SDL Episode17

From Paul's Security Weekly
Jump to: navigation, search

Secure Digital Life #17

Recorded May 30, 2017 at G-Unit Studios in Rhode Island!

Episode Audio

Coming Soon!

Hosts

  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Russell Beauchemin
    Cybersecurity & Network Security Program Advisor and Director of Instructional Support & Learning Innovation at Roger Williams University.
  • WannaCry

    Doug explains the Morris Worm and worms in general 2 - Nov 1988 -- exploited sendmail and fingerd

    Talk about why SOHO equipment has a "kind of" built in defense by blocking ports by default. -- Russ

    Talk about Port 445 and 3389 type stuff -- Doug and Russ

    Doug and Russ talk about how WannaCry works Encrypts by file extensions The sad story of ForeverHack Uses AES 128 to encrypt all those files with those types of extensions

    Doug talks about cracking encryption. AES 128 is breakable but good luck

    So, what to do: You are got!

    Airgap so it doesn't spread Ensure the machine is isolated Evaluate your backup situation If backed up wipe reinstall Run windows update install cyberreason and malwarebytes restore else pay up? It may be possible to break this so check out the current state and see if restore is

    What you should do: Install malware bytes and keep it current Install cyberreason and keep it current Check your borders to ensure that you don't have open ports (particularly 445) Turn on Automatic Update Have a long talk with everyone in your network about phishing and updates Enterprise people, work on your patch handling

    And finally Make backups and create a backup vault (offline) Use a removable drive but you have to REMOVE it. If it stays connected, toast. You can use cloud storage for this but ensure it is protected (not live) or the encryption will likely jump the gap.