Wrap Up: DCMeetup1708 – Usable & Effective Security for Empowered Users, Cloud & Mobile

Todays meeting was based on an presentation given by the company Duo in order to inform meetups members of the different products and or services that they produce.  One topic that stood out to me is the complexity is hard to secure in terms of a vast network where numerous users are attempting to reach resources.  This is a growing issue for today’s information security because of the numerous types of devices users are using, and the different privileges associated with those users is a daunting task.  Another important fact that was discussed is the risk over vulnerability and response cycles shows that most systems are compromised not as a result of zero-day vulnerabilities, but actually after the patch is available because it shows the attacker how to exploit a system based on the patch that is available.  It was also determined that end-users are ultimately the biggest lability as it relates to statistics regarding breaches that involve compromised credentials.  Security best practices were discussed in order to explain the importance of verification of users, verifying user devices, and protecting every application.  This is a great resource for individual user devices and large organizations with multiple users and devices.  This is a great way for users to focus on security from a different position than traditional network traffic analyzers, to a more complex approach that doesn’t just monitor traffic but identifies specific users and applications.

Duo essentially serves a cloud solution in order to verify user trust, verify device trust, and secure single sign-on for other applications such as salesforce, box, office 365, sharepoint, atlassian, and splunk to name a few based on infrastructure specifics as it relates to users within the directory and the devices associated with those users.  It serves a new security perimeter for remote employees, cloud applications, mobile devices, hybrid cloud, personal devices, as well as vendors and contractors.  What is considered to be the old perimeter only inhibits endpoints, on-site users, servers, and applications.  So a question I had after the presentation is who actually monitors the Duo application as it pertains to focusing on the organization that is using the product.  Jamie Pringle, Application Specialist with Duo answered this question by describing the relationship they have with the customer as serving from more of  a support position.  “We serve our customers from an assisting point of view”, stated Pringle. This is done by giving ultimate control to the security administrator within the organization, and providing assistance to designated information security personnel as needed.  We finished out the meetup by discussing some of the mechanisms with the SEToolkit within the Kali Linux operating system.  We worked engineering attack, through the vector of a Web Attack, via a site cloner in order to compromise a user’s credentials.  We rounded everything up by going over the open-source research tool inteltechnique  in order to target specific domains in order to perform a web attack using the SEToolkit.  

Leave a Reply