This upcoming DefSec PASCAL event will be featuring a substitute presenter: Wireglitch talking on the basics of SIEM (Security Information & Event Monitoring), including how to configure your own from the ground up.
Magneto will be back for the following DefSec and will cover Linux as planned.
Some Teams are Red, Others are Blue, I Play Defense, and So Can You!
An endpoint security primer in three (?-ish) parts.
Part 1: MacOS
Part 2: Windows
Part 3: Linux
Come learn about the other side of the cybersecurity equation: how to raise the bar for attackers trying to pwn your endpoints. This talk series will focus on sane, sensible, and usable defaults; what each operating system can bring to the table; security through proper configuration; and small/medium scale distribution and management.
Part 1: We'll start with a broad overview of securing endpoints, the classes of attacks that might be encountered depending on your use cases, and what it means to be "secure." Then, we'll talk about configuring macOS for reasonable security, beginning with the hardware chain of trust, moving through the bootloader and touching on what Apple's hw/sw integration allows for: Activation Locks, MDM/DEP, and Software Recovery. Moving up the stack, we'll discuss the tiers of built-in macOS software security, and if time permits, several third party options to strengthen endpoint options.
Part 2: Let's kick off with quick refresher on previous topics, and then dive right in to Windows endpoint security. Because of the diversity of hardware, there will be less low-level focus this session, but BitLocker, TPM, and OPAL will be in the mix. Then, learn why Secure Boot is not a conspiracy, how Hyper-V is bae, why Windows 10 is actually the best thing since... earlier Windows 10 releases!, what Group Policy can do for you, and which version of Windows is the minimum necessary for any kind of sanity.
Part 3: In the stolen words of Steve Ballmer, compartmentalize compartmentalize compartmentalize! We'll talk about mitigating inevitable compromise, and then move to Linux security. Coreboot, Heads, and refreshers from PC hardware kick us off, then it's into the wilderness! We'll try and nail down some best practices for the wide and varied world of Linux distros, the security benefits of containers, why Flatpak is awesome, and a quick touch on grsecurity (aka "why we can't have nice things"). If there's time, we'll even try to talk about the security benefits of other *nix's like OpenBSD & Qubes.
Part 4: This is unwritten, unplanned and unscheduled, but part 4 (and 5, and beyond!) could include topics like:
- hypervisors! and why trying to share memory has yet to be a good idea;
- how to do your best to secure them anyway;
- how and why you should deploy hardened and/or minimum viable configurations automatically (ansible, JAMF, AD/SCCM...)
This is intended as a high-level overview to get a baseline for each of the three operating systems; content will change and grow based on feedback and requests. Come help me evolve my endpoint security game, and steer the course for future events!
This series is brought to you by PASCAL Hackerspace, and presented by Magneto (the hacker, not the mutant...ok well, he *could* be a mutant for all we know...)
Magneto is: prototyping the future. trying to kill sleep. Security analysis and automation for profit. Other security-related things for fun. Obtuse prose. Dream job: Starship Captain. There's a reason for the nickname.