Fighting Data Exfiltration with BSD
Today's software systems and networks are a large and complex fertile landscape for those looking to test and break an organization's security. Data breaches have become the accepted norm. We are no longer shocked when a government agency, hospital or company loses control over millions of records compromising the personal information of those we love and they vowed to protect. In addition security products are numerous and expensive.
In this talk we're going to explore how to use free software built into BSD operating systems to detect and fight data exfiltration. We'll explore:
- What gets logged on a system and network level and what doesn't
- What common network application servers need additional logging configured
- How to supplement your data access logging with auditd & Hardened BSD
- How to easily build a custom application access logging framework
- How to ensure data leaving the network is always attributed to a specific user with authpf
- How to look for abnormal traffic usage spikes with the pf firewall
- How to identify and classify your data and the risk it poses if exposed
- Creating custom tools to test your new logging and auditing infrastructure
- Creating your own internal honeypots to catch intruders before real data is found
- Creating a simple plan for backing up and encrypting your data at rest
You'll leave this talk with a concrete methodology to follow to bring your readiness to fight data exfiltration up to the next level and how to sleep a little bit better at night.