Transcript The Security Game By: Erik A. Espinoza

The Security Game
By: Erik A. Espinoza
[email protected]
The Objective


Access Control
Trust
The Problem

People need to get work done!
The Players

People


Users
Crackers
 White Hats – The
Good Guys
 Black Hats – The
Bad Guys
 Script Kiddies
 Grey Hats –
Characteristics of
both

Computers




Trojans
Viruses
Worms
Malware
(spyware/adware)
Attack Vectors


Automated Attacks – Requires a
machine to be listening for
penetration. Not necessary for
Denial of Service attack.
Directed Attacks



Usually takes advantage of
misconfigured access control
Buffer overflows/underflows
Tricking Users
Risk Assessment



Budgetary Constraints
Usability Tradeoffs
Too Draconian to be Practical
Weapons






Acceptable Use Policy
Strict “Deny All” default policy
Disable unused functionality
Security Audits
Configuration Versioning & Control
Patching
Power Ups





Classes
Books
Mailing Lists
Tech Friends
Tech News