Developing The Human Firewall
description
Transcript of Developing The Human Firewall
![Page 1: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/1.jpg)
Developing theHuman Firewall
Frank WintlePanMedia20/10/09 | Session ID: PROF-105|
Classification: Intermediate
![Page 2: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/2.jpg)
Agenda
A Journey to the East
It’s not just technology
fThe power of story
Four rules for happiness
2
![Page 3: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/3.jpg)
A wilderness of mirrors...
![Page 4: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/4.jpg)
Secrets Betrayed
![Page 5: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/5.jpg)
From first man to fifth?
![Page 6: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/6.jpg)
One author’s theory...
![Page 7: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/7.jpg)
Sex and secrecy
![Page 8: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/8.jpg)
A housewife and mother
![Page 9: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/9.jpg)
Who is the hacker? Who is the spy?
![Page 10: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/10.jpg)
An engineer calls...
![Page 11: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/11.jpg)
... and checks under the desk
![Page 12: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/12.jpg)
Now wires have ears
“Keystrokes recorded so far is 2706 out ofKeystrokes recorded so far is 2706 out of 107250 ...
<PWR><CAD>fsmith<tab><tab>arabellaCAD<CAD>
<CAD> arabella<CAD><CAD> arabellaexittracert 192.168.137.240telnet 192.168.137.240Ci ”Cisco”
![Page 13: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/13.jpg)
New weapons, new fronts, old battles
![Page 14: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/14.jpg)
Wedded to mystery
![Page 15: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/15.jpg)
A true story?
![Page 16: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/16.jpg)
Nonsense as science
![Page 17: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/17.jpg)
Science as nonsense
![Page 18: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/18.jpg)
Backs to the Facts
“Th h i d i l di t b d b“The human mind is less disturbed by amystery it cannot explain than by anexplanation it cannot understand.”
David Mamet The Water EngineDavid Mamet, The Water Engine
![Page 19: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/19.jpg)
Typical defence: silver bullets
Key features:• Sexy name• Sexy name• Pretty diagrams
C l t h l• Complex technology• Flashing lights• Rack mountable• Reassuringly expensive
![Page 20: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/20.jpg)
The criminal’s approach
Social engineering plus technologySocial engineering plus technology
• Phishing• Trojans & rootkits+ Trojans & rootkits• Laptop theft• In person intrusion
+• In person intrusion
![Page 21: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/21.jpg)
Why social engineering?
• Social engineering can be g gused to gain access to any system, irrespective of the platform.
• It’s the hardest form of attackIt s the hardest form of attack to defend against because hardware and software alone can’t stop it.
![Page 22: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/22.jpg)
The difficult sell!
The money you spent on security products, patching systems and conducting audits could be wasted if you don’t prevent social engineering attacks …
You need to invest inAwarenessAwareness
andPolicies
![Page 23: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/23.jpg)
Countermeasures
Countermeasures require action onphysical and psychological levelsphysical and psychological levels
as well as traditional technical controls
Physical:i th k l
Psychological:i– in the workplace
– over the phone– dumpster diving
– persuasion– impersonation– conformity– dumpster diving
– on-line– conformity– friendliness
![Page 24: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/24.jpg)
Staff awareness
• Educate all employees - • Train new employees as everyone has a role in protecting the organisation and thereby
they start
• Give extra security organisation and thereby their own jobs
• If someone tries to
training to security guards, help desk staff, receptionists, telephone
threaten them or confuse them, it should raise a red flag
p , poperators
• Keep the training up to flag gdate and relevant
![Page 25: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/25.jpg)
Which point of view?
“The single most important problem in science is“The single most important problem in science isto reconcile the first and third person accountsof the universe...” V S Ramachandran
![Page 26: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/26.jpg)
Third person
![Page 27: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/27.jpg)
First person
![Page 28: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/28.jpg)
Wooing the audience
“I CAN THINK of nothing that an audience gwon't understand. The only problem is to interest them; once they are interested, they understand anything in the world."
Orson Welles
![Page 29: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/29.jpg)
Telling the STORY
O ti A d th dOnce upon a time.... And then one day....
But what they didn’t know.... Climax and resolution
![Page 30: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/30.jpg)
Understanding the mind
“Narrative is the primary human tool for explanation, prediction,evaluation and planning” ------- Mark Thomas, The Narrative Mind
“We live, and call ourselves awake, and make decisions by tellingourselves stories” ------ Julian Jaynes, The Origins of Consciousness
![Page 31: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/31.jpg)
Games with a purpose
EXECUTIVE GAMES COULD HELP STEM CYBERCRIME, FIRST EXPERTS TOLDEXECUTIVE GAMES COULD HELP STEM CYBERCRIME, FIRST EXPERTS TOLD
Kyoto, Japan – June 30, 2009. Senior executives should play special computer gamesand watch animations to help them understand the scale of the threat from cyber-crimeand win their support for improvements in security, one of Japan’s top Internet protection expertssaid yesterday at the 21st annual conference of FIRST, the Forum of Incident Response and Security Teams.said yesterday at the 21 annual conference of FIRST, the Forum of Incident Response and Security Teams.
Dr Suguru Yamaguchi, member and adviser on information security at the Japanese Cabinet Office National Information Security Centre, was giving the opening keynote address at the five-day conference, which got underway at the Hotel Granvia, Kyoto.
“We need to find ways to help corporate executives actually to visualize what goes onwhen a computer network is under attack,” he said. “Just explaining in words isn’t enough – the words are too dense, too technical – what we should do is design special games and animations which will bring the severity of current threats vividly alive in the executives’ imaginations.”g y y g
![Page 32: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/32.jpg)
Everyone hates a sermon...
“Audiences shrink from sermons…”Akira Kurosawa
![Page 33: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/33.jpg)
Everyone loves a story
“I think that I have made them aware ”I think that I have made them aware…
![Page 34: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/34.jpg)
“They just don’t get it...”
“We concealed the very things that made us right – our respect for the individual, our love of variety and argument our belief that you canvariety and argument, our belief that you can only govern fairly with the consent of the governed, our capacity to see the other fellow’s point of view... so it wasn’t much wonder, was it if we opened our gates to every con-manit, if we opened our gates to every con man and charlatan?”
George Smiley (John Le Carré)
![Page 35: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/35.jpg)
A human firewall
![Page 36: Developing The Human Firewall](https://reader033.fdocuments.in/reader033/viewer/2022060119/558cf0add8b42a8a318b471a/html5/thumbnails/36.jpg)
Four rules for a good life
1. Exercise
2. Love
3. Disdain
4 A project4. A project