Here are my notes from the third day of the Hacker Halted conference.
An Ethical Hacker’s Perspective to Network Access Control
- Antivirus software is just a checkbox to most companies
- Layered security is a must
- Ghosts in the Browser paper – Tons of drive by downloads
- Gartner said by the end of 2007, 75% of enterprises will have malware in their network undetected
- NAC doesn’t protect mobile devices
- It might protect mobile devices from connecting into the corporate network, but what about the time between?
- Interesting data could be on the laptop
- Need for policies in a mobile NAC
- Limit functionality if not compliant
- Automatically fix the problem – restart AV, get patches, etc
- Formulate both a whitelist and blacklist of applications
- If connecting to a public wifi network, enforce mandatory use of corporate VPN
- Blackjacking
- 46% of corporations still use WEP
Stealth Web Attack
- Corporate espionage is largely underreported in the USA
- Oracle and SAP espionage case
- Society of Competitive Intelligence Professionals
- Information corporate spies seek
- Marketing and new product plans
- Source code
- Corporate strategies
- Target markets and prospect information
- Usual business methods
- Product designs, research, costs
- Alliance and contract arrangements
- Customer and supplier information
- Staffing, operations, and salary information
- Credit records
- There are so many components to security, does anyone know what everything does?
- Are people properly trained to do their job?
- Most can not be masters of their domain, they just need to get it working
- If there is an issue, the responsibility falls on you, not the vendor
- If there was a breach due to a vendor flaw, they will be upset at you, not the vendor
- USB Dumper
Leave A Comment