S ecurity intro. Mahmoud El-Naggar Senior Information Security Engineer
Security intro.
Mahmoud El-NaggarSenior Information Security Engineer
Agenda• Files Concept.
• Files Requirements.
• Now! Files = $$$
• Operation Triangle.
• Attacker vs Defender.
• Defense Tech. [Kill Chain].
• Security Layers Standard
Data Files
• Don’t be confused and consider any type of data as a file.
• Originally any file type (.exe, .png, .c, … , etc.) was a text file and got some processing operation.
• ex, this presentation(txt pptx).
Files Requirements• Files needs some HW to store,
process and operate.
• Files needs also some SW to manage, organize, edit, and present.
Now! Files = $$$• Credit cards, Banking files,
Password files, Source codes, Military designs and plans, all and more must be secured.
• Security must be established on firm bases.
Operation Triangle
• Security vs. functionality vs. Ease of use.
• Any system must has a value in the 3 variables.
• Optimize your needs, Think for security.
Attacker vs. Defender
- Attacker acting with OR concept. - Defender must act with AND concept.
- Now, Attacks is targeted and advanced. - Defenders must think as Attackers
“AND” & “OR” Meanings- The Attacker thinking as “OR” function, a “1/True” in the equation is
enough, as information he gathered about the target as the variety of attacking vector he can exploit.
- Variety of attacking vectors seems like Swiss knife in hand of the attacker which he can use any of it’s tools to successful the attack
- The Defender must think as “AND” function, which all variables must be “1/True”, only one “0/False” is enough to successes the attack.
- So, the Defender must raise all shields in front of the Attackers, and keep monitor the Attackers manipulation.
Kill Chain
• Kill Chain, is a known steps/chain that Advanced Threats may pass.
• Understanding this chain for each attack, will help to protect against the attack, and also in remediation.
• Some attacks pass all the chain, some pass only some steps, but the protection approach must have the ability to cut/kill the chain in any step.
• Protection approach also must have a clear strategy for detectpassed/ more advanced attacks ( failed to defend against), and give a detailed information about, which will help to take a fast- correct decision and defeat the advanced attacks with minimum impacts.
• Any critical Subjects, like Information Security, Military and Defense, Aviation, etc., is very wide and difficult to specialize in all it’s divisions.
• Easier, Divide this critical subject into main layers and each layer to main topics, then cover each topic with variety of technologies.
• Then, Well integrate between each part to make a full security solution in defense, detection, defeating, testing and monitoring.