1 / 21

Haints and Boogers in the Ether

This presentation explores the vulnerabilities of personal information in the digital age, covering topics such as OPM breaches, Facebook election influencing, and cybersecurity threats. It emphasizes the importance of proactive measures and offers practical tips for safeguarding personal data.

bessier
Download Presentation

Haints and Boogers in the Ether

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Haints and Boogers in the Ether Dan Nagy CALI CALIcon19

  2. Haint: An old southern word for a ghost or evil spirit. Indigenous to the Carolina coast. Booger: The Boogeyman or any ghost. A southern term.

  3. The World • OPM breach • Facebook election influencing • Georgia Tech loses personal data for 4+ million individuals • Botnets • Internet of things. • Personal information as currency • Crypto currency

  4. Hack: Causing something/someone to fail in a predictable way in order to get an arbitrary result.

  5. Less Distracting Hack Slide • Not just a technical issue • Social engineering can be far more damaging than technical hacks (kinda)

  6. Perception

  7. Color Coding Threat Levels Condition White: Unaware and unprepared Condition Yellow: Non-paranoid casual preparedness. Situationally aware. Condition Orange: Threats are identified. Internal conditions are set. If this happens I will do that. Condition Red: The internal condition has been met. We are now actively fighting the threat..

  8. Concept Application White - Do nothing. Paying no attention Yellow - Non logging firewall, Virus protection, Cameras Orange - ID’d critical infrastructure and likely vectors. Actively monitor them with triggers established. Red - Triggers are pulled

  9. Begin with an Audit • Inventory • Software and Versions • Public Facing interfaces (Server) • Log network traffic • Create a baseline

  10. CALI Audit • Simple(ish) script run at instance spin up.

  11. CALI Enumerate

  12. Red Team Yourself Do what a hacker would do when looking for something exploitable

  13. Portscan(s) • Penetration testing software • Web vulnerability scanner • Anything specific you found during your inventory

  14. Basically a Security Selfie

  15. Don’t be your own worst enemy

  16. Build a Toolkit • Server Side • Tripwire • UFW • PSAD • Auto Upgrade for security packages • SNORT • Lynis • Fail2ban • Apache Modsec • Auto update for SSL certs • Nikto • Roll your own

  17. Lappy and Handhelds • Get a VPN • Virus protection (or not). Spybot • Backups • Security and Privacy plugins for browsers • Two factor authentication • Portable apps emergency usb stick

  18. Firefox Extensions • Firefox-multi account containers • Facebook Containers • Cookie Autodelete • Decentraleyes • Disconnect + Disconnect for Facebook • Duck Duck Go Privacy Essentials • History Cleaner • Link Cleaner • Privacy Badger • Privacy Possum

  19. Monitoring Software

More Related