Be it criminal hackers or rogue employees, the bad guys always seem to be ahead of the curve. This explains the continuing struggles businesses have with security breaches. Miscreants want people to believe that what they do is mysterious art that only those with the utmost computer abilities can do it, but that’s not usually the case.
Picture this: A phone call wakes you, the CTO, at 6am on a Saturday morning. It’s a reporter from a large newspaper asking about your data breach. You have no idea what the reporter is talking about and you hang up the phone. You then start searching the internet to see if there’s any truth to this story and notice that it’s being reported all over the web, Twitter, Facebook, etc. You’ve been compromised – Now what?!
It’s all about cloud computing these days. Our ability to deliver rich content, streamline data control, and develop advanced virtual technologies are all fueling the expansion of the cloud environment. But through all of these advancements we must never forget one very important fact: The cloud has to live somewhere – and that somewhere is the data center.
Okay, we all have them… they’re everyone’s dirty little network security secrets that we try not to talk about. They’re the protocols that we don’t mention in a security audit or to other people in the industry for fear that we’ll be publicly embarrassed. Yes, I’m talking about cleartext protocols which are running rampant across many networks. They’re in place because they work, and they work well, so no one has had a reason to upgrade them. Why upgrade something if it’s working right? Wrong. These protocols need to go the way of records, 8-tracks and cassettes (many of these protocols were fittingly developed during the same era). You’re putting your business and data at serious risk by running these insecure protocols.
Mark will share really cool information from his pen tests – including how he was able to gain control to the entire facility of major metropolitan by exploiting a single server. How is this possible? Well, as Mark will share – once an attacker gets control of a PC he or she are really in the dark – and one of the first things an attacker does is run a scan of all endpoints which are accessible from the compromised machine to see what is around. In Mark’s words, nothing is more frustrating to an attacker than realizing he can’t really get anywhere because of effective network segmentation.
Over the past couple years anything with the word “cloud” in it has been selling big. It's been the ultimate buzzword in marketing and has completely clouded (pun intended) the understanding of what cloud-computing actually is these days. If you ask ten people today to explain what the cloud is you'll most likely get seven different answers. This confusion behind what a cloud actually is has also confused people from a security perspective as to what they should be protecting. If you're not sure what you're getting into with cloud services how can you realistically secure it? In this blog we'll speak about a few of the high points on security while in the cloud.