Founder and Managing Partner, BISS (Romania)
Mr. Toporan carries an expertise of almost 15 years of dedication to the cyber security field, actively introducing security technologies to the Romanian marketplace, along with leveraging the hype type of information that this particularly dynamic field of work has to deliver.
Passionate about information security and practical models of making it work for very heterogeneous environments, Mr. Toporan was involved in all BISS projects, from security base lining, to valid protection, remediation and resolution. Current interests outline security intelligence, identity and identity of things, vulnerability disclosures and operational total user management, mapped on the Romanian security ecosystem.
Eyes on the User!
(Paper delivered with Cristian Cucu)
Because your attackers are watching them too. Users are not responsible and not aware – you need to cover their back. Eg: Wherever and whenever users log on to any Windows workstation or servers they leave the password credentials behind. The common knowledge is that when we set up our password in Windows it is hashed and stored either in SAM or a ntds.dit database in Active Directory. This is useful for verification purposes, but if your operating system can re-use the password it means others can decrypt it!
Another thing is that when a hash is cached, it may be reused for authentication later => Brute-force or better Pass-The-Hash attacks. What about your power users?! What if half your admins just quit or move to your competitor; or they constantly move from a government organization to a private one for a better paycheck? Exactly who does what and where in your network – you need to establish and inforce that – monitor it, keep it updated – look for privilege access management and privilege identity management.
In addition, the headlines these days seem to focus on suspected hacking by third-party nation states like North Korea and Russia, leading many to assume incorrectly that the biggest privileged access threats posed to organizations are external. Despite the rash of high profile breaches involving abused or misused privileges garnering headlines recently, there has not been much progress in control over privileged access.
So there is more one should really care about, on all levels, and our proactive approach to security is to stay close to our customers and partners, to go beyond the deployment of perimeter and email security and touch the Internet together with the users and be there when they are on the verge of becoming victims.
Eyes on Your Assets!
(Paper delivered with Daniel Ilies)
Your IT environment is a complex machine of working “parts” that require updates, maintenance, and refreshing. Tracking those parts, or IT assets, from purchase through allocation and usage and eventually to disposal, ensures your assets are performing at maximum capacity.
The workshop is designed to give you the means to
– Discover and explore your IT environment to learn how your users interact with your hardware and software resources.
– Achieve a comprehensive understanding of your business needs as well as a complete picture of where your assets are at all times throughout their lifecycles.