Welcome!

User Security Training:

Keys to building an effective program

About Me:

Thomas Hegel CISSP, GCFE

Incident Response and Security Analytics Engineer

Threat Intel Team

The Problem:

Users are the easiest way into a network

Commonly under attack

Little focus from security teams

23% Open Phishing Emails

11% Open Attachments

Source: Verizon DBIR 2015

Source: SplashData’s Worst Passwords of 2014

Password Strength

123456 Weak

password Weak

12345 Weak

12345678 Weak

qwerty Weak

123456789 Weak

1234 Weak!!

Most Common Passwords:

Why Not?!

Source: Verizon DBIR 2015

Most Training:

The Solution:

Three Step Program:

Play Teach Test

Hands On

Fun

Relevant

Drive Towards:

Stronger Security Posture

Compliance Goals

Improved MTTD & MTTRDetect Respond

Step 1: Play

Gamification

Show Growth

Improve Retention

Speed up Learning

Sense of Achievement

Social Platform

Activity Feeds

Achievement Sharing

User Profiles

Friendly Competition

Rewards

100

50

10

Create Craving to Win and Keep Playing

Challenges

Spot the Phishing Email

Strong Password Creation

Improving Personal Security

Weekly/Monthly/Quarterly

CTF Events(Capture the Flag)

Correct answer (flag) generates point

Most points win

Challenge Levels for each skill of user

Friendly Competition (Team or Individual)

Beginner

Beginner Security Trivia

Myth or truth on security

Wireless best practices

Password Strength

Spot the Phish

Example: JeopardyLabs.com

JeopardyLabs.com

Intermediate

Trivia on current events

Online Self Defense

Recon Social Networks

Phish the competition

https://github.com/Nakiami/mellivora

Example: Mellivora

Advanced(hopefully)

Crypto

Exploits

Reversing

Forensics

Defense

Source: @edskoudis

Some Favorites:

Don’t Forget!

Fun for all

Rewards and Recognition

Participation and repetition

Avoid viewing it as “work”

Step 2: Teach

Relevant “security” information and guidance

Encourages discussions

Teaches the user to fend for themselves

Securing the Home Network

blog.logrhythm.com/security/7-home-network-security-tips/

Wireless Setup

Device Updates

Password Management

Smart Social Networking

Sharing Privacy

Photo Metadata

Social Engineering Capability

Spot Malicious Activity

Email Phishing

Phone Scams

Web Browsing

Mobile Device Security

Pin Setup

App Threats

Privacy Risks

Recovering/Locating

Step 3: Test

Find Weaknesses In Training and Response

Quantify ROI of Training Efforts

Phishing Emails

Open Message Rate

Open Attachment Rate

Report as Phishing Rate

IR/Security Mean Time to Detect

IR/Security Mean Time to Respond

Click Though Rates

Flash Drive Drops

Report to Security Rate

IR/Security Mean Time to Detect

IR/Security Mean Time to Respond

Plug in Rate

Rogue Wi-Fi

https://youtu.be/v36gYY2Pt70

Setup Wi-Fi Access

Provide Fake Landing Page

Get Credentials!

http://www.slideshare.net/heinzarelli/wifi-hotspot-attacks

Connection Rate

Credential Submission Rate

Report to Security Rate

“Malicious” Coupons!

QR Destination as “Malicious” URL

Print > Place on Cars in Lot

Rate of Connections

Rate Reported to Security

Yes, this is Bob from IT.Social Engineering Calls

Most Vulnerable Departments/Teams

Rate of Information Gathering

Rate of User Acceptance

Rate Reported to Security

Never Punish or Embarrass User

Improve Program With Metrics

Things to Remember..

Managing the Program:

Build a Plan

Continue Slowly

Start Small

Technical Controls:

Help The Users Win

Email Filtering

Quarantine Emails

Reject Emails

Monitor Emails

SPF DKIM DMARC

Reduced Spam and Spoofing

Authorized

Source?

True

Source &

Signed?

How to

Handle It

Internal Network Monitoring

Volume of Transferred Content

Access Patterns

Time-Based Behavioral Analysis

Activities of Job Dissatisfaction

Source: Verizon DBIR 2015

Block Known Bad Domains

Block Advertisements

Monitor DNS

Web Filtering

Misc.

Disable USB Ports for Unauthorized Users

Monitor for Rogue Access Points

Strong Password Requirements

Auto Lock Workstation

Summary:

Technical Controls

Business Results:

Stronger Security Posture

Compliance Goals

Improved MTTD & MTTR

Three Step Program:

Play Teach Test

User Results:

Change Users From This:

To This…

Thank you!Questions?

Thomas Hegel

Thomas.Hegel@logrhythm.com

blog.logrhythm.com