> 00:25:18,510 too long there they don't want to transform back and forth so they do they 131 00:25:18,510 --> 00:25:23,510 put a minute hidden directory on the SEDAR after they put on some work very 132 00:25:23,510 --> 00:25:29,990 detailed hey we need to be able to put around these tools so I used to know I'm 133 00:25:29,990 --> 00:25:40,970 not gonna points a finger at the most users don't go but I will I gain access 134 00:25:40,970 --> 00:25:46,380 to one machine and I started poking around just a little bit but here's the 135 00:25:46,380 --> 00:25:52,130 same record as all these systems are you have system configuration scripts I 136 00:25:52,130 --> 00:25:57,920 wanna times descriptive hardcoded credentials so that they can run up and 137 00:25:57,920 --> 00:26:06,430 leave you know some of them will prompted it just really depends so that 138 00:26:06,430 --> 00:26:11,060 being said though there's an attacker if I sign that contains a skirt initials 139 00:26:11,060 --> 00:26:17,210 are sworn enemies so strapped by temperature was to do something else for 140 00:26:17,210 --> 00:26:20,250 me 141 00:26:20,250 --> 00:26:27,940 that's great that's not that's the least you're looking at that scene admins on 142 00:26:27,940 --> 00:26:31,220 people's walls and security you need to be thinking about what you're actually 143 00:26:31,220 --> 00:26:39,350 put it in your images are you leaving behind 144 00:26:39,350 --> 00:26:48,560 configuration management SCCM from Microsoft 145 00:26:48,560 --> 00:26:53,629 question for you do you go back and invalidate all your packages after 146 00:26:53,630 --> 00:26:57,420 referring to deploy 147 00:26:57,420 --> 00:27:03,460 machines 148 00:27:03,460 --> 00:27:08,700 next question have you ever pulled apart the strategist who struck say you need 149 00:27:08,700 --> 00:27:14,529 to install something or driver for what's required elevated privileges at 150 00:27:14,529 --> 00:27:20,020 least machine and likely it's an account that gets used but is also linked to the 151 00:27:20,020 --> 00:27:25,908 domain sometimes yes sometimes no but there's an admin account that allows it 152 00:27:25,909 --> 00:27:27,820 to check in a rock and a sec 153 00:27:27,820 --> 00:27:36,539 that allows it to do the place of these machines so what do you think might 154 00:27:36,539 --> 00:27:51,629 happen if a crowd was able to compromise that 155 00:27:51,630 --> 00:28:06,570 so we could sit at the admin prediction stress gradient we when it rolled up our 156 00:28:06,570 --> 00:28:12,350 own she'll put it out there looks like we did however reduced cover department 157 00:28:12,350 --> 00:28:19,010 I'll get to that but we've got a shelter every server on the network running his 158 00:28:19,010 --> 00:28:29,960 administrative privileges sooner we want an hour we're on the train ourselves we 159 00:28:29,960 --> 00:28:37,140 could stop are deployed and redeployed to machine so Monday morning when all 160 00:28:37,140 --> 00:28:45,270 the users came back in wrong back in our culture over 5,000 more shells and we 161 00:28:45,270 --> 00:28:51,160 couldn't handle the temporary census was the amount of shells we had coming back 162 00:28:51,160 --> 00:29:04,840 just an absolute bad day bad times and code towards doing here transactions 163 00:29:04,840 --> 00:29:08,409 4000 test 164 00:29:08,410 --> 00:29:48,770 actually 165 00:29:48,770 --> 00:30:04,970 everyday man and i right 166 00:30:04,970 --> 00:30:13,020 administrative privileges on that box box almost guaranteed administrative 167 00:30:13,020 --> 00:30:18,160 purposes and then I'm in the house somewhat elevated privileges based upon 168 00:30:18,160 --> 00:30:25,600 who ran into our studio secured the boxes were it actually turned down but 169 00:30:25,600 --> 00:30:35,800 it is a sure way to get a show and to some 200 limited to do you got a 170 00:30:35,800 --> 00:30:38,830 structured in or go to Google 171 00:30:38,830 --> 00:31:59,240 to search out there just encouraging consensus out there on the way 172 00:31:59,240 --> 00:33:23,110 and what our intelligence building your network broadcast I'm looking for Ashes 173 00:33:23,110 --> 00:33:23,959 on your network 174 00:33:23,960 --> 00:33:33,400 sure I send the masai I've got a big 25 GPU cracking groups that I have access 175 00:33:33,400 --> 00:33:39,490 to so many of you your masters in here 176 00:33:39,490 --> 00:33:52,250 password minimum no 177 00:33:52,250 --> 00:33:58,100 ok then what's troubling what's the likelihood that a password is gonna get 178 00:33:58,100 --> 00:34:04,110 cracked just lost users are always this summer 179 00:34:04,110 --> 00:34:19,489 2016 special exclamation capital letters capitalized the first I've got my 180 00:34:19,489 --> 00:34:39,629 special characters and i got to understand their I don't forget to ya 181 00:34:39,629 --> 00:36:15,390 but it's very predictable 182 00:36:15,390 --> 00:37:42,799 things that are you know 183 00:37:42,799 --> 00:38:30,249 and I'll wait 10 minutes I'll jump to another box run number to try to stay so 184 00:38:30,249 --> 00:38:44,468 I can grab driving season box you name it at that point it's just a matter of 185 00:38:44,469 --> 00:38:49,100 time before I find what I'm looking for 186 00:38:49,100 --> 00:38:57,100 I'm actually backed out whether the 3G modems whether it be booked another 187 00:38:57,100 --> 00:39:04,620 possible compromise or if I've got a big enough so hard on my cock sucked up on 188 00:39:04,620 --> 00:39:09,630 your network about my guy on the ground go back in full up box back out 189 00:39:09,630 --> 00:39:34,520 everything is all too soon after I miss considerations are looking for systems 190 00:39:34,520 --> 00:39:43,900 have been to God going in there but even so hundreds of organizations I've got 191 00:39:43,900 --> 00:39:51,340 what I have ever seen anywhere in 2002 at a remote desktop on their internal 192 00:39:51,340 --> 00:39:56,690 networks because of an old my setup would secure the perimeter weheartit 193 00:39:56,690 --> 00:40:05,310 down and everything kind of Russian side mister in there is a lot that is at this 194 00:40:05,310 --> 00:40:13,000 point where I am and my attack all your data will call you this whatever I came 195 00:40:13,000 --> 00:40:14,190 to find 196 00:40:14,190 --> 00:40:18,630 now the question is what I was just talking about here thinks it would 197 00:40:18,630 --> 00:40:23,030 actually depicting gonna hear things that actually noticed you nominees in 198 00:40:23,030 --> 00:40:27,350 their traffic or in their service communications the gym was detected 199 00:40:27,350 --> 00:40:36,589 after their networks and here's to rock and looks at the deal honestly feel that 200 00:40:36,590 --> 00:40:43,240 they could stop their first dance attack using basically the TAC towards on their 201 00:40:43,240 --> 00:40:48,430 network 202 00:40:48,430 --> 00:40:55,529 so that's so what does any of what I just told you have to do is your 203 00:40:55,530 --> 00:41:08,330 organization has any of what I just told you about any idea what kind of discuss 204 00:41:08,330 --> 00:41:14,250 shared a minute how to fix some of those other problems kind of what you need to 205 00:41:14,250 --> 00:41:21,490 do better as the day if I could just give you had a six days problems give 206 00:41:21,490 --> 00:41:27,770 you the carrot 2006 discussing this right what happens when it comes out and 207 00:41:27,770 --> 00:41:38,030 becomes a very basic anatomy so I need you here 208 00:41:38,030 --> 00:41:45,570 jennifer Love paradigm shift lights fundamentals you know there's been some 209 00:41:45,570 --> 00:41:48,430 discussion Stevenson discussions going on at this conference 210 00:41:48,430 --> 00:41:55,620 you know what miss any of those matters if I can give you a great day for 211 00:41:55,620 --> 00:41:59,720 underlying issues in it 212 00:41:59,720 --> 00:42:05,930 it doesn't matter what I do write anybody does your environments not built 213 00:42:05,930 --> 00:42:12,089 in such a way to be able to detect attacks and respond to it with a new 214 00:42:12,090 --> 00:42:16,500 mobility in the way of things don't worry your perimeter how many of you and 215 00:42:16,500 --> 00:43:53,609 your views of cloud-based solution but I don't ever tell me now this should 216 00:43:53,609 --> 00:44:29,759 shouldn't I don't want to hear your job is to make that showed it looks good I 217 00:44:29,760 --> 00:44:34,650 made mistakes but think about it is a time on your networks I am going to make 218 00:44:34,650 --> 00:44:39,690 mistakes but the first couple of days I'm gonna try to access to research 219 00:44:39,690 --> 00:44:46,819 I'm gonna try to do something I don't have some issues to jobs to find it and 220 00:44:46,819 --> 00:44:54,380 see those anomalies not your job to be a hundred percent rock down third-round 221 00:44:54,380 --> 00:45:03,940 robots they're not they're not they don't focus on their motion that is why 222 00:45:03,940 --> 00:45:11,550 we need to take and send it to buy it area and not try to stop users because 223 00:45:11,550 --> 00:45:20,410 it's always going to happen so we as an industry we have to be better at 224 00:45:20,410 --> 00:45:25,160 teaching diploma with users yes they should be better yes they can be better 225 00:45:25,160 --> 00:45:31,450 but no we got to stop blaming them for a compromise we need to start checking out 226 00:45:31,450 --> 00:45:50,618 over some sort of yeltsin have any ideas what next step should be what 227 00:45:50,619 --> 00:46:02,109 saying you know what we did first thing she takes a step back 228 00:46:02,109 --> 00:46:08,640 go to your management building your business stakeholders find 12 gold 229 00:46:08,640 --> 00:46:23,328 two-year environment is for sure couldn't tell me every piece of critical 230 00:46:23,329 --> 00:46:30,470 data on their network where it's located the Commission chiron down it is in such 231 00:46:30,470 --> 00:46:42,038 a way that walk down and say ok this is where my girls this is where I have to 232 00:46:42,039 --> 00:46:53,499 be the most secure anybody know where all your completed because I may not get 233 00:46:53,499 --> 00:47:03,359 a compromise was your big billion 220 billion dollar company also you've got 234 00:47:03,359 --> 00:47:11,589 twenty thousand employees 30,000 employees can still and that includes 235 00:47:11,589 --> 00:47:18,200 our healthcare formation which means I can turn increase healthcare information 236 00:47:18,200 --> 00:47:25,140 if your software shop where is your code let me ask how many of you in here 237 00:47:25,140 --> 00:47:53,040 basic public open source because you need to know where it's at then the next 238 00:47:53,040 --> 00:47:54,720 thing you need to find out 239 00:47:54,720 --> 00:48:02,149 good business stakeholders not just use I T shirt challenging your marketing 240 00:48:02,150 --> 00:48:05,300 executives at night 241 00:48:05,300 --> 00:48:11,310 wrote about your environment you know who to call the stock and bond markets 242 00:48:11,310 --> 00:48:19,270 laptops where are all of our competitive market analysis its losses that you know 243 00:48:19,270 --> 00:48:28,930 how to start struggle but like I don't understand where all that is critical 244 00:48:28,930 --> 00:48:38,598 all of that document you need to go sit down at an accomplishment 245 00:48:38,599 --> 00:48:45,460 shares always stated this is where it now works protected given the mall to 246 00:48:45,460 --> 00:48:53,289 buy off you continue with the status quo nothing will change your environment 247 00:48:53,289 --> 00:48:59,210 will be still wide open records obtained which is used 248 00:48:59,210 --> 00:49:06,989 builders don't know how to lock down their own environment how to reach the 249 00:49:06,989 --> 00:49:13,059 spektr state once you know where this is going to management said look there is 250 00:49:13,059 --> 00:49:19,609 every bit of time I know exactly where to move data we've moved servers we know 251 00:49:19,609 --> 00:49:21,339 it's all right here 252 00:49:21,339 --> 00:49:25,479 gonna get you guys to say yes 253 00:49:25,479 --> 00:49:37,950 rights to get them to buy awesome how would your company survives the next 254 00:49:37,950 --> 00:49:46,020 Ashley Madison reach all yours users data was lead 255 00:49:46,020 --> 00:49:53,950 how would you survive she works hard for Home Depot how would you survive if 256 00:49:53,950 --> 00:50:02,379 you're she was completely delete your business your business you work will 257 00:50:02,380 --> 00:50:08,870 continue to go what your customers still retain so come here you know your target 258 00:50:08,870 --> 00:50:15,930 or Home Depot there's limited choices but it's here just a small mom-and-pop 259 00:50:15,930 --> 00:50:21,210 shop and there's a couple other competitors out there and your credit 260 00:50:21,210 --> 00:50:26,410 card in all your information sleep and success summer it's likely they're going 261 00:50:26,410 --> 00:50:27,279 to go elsewhere 262 00:50:27,280 --> 00:50:35,570 how's your business to handle that you need these kind of questions what she 263 00:50:35,570 --> 00:50:42,400 have it in you know this is how it is and you put that fear of God in your 264 00:50:42,400 --> 00:50:48,740 management that is used to screw this up we go out of business I lose my job 265 00:50:48,740 --> 00:50:56,720 everybody else loses their job you know and if you're a healthcare company are 266 00:50:56,720 --> 00:51:01,859 you personally liable under some of the HIPAA laws now healthcare executives can 267 00:51:01,860 --> 00:51:04,590 be held liable 268 00:51:04,590 --> 00:51:14,670 and serve actual jails a nuclear reactor standards coming out just what it is no 269 00:51:14,670 --> 00:51:20,770 longer onus on the banks that there is gross negligence failure to do their 270 00:51:20,770 --> 00:51:28,290 part correct we can be held liable so targets insurance the bank's kind of 271 00:51:28,290 --> 00:51:34,120 took care of everything kind of all got our target handle having to pay for 272 00:51:34,120 --> 00:51:40,640 credit monitoring lots of every game and then lots of other merchandise paid for 273 00:51:40,640 --> 00:51:50,750 by those fraudulent cards today like they're big enough but still put a huge 274 00:51:50,750 --> 00:51:57,980 dent in their evidence you need to ask those kind of questions once you have it 275 00:51:57,980 --> 00:52:04,020 map out your security means a larger projects I would have you in here n roll 276 00:52:04,020 --> 00:52:14,090 San upgraded or at old servers domains it needed upgraded why not when you're 277 00:52:14,090 --> 00:52:22,480 upgrading take increased your budget a little bit and insecurity right sit down 278 00:52:22,480 --> 00:52:28,710 and actually map your security needs to these projects and build it now you will 279 00:52:28,710 --> 00:52:31,620 change your security and saw the ball to get on top 280 00:52:31,620 --> 00:52:36,750 you're doing it at the time but it's already being rebuilt so it's not done 281 00:52:36,750 --> 00:52:42,770 correctly and more securely just makes everybody shopper reviews Jeremy and and 282 00:52:42,770 --> 00:52:55,200 it continued strength and I'm sorry say again even if your job title doesn't say 283 00:52:55,200 --> 00:53:04,299 security and it it is your job as an employee for every new works for secure 284 00:53:04,300 --> 00:53:10,170 whether that be being cognizant issue making sure that you're setting strong 285 00:53:10,170 --> 00:53:16,360 passwords you see something just doesn't feel right 286 00:53:16,360 --> 00:53:21,360 recorded automatically load up the manager said well this doesn't feel 287 00:53:21,360 --> 00:53:21,730 right 288 00:53:21,730 --> 00:53:33,430 this just continue to be that squeaky wheel types of issues get resolved that 289 00:53:33,430 --> 00:53:40,868 is your job as a user and even more so this year and I T person 290 00:53:40,869 --> 00:53:51,259 be going and complaining demanding but recipients of documentation to know 291 00:53:51,259 --> 00:54:02,230 everything about you I wanna know what I want to know what's database 292 00:54:02,230 --> 00:54:12,819 configuration once running gives me she helped so much detail on this you see 293 00:54:12,819 --> 00:54:17,400 one minor variance you know you have a breach because it's out of the normal 294 00:54:17,400 --> 00:54:29,839 for you have a user and the Machine you need about to say we need change this 295 00:54:29,839 --> 00:54:30,849 mindset 296 00:54:30,849 --> 00:54:39,779 operating in a responsive motive to operate in Minamoto we are 24 by 7 297 00:54:39,779 --> 00:54:46,720 compromises are always compromise environment and we need to continuously 298 00:54:46,720 --> 00:54:53,160 react in such a way that it varies from the norm 299 00:54:53,160 --> 00:54:59,788 reach until we can prove otherwise not your luck and exceed monitoring 300 00:54:59,789 --> 00:55:13,009 monitoring is she just that's affecting your ideas your firewall so big so they 301 00:55:13,009 --> 00:55:20,430 protect you from some of these assistant at me ask you an honest question do you 302 00:55:20,430 --> 00:55:24,399 know why you Joe at 3 a.m. 303 00:55:24,400 --> 00:55:31,830 walking speed development server when he's an account or do you even know that 304 00:55:31,830 --> 00:55:43,830 he is why is your sequel sure you do your domain controller on 36 airforce 305 00:55:43,830 --> 00:55:51,910 all the time now why does that normally happen and Sarah any of you that don't 306 00:55:51,910 --> 00:55:57,350 know how to standard default warrant that medicine that is slowly payloads 307 00:55:57,350 --> 00:56:02,360 and mature proposal it's generally run from the shoot that's just had a basic 308 00:56:02,360 --> 00:56:04,720 willy nilly 309 00:56:04,720 --> 00:56:10,000 rising why do these things top why are they doing that any of you and hear that 310 00:56:10,000 --> 00:56:15,120 would be checked the secret service to ensure on your environment 311 00:56:15,120 --> 00:56:23,730 your web server on some say non-standard port could you tell me why there was 312 00:56:23,730 --> 00:56:25,970 talking on those terms 313 00:56:25,970 --> 00:56:33,290 you can't tell me that if you can answer that kind of a question you don't have 314 00:56:33,290 --> 00:56:42,540 enough profile of your government to know what it is and what's not 315 00:56:42,540 --> 00:56:49,529 and I'm gonna tell you that's why I say monitoring is to this because if you can 316 00:56:49,530 --> 00:56:57,900 not see families in your network what's going on you can respond to a breach 317 00:56:57,900 --> 00:57:04,540 until the FBI Secret Service comes naturally bill Doran says we notice yes 318 00:57:04,540 --> 00:57:09,830 you're serving this or we trace your credit card week back here in Business 319 00:57:09,830 --> 00:57:21,630 Bureau alrighty sids our firewall hasn't said anything worth 40 devices actually 320 00:57:21,630 --> 00:57:23,550 see it now 321 00:57:23,550 --> 00:57:30,670 away from that we just had a new device plugin for this device is now change MAC 322 00:57:30,670 --> 00:57:38,750 Address see those kind of things how can you expect to harden your source not 323 00:57:38,750 --> 00:57:44,020 protection 324 00:57:44,020 --> 00:57:53,670 locked in your physical locations be better about your physical security be 325 00:57:53,670 --> 00:57:54,800 better about yours 326 00:57:54,800 --> 00:58:00,440 information security don't read things just don't read things just running make 327 00:58:00,440 --> 00:58:04,960 sure users are actually machines are talking about even if you have to be a 328 00:58:04,960 --> 00:58:05,810 stickler 329 00:58:05,810 --> 00:58:14,509 five minutes of inactivity I'm going to scream General about and check under 330 00:58:14,510 --> 00:58:19,880 your keyboard I had to do that in a very large grammar one of my tasks on a 331 00:58:19,880 --> 00:58:36,020 Friday night after he'd be harsh your job's not to make sense to protect us 332 00:58:36,020 --> 00:58:42,980 mean he makes an inside straight but if that compromises your retirement 333 00:58:42,980 --> 00:58:45,220 security because of it 334 00:58:45,220 --> 00:58:53,990 some work since last summer in time rome wasn't built in a day you're not gonna 335 00:58:53,990 --> 00:58:57,759 hard and everything go back sharon today 336 00:58:57,760 --> 00:59:01,370 garden everything down and be good 337 00:59:01,370 --> 00:59:09,920 you gonna take start with the most critics start to build a primitive there 338 00:59:09,920 --> 00:59:32,470 and then continue to build but you have to know where you start 339 00:59:32,470 --> 00:59:37,129 I actually started