Sami Laiho on maailmatasemel Windows OS ja turbe tipptegija ning viib läbi enda koolitussarja BlackBelt. BlackBelt on Eestis ainus koolituste sari Windows OS turbe teemadel.
Loe Sami postitust infoturbe teemal aastal 2020.
If we look back at 2019 and try forecast the future security landscape it's quite easy to guess what your biggest threats are. In this article I will give you my predictions. To cure those deceases from your environment you need hardcore troubleshooting skills so I’ll touch on that topic as well.
First there are still two rules that rule out all possibilities of keeping your endpoints safe if not followed. First, the computers need to have BitLocker Full Volume Encryption or equal physical security. Remember that BitLocker needs to be on all endpoints and not just laptops. BitLocker does give you data encryption but it’s not its most important functions – Integrity is. BitLocker keeps your configuration intact and works like glue that you dip your computer in. Second, Principle of Least Privilege needs to be implemented. This means no admin rights for end users. The only way to block people from installing bad applications is to prevent them installing good applications – sadly. I have worked everywhere without admin rights since 2002 – on my course you will learn that there are no excuses to run as admin. “Old software just needs admin rights” or “Somethings in Windows can’t be done without logging in as an admin” are not correct. The user guide of NT 3.1 said, in 1993, that in Windows there is no security if log on as an admin – Just respect this rule. I have a customer who got rid of admin rights in 2018 and in 2019 they had 75% less tickets in their helpdesk – so it’s not expensive either. Users many times think that if they don’t have admin rights they can’t fix their computers – No, if they don’t have admin rights they can’t break them. Least privilege applies to Azure-like cloud services as well which is a reason why those are taught on my courses as well. You can get a great “20 things to implement to make Azure secure” -list from my security course.
How do we protect from Ransomware then? Most important things for you to implement are: BitLocker, Principle of Least Privilege, Directory Tiering, Whitelisting and MFA. All of which I will teach you how to on my course. I have implemented whitelisting in networks with more than half a million computers and more than 3000 apps, ranging from being built between 1990’s and 2020. So there really is no excuse to not whitelist. My whitelist in an environment of 100000 endpoints is only ten lines long – that’s my personal best but it’s more than a hundred lines even on average. So if you think you can’t whitelist because you have thousands of apps to whitelist you are doing it wrong anyway. Come to my course and learn to love whitelisting – it’s a lazy persons option as it saves you so much time on other fronts.
Now if we look at 2020 and beyond there is one thing we can be sure of: Monetizing is the key when it comes to bad people. That means Ransomware and Cryptominers are not going anywhere, quite the opposite. And the more devices you can infect the better. The latter means that Windows and Android will get the most malware. It’s interesting to note that Android is used more than Windows, and is way easier to hack than iOS, which really means you should take care of your mobiles as well. There are around 30000 new malware samples found per day for Android. To be fair Windows rules that statistic still with more than a million samples per day. Traditional antivirus can’t deal with this which means it’s better to put that license money aside and learn concepts from my course – they don’t cost anything and will keep you 99,99% secure – better than any paid software can.
The next biggest problem is Phishing. 99% of Phishing can be mitigated with MFA. So that’s something you need for sure. The last 1% is difficult as the only way really is to educate users, with either theory or attack simulations. Teaching end users is a really different task than teaching techies. I’m specialized in teaching thousands of end users so just ring me up if you need to train them as well. Also keep in mind that in 2019 internal threat caused attacks raised by 47%. Nowadays more than 1/3 attacks are caused by your own people.
If you need to deal with a breach or dig up evidence from an operating system you need to understand how Windows works. My troubleshooting courses, that you should both take (first the Troubleshooting, then the Advanced Troubleshooting) will not only make you a BlackBelt troubleshooter but greatly advance your skills as a security expert. Courses include how Windows works and is troubleshooted, how Sysinternals tools will make you a better troubleshooter/security expert, how to find advanced persistent threats and malware on your machine, how make slow logons a day in the past and how to tweak the page file settings for best performance or how to give your computer more battery life. On the first course you’ll learn the tools needed on the second course. These courses include Azure troubleshooting and security forensics as well.
When people ask me why am I a security expert nowadays I always say: „It’s because of my career as a troubleshooter – I know where to find trouble”. It’s not a joke at all. I know the OS so well that I can easily find holes in it.
So please join my courses either in-house or online, you won’t be disappointed. And you will get a full recording of the class to view as well