Inzet van kennisportals tussen organisatie en klant
18
Workshop “Inzet van kennisportals tussen organisatie en klant” Boyd Hendriks Vogin-IP lezing 3 maart 2016
Transcript of Inzet van kennisportals tussen organisatie en klant
Workshop “Inzet van kennisportals tussen organisatie en klant”
Boyd HendriksVogin-IP lezing 3 maart 2016
KlantOf
gebruiker
€Dienstverlener
Traditioneel verdienmodel van dienstverlening
taxonomie
K-kaart
I-kaartKennis/dossiers
adviseur
Dienstverlener 100% advies
100% informatie
Klant of gebruiker
Kennismanagement
Verbreed verdienmodel van dienstverlening
Klant of relatieportaal
Kennis/dossiers
adviseur
Dienstverlener 100% advies
100% informatie
Klant of gebruiker
Kennismanagement
Wie is de klantof de gebruiker
regio
organisatieTeam / afdeling
individu
global
Dienst-verlener
Klant of gebruiker
Private-cloud
Public-cloud
Architectuur
InformationListed clustered prioritised
abstracted
Alerted
analysed
recommended
concluded
Information value chain
Dienst-verlener
Klant of gebruiker
Private-cloud
Public-cloud
Security
Private-cloud
Public-cloud
1-Footprinting - Determining the targets footprint, e.g. DNS records, IP scope, public information, contact information, etc.
2-Scanning - Determining the targets openings, e.g. service ports, wireless networks, modems pools, vpn servers, etc.
3-Enumeration - Determining the services behind the openings, e.g. webservers, systems, routers, firewalls, wifi authentication, etc.
4-Penetration - Selecting appropiate exploits and penetrate the target, e.g. SQL injection, buffer overflow, password attacks, etc.
5-Escalation - Escalation of the credentials to admin or root, e.g. dll injection, local exploit, configuration change, sceduled jobs, etc.
6-Getting Interactive - Getting a remote shell or GUI on the target, e.g. RDP, VNC, NetCat, etc.7-Expanding Influence - Moving from the initial target as a foothold or beach-head to the rest
of the network taking over the domain.8-Cleaning Up - Ensuring backdoors and removing evidence, e.g. rootkits, log removal,
log editing, etc.9-Reporting - Writing and presenting a report on the pen-test to the owners of the network
one had authoritation to test.
Pentest
2% aanjagers
14% snelle instappers
34% vroege helft
34% late helft
16% onwilligen
stagnatie
Het gebruik van het klantportaal
Acceptatie
Tijd
Dank voor uw aandachtVragen ?
