Sunday, April 29, 2018

2018-014- Container Security with Jay Beale


 

 

Container security

 

Jay Beale  @inguardians , @jaybeale

 

Containers

  • What the heck is a container?
    • Linux distribution with a kernel
      • Containers run on top of that, sharing the kernel, but not the filesystem
    • Namespaces
      • Mount
      • Network
      • Hostname
      • PID
      • IPC
      • Users
  • Somebody said we’ve had containers since before Docker
    • Containers started in 2005, with OpenVZ
    • Docker was 2013, Kubernetes 2014
  • Image Security
    • CoreOS Clair for vuln scanning images
    • Public repos vs private
    • Don’t keep the image running for so long?
    • Don’t run as root
  • More Containment stuff
    • Non-privileged containers
    • Remap the users, so root in container isn’t root outside
    • Drop root capabilities
    • Seccomp for kernel syscalls
    • AppArmor or SELinux
  • All of above is about Docker, what about Kubernetes
    • Get onto most recent version of K8S - 1.7 and 1.8 brought big security improvements
    • Network policy (egress firewalls)
    • RBAC (define what users and service accounts can do what)
    • Use namespaces per tenant and think hard about multi-tenancy
    • Use the CIS guides for lockdown of K8S and the host
    • Kube-bench

Difference between containers and sandboxing

 

Roll your own -

    Containers

        Using public registries - leave you vulnerable

        Use your own private repos for deploying containers

 

Reduce attack surface

Reduce user access

 

Automation will allow more security to get baked in.

 

https://www.infoworld.com/article/3104030/security/5-keys-to-docker-container-security.html



https://blog.blackducksoftware.com/8-takeaways-nist-application-container-security-guide





https://www.vagrantup.com/downloads.html

 

https://www.vmware.com/products/thinapp.html

 

https://www.meetup.com/SEASec-East/events/249983387/





S3 buckets / Azure Blobs

 

https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services

 

https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Friday, April 20, 2018

2018-013-Sigma_malware_report, Verizon_DBIR discussion, proper off-boarding of employees


Report from Bsides Nash - Ms. Berlin

New Job

Keynote at Bsides Springfield, MO

Mr. Boettcher talks about Sigma Malware infection.

 

http://www.securitybsides.com/w/page/116970567/BSidesSpfd

**new website upcoming**

Registration is coming and will be updated on next show (hopefully)

DBIR -https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf

 

VERIS framework

http://veriscommunity.net/

 

53,000 incidents

 

2,216 breaches?!

 

73% breaches were by outsiders

 

28% involved internal actors (but needs outside help?)

 

Not teaching “don’t click the link”, but instead teach, “I have no curiosity”

   

Discuss "Dir. Infosec" Slack story as method to halt infection

 

https://www.tripwire.com/state-of-security/security-awareness/women-information-security-amanda-berlin/

The “Living off the Land” trend continues with attack groups opting for tried-and-trusted means to infiltrate target organizations. Spear phishing is the number one infection vector employed by 71 percent of organized groups in 2017. The use of zero days continues to fall out of favor.

 

Off boarding people… so much process to get people on, but it’s just not mature getting people out...

 

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Wednesday, April 11, 2018

2018-012: SIEM tuning, collection, types of SIEM, and do you even need one?


Bryan plays 'stump the experts' with Ms. Berlin and Mr. Boettcher this month...

We discuss SIEM logging, and tuning...

How do SIEM deal with disparate log file types?

What logs should be the first to be gathered?

Is a SIEM even required, or is just a central log repo enough?

Which departments benefit the most from logging? (IT, IR, Compliance?)

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Tuesday, April 3, 2018

2018-011: Creating a Culture of Neurodiversity


Megan Roddie discusses being a High functioning Autistic, and we discuss how company and management can take advantage of the unique abilities of those with high functioning autism.

Direct Link:  http://traffic.libsyn.com/brakeingsecurity/2018-011.mp3

 

Matt Miller's Assembly and Reverse Engineering Class:

Still can sign up! The syllabus is here:  https://drive.google.com/open?id=1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0

 

 

SHOW NOTES:

 

Link to Megan’s slides

 Megan Roddie (@megan_roddie

  1. Diversity - Why managers should strive for diverse teams - First, Break All the Rules: What the World's Greatest Managers Do Differently
    1. Strengths - hire people based on their strengths, not their weaknesses (see StrengthsFinder 2.0)
      1. regarding Grant and Lee
        1. Megan: 1. Achiever, 2. Learner, 3. Intellection, 4. Focus, 5. Harmony
        2. Bryan:  Learner, Ideation, Futuristic, Significance, Focus
        3. Amanda: Restorative, Learner, Input, Ideation, Focus
        4. Brian: Maximizer, Learner, Responsibility, Individualization, Belief
      2. Scores
    2. Weaknesses - weaknesses are made irrelevant by the strengths of others.  If one employee has a weakness, you can hire someone who has great strength in that area.
    3. Sports teams quote (Slide 6)
    1. What is it? (vs. neurotypical)
    2. What are weaknesses of HFAs?
    3. What are strengths of HFAs? (Slides 17 - 22)
  2. HFA
    1. One-on-one time is the SINGLE most effective management tool, works with HFAs and neurotypicals alike → guide
    2. Examples (Slide 28)
    3. Pants
    4. Introductions (vendor meet at BSides example)
    5. Some (most?) neurotypicals get offended
  3. How to manage or work with HFAs
    1. Tips (slides 32-34)
    2. Structure and Routine → Productivity
    3. Clarity → Thorough Work
    4. Patience and Understanding → Dedicated & Passionate Employee
  4. Needs

 

 

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!