Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World...
Transcript of Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World...
![Page 2: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/2.jpg)
Intro
In quite some organizations, infosec-wise the year 2009 did not start well…
Due to Conficker
Let‘s have a quick look how this piece worked…
2
![Page 3: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/3.jpg)
Intro
In quite some organizations, infosec-wise the year 2009 did not start well…
Due to Conficker
Let‘s have a quick look how this piece worked…
3
[Spiegel.de]
![Page 4: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/4.jpg)
Now
Ask yourselves: how could stuff like Conficker have been prevented?
I assume all of you have (at least!) one AV solution deployed widely.
Did it help? ;-)
Could we have done better? Can we do better in the future?
4
![Page 5: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/5.jpg)
Can we do better in the future?
5
I’m convinced: We can do better! Yes, we can!
![Page 6: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/6.jpg)
A typical ISO’s work bench
6
![Page 7: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/7.jpg)
7
![Page 8: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/8.jpg)
8
A typical ISO’s work bench
Security policy, FW rules, ACLs, permissions
![Page 9: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/9.jpg)
A typical ISO’s work bench
9
Patch management, Log analysis, Monitoring, Incident Response
![Page 10: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/10.jpg)
May I remind you: Whatever you (as an ISO) do…
It’s all about risk!
10
![Page 11: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/11.jpg)
A first approach of sorting all this
Preventative Controls Think “immune system”
Detective Controls Think “clinical thermometer”
Reactive Controls Think “antibiotics”
All three might be needed. Still, the proportions count…
11
![Page 12: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/12.jpg)
[© L
es É
ditio
ns A
lber
t Ren
é]
Speaking about proportions…
My statement: Usually we get the best cost/benefit ratio from preventative measures.
You agree / makes sense to you?
So, why don’t you act on this?
Why the hell do you still spend money on stuff like NAC/DLP/$SOME_OTHER_ BUZZWORD_THAT_WILL_BE_ DEAD_IN_TWO_YEARS? ;-)
12
![Page 13: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/13.jpg)
2nd Approach: The House of Security
13
Security
Components “The stuff you buy”
Operations “How you run it on a daily
basis”
Implementation “How you set it up”
Des
ign
(Arc
hite
ctur
e)
Con
figur
atio
n
![Page 14: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/14.jpg)
2nd Approach: The House of Security
14
Security
Components “The stuff you buy”
Operations “How you run it on a daily
basis”
Implementation “How you set it up”
Des
ign
(Arc
hite
ctur
e)
Con
figur
atio
n Available resources
![Page 15: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/15.jpg)
And it’s application to the ISO’s work bench
15
![Page 16: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/16.jpg)
And it’s application to the ISO’s work bench
16
Components
Firewall Antivirus Firewall
PKI IDS/IPS
DLP
Implementation
Security policy Firewall rules
ACLs Permissions
Operations
Patch management AV-signature update
Monitoring Incident response
![Page 17: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/17.jpg)
And in each section we have (preventative|detective|reactive) controls
Remember:
17
![Page 18: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/18.jpg)
And in each section we have (preventative|detective|reactive) controls
18
Security
Components “The stuff you buy”
Implementation “How you set it up”
Operations “How you run it on a daily basis”
P
D
R
P
D
R
P
D
R
preventive
detective
reactive
E.g. backup system
E.g. disabl. services
E.g. log analysis
![Page 19: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/19.jpg)
In different organizations different weight is put on the pillars Best-of-breed approach typically to be found in
organizations from the US.
“Itsy bitsy teeny weeny there is a kernel flag in 2.6.13” approach to be found in Linux based environments.
Environments where five forms have to filled out to get access to some Unix system… via Telnet…
19
Always remember: Operations is key! (for security)
![Page 20: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/20.jpg)
In short: Mature infosec is about
Good prevention
Visibility
Fast recovery
20
![Page 21: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/21.jpg)
Let’s talk about prevention
[© Bundeszentrale für gesundheitliche Aufklärung]
21
![Page 22: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/22.jpg)
Process
How Malware affects a system
22
System
running Process
Malware over the network
Attack
Potential Privilege Escalation
manipulated process
Data theft / Information disclosure
![Page 23: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/23.jpg)
Process is started
Network packet arrives
Payload causes harm
Generic summary:
23
How to prevent those three steps?
![Page 24: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/24.jpg)
“Process is started” – Prevention
Do not start it! ;-)))
Think about it: even better: do not even install it.
Heard before? Sure… but why don’t you act on it?
24
![Page 25: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/25.jpg)
List of candidates
Sun RPC on $SOME_UNIX_IF_NOT_SOLARIS
“TCP Small Services” on Windows
“Bonjour” on MAC
Yadda yadda yadda … you all knew that, didn’t you? All these recommendations base on outdated threat model
Attacks source actively from external system.
25
… and Windows
![Page 26: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/26.jpg)
But the world has changed
How does malicious code get executed on systems nowadays?
Often, user / user process is involved
26
![Page 27: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/27.jpg)
How malicious code gets on system
27
Execution
Vulnerability (usually unpatched system)
By User
Mail Client
Other Browser
Add-On: - Multimedia (Quicktime, Real) - Flash - Acrobat Reader
Default Functionality: - JavaScript - Java - ActiveX
Scripting
JavaScript
worm
![Page 28: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/28.jpg)
Think about it… do you really need (in your Corporate Business)… Javascript?
Absolutely!
Active-X Depends…
Flash Depends even more… remember: it’s all about risk!
Quicktime Probably not.
Javascript in Acrobat Reader _Most_ probably not.
28
(at least in your browser…)
Business impact of deactivation
high
low
![Page 29: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/29.jpg)
Btw, the same approach applies to… Do you _really_ need outgoing FTP access?
For how many users?
Do you _need_ to accept … as mail attachments from $UNTRUSTED_ENTITIES_SOMEWHERE_IN_THE_WORLD? .doc / .ppt / .xls .pif .scr / .exe Renamed .EXEs
File exchange over USB? Again: all users? With private USB sticks? Unencrypted?
29
![Page 30: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/30.jpg)
Back to our initial problem
Components running (and subsequently being open for exploitation)
What else is there? (Local) database engines Instant mess. / collaboration stuff Rendering machines
30
Process
System
running process
![Page 31: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/31.jpg)
(OS) Rendering machines
Just some examples:
Quicktime Windows GDI Component
31
![Page 32: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/32.jpg)
Win GDI – Interesting feature set…
Responsible for: Rendering of EMF / WMF images GDI printing OLE MS 07-017 “Vulnerabilities in GDI Could Allow Remote Code Execution“
MS 07-046 “Vulnerability in GDI Could Allow Remote Code Execution“
MS 08-021 “Vulnerabilities in GDI Could Allow Remote Code Execution“
MS 08-052 “Vulnerabilities in GDI+ Could Allow Remote Code Execution“
MS08-071 “Vulnerabilities in GDI Could Allow Remote Code Execution“ MS 09-006 “Vulnerabilities in Windows Kernel Could Allow Remote Code Execution”
32
![Page 33: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/33.jpg)
Win GDI - a sore point?!
MS 07-017 “Vulnerabilities in GDI Could Allow Remote Code Execution“
MS 07-046 “Vulnerability in GDI Could Allow Remote Code Execution“
MS 08-021 “Vulnerabilities in GDI Could Allow Remote Code Execution“
MS 08-052 “Vulnerabilities in GDI+ Could Allow Remote Code Execution“
MS08-071 “Vulnerabilities in GDI Could Allow Remote Code Execution“
MS 09-006 “Vulnerabilities in Windows Kernel Could Allow Remote Code Execution” “through the kernel component of GDI“
33
![Page 34: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/34.jpg)
Example MS 09-006
What you might do: Perform quick update of all signature files (for 100K machines) of
AV1 AV2 Network IPS Local IPS
What you should have done Disable EMF rendering (one regkey, could be deployed by GPO) Will help in the future, too ;-)
34
Cost scheme
Security
Ope
ratio
ns
Impl
emen
tatio
n
Com
pone
nts
Cost scheme
Security
Ope
ratio
ns
Impl
emen
tatio
n
Com
pone
nts
![Page 35: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/35.jpg)
Sorry for bothering you again!
Do you / we _really_ need this???
35
![Page 36: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/36.jpg)
Got the message?
Disabling components (“the preventative approach” ;-) might help…
But there’s more to come…
36
System
running process
Malware over the network
Attack
Let’s have a look at the network connection
![Page 37: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/37.jpg)
Piece of malware has to arrive over network
Access Control
37
Asset
![Page 38: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/38.jpg)
Piece of malware has to arrive over network
Isolation / Segmentation You can’t isolate users from performing their business functions
38
Asset
![Page 39: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/39.jpg)
Piece of malware has to arrive over network
Filtering
39
Asset Filtering
![Page 40: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/40.jpg)
Step 3, Piece of malware
… must be (“successfully”) executed And perform harm
Often priv escalation necessary for this
Again (yes, I repeat myself): think about preventative instruments….
40
System
Malware over the network
manipulated Process
![Page 41: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/41.jpg)
Prevention of execution
Least Privilege Integrity levels (Win) DEP et.al.
41
![Page 42: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/42.jpg)
You all heard this before [as many pieces of my talk ;-)]
Do not work as admin ;-)
42
![Page 43: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/43.jpg)
Examples for DEP
MS 08-78
43
![Page 44: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/44.jpg)
Question
Which technology (that _all_ of you use to fight malware) has not yet been mentioned in my talk?
Anti-Virus
Why?
44
![Page 45: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/45.jpg)
Why?
Remember: it’s all about risk. And: it’s all about getting results with a somehow limited
set of resources.
AV simply has a bad cost/impact ratio (especially when compared to the other stuff above).
45
Remember your limited resources: &
![Page 46: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/46.jpg)
Magic Quadrant of Security Controls
46
Security impact
Ease of implementation
![Page 47: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/47.jpg)
Let’s fill it
47
![Page 48: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/48.jpg)
Magic Quadrant of Security Controls Just some examples, your mileage may vary
48
Security impact
Ease of implementation
Filtering Gateways DEP et.al.
Client AV
Disable Metafiles
![Page 49: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/49.jpg)
Let me summarize
Risk management is essential.
Prevention is a good thing.
The house of security has several pillars. Don’t just focus on one. But put energy on operations!
Often it’s the simple things in life…
49
![Page 50: Stop the Madness - Keynote · Stop the Madness – The Role of Security Basics in a Complex World Enno Rey, erey@ernw.de . Intro ... - Multimedia (Quicktime, Real) - Flash - Acrobat](https://reader033.fdocuments.in/reader033/viewer/2022060517/604a24b3d4cee46dbf7d43a8/html5/thumbnails/50.jpg)
There’s never enough time…
50
THANK YOU… ...for yours!