now another type of attack that would hopefully evade detection or lewd. And I d s is called an assertion an insertion attack.
So I have this code of this piece of malicious code and there's a signature to match. So obviously, if I send the code as is, it's gonna be detected.
So what I'm gonna do is I'm gonna try to make that code look a little different by inserting worthless code. Ah, something that doesn't alter the payload. Essentially, I'm gonna disguise it. It's almost like if you have a celebrity that wants to avoid being photographed by the paparazzi,
that celebrity is gonna put on a baseball cap and then they're gonna put on a big jacket scar
and they're adding All these things toe look different, but the payload doesn't change. So if I do that to malicious code, hopefully I can sneak past an I. D. S. And that's called an insertion attack.
Now, along with I. D. S other things that help the security of my network, we would think that having a honeypot
and the purpose of a honey pot is to be a distracter. I've got an attacker that's looking around my D m Z. They're looking. They want to see what's vulnerable. What I'm gonna do is I'm gonna set up a system that appears to be vulnerable.
It's important that it only appears to be vulnerable because I certainly don't want an attacker compromising it and using that honey pot to get inside my network or to be compromised to launch a downstream attack on another network. So we want to make sure that we use thorough that we thoroughly vet the software that we used to create our honey pots.
Now a testable idea, something that's important for the real world as well.
I know the difference between enticement and entrapment. And don't forget what your job is as well. My job is a security professional is not to catch the bad guys.
My job is to protect my company assets. Okay, so I'm not out there creating a website click here to download free music and then trying to prosecute somebody who clicks there. I'm not trying to trick people into breaking the law or compromising a system. If
someone has a mind to attack my systems, I want to give them a safe place to go where they can't cause damage. But I'm not trying to persuade anybody.
You know, all those movies and TV shows where you see somebody's trying to get into a network and the network admin or system admin gets all up in arms and they launch a counter attack and all of a sudden, little cyber war going back and forth. None of that's really That's not what we're trying to do here. We want to protect our assets.
I want a system that is enticing,
and the way we make it look at the icing is we make it look vulnerable. We have open ports, and we have a common vulnerabilities on that system. If an attacker is looking to create a compromise, I'm gonna keep him Visit. A collection of honey pots, by the way, would be called the Honey Net.
All right, other things that we might use to protect their network protect our software, the idea of a padded cell, and this is usually used in software development. It's an area of isolation. A good example would be Java. For instance,
if you go out on the Web and you download Java code, Um, well, job is very, very powerful. And if you're downloading a job applicant specially from an unknown or untrusted source, that could do a lot of damage. So the Java code is generally forced to run in a padded cell area called the sandbox
and the ideas. The sandbox is an area of isolation.
It gives the code a place in which it can run, ideally protecting the boundaries so the code can't jump from the sandbox and interfere with the rest of the application. Ah, usually the sandbox with job Oh, we're talking about would be your Web browser. That code runs within the context of your Web browser but doesn't jump out and interfere with your operating system.
Now email. Certainly something that we consider. Ah, this is the way that spam obviously gets spread and disseminated. Don't forget phishing attacks through email. Um, very, very serious train your users train your users, train your users
and fishing is based on a very sound foundation and why it's called fishing.
If I cast a big enough net, I'm gonna catch some fish. That's why you still see these crazy e mails. Ah, the Nigerian prince email. You know this, Um
uh where you've won a big prize and they want you to send them $350 to hold your $1,000,000 prize. You know all these things
that you think cash common sense would keep me from doing it. Well, common sense is not all that common. And if it weren't being successful, they wouldn't keep doing it. So train your users and make no assumptions. Make sure people know what a tremendous threat social engineering is.
Other things within SMTP the way S and P P was designed. And that's the protocol that we talk about with email.
Ah, simple male transfer protocol. It was designed to forward messages we talk about SMTP relays, but spammers have used that traditionally in the past has a way to disguise the origin of spam. So as a spammer, I'll take advantage of open relays throughout the net will be very difficult to trace the span back to me.
So we would close any of those open relates
not a ton of good reasons to have those in the mainstream.
Um, so we think about fishing. We think about spam spoofing so many spoofed e mails coming out today. Get une email that looks like it's from your bank. Click here to reset your password. Now an attacker knows the password to your bank. You know, again, training is the way around that,
Um, the best we can do is first technical controls and let me stress technical controls air. Not enough dealing with most of these gonna deal, You know, with fishing and smoothing spam. You've gotta have administrative control of training, but you can still add technical controls to that white listing in black listing.
White listing says all traffic is denied except what's explicitly allowed on a white list.
That's kind of hard to do from email because that would block so many male domains in so much legitimate traffic. Usually you see white listing with firewalls
with male filters you often do. Blacklisting will allow all domains except known spammer domains that air on the blacklist. OK, so a combination of white black list listing for access control it's useful
backs, vulnerabilities, faxes, air vulnerable. There's no way to secure traditional fax machines, so instead, we want to integrate. Fact service is with our email applications, and we can get the security that email provides us things like encryption digital signatures, which give us a degree of authenticity
and a guarantee of integrity.
Um, the fact servers air just inherently unsecure, I know of, um,
you know, I know of no other service that feels to me like I'm just taking a document throwing it into space, because when you send it through that fax, even when you get the little message that says Okay, how many of you still call to make sure it got there Just because we've seen times when it doesn't
so faxing getting that degree of receipt? Because you get Reade receipts with the fact servers,
you just get so many more benefits.
There are other things you could do with traditional fax machines to help,
you know, by default. When a fax receives when a fax has received, it just automatically prints out. So you've got maybe a confidential fax just sitting there and have been so disabled that automatic printing feature, you know, make sure that things don't just come spitting out of the fact machine. You can implement hardware, encrypt hers. But again, the best means
is to integrate faxes into your email service.