Why Zero Trust: 10 Big Little Sins of Infrastructure Security

Understanding and implementing cloud security is crucial for any business in this new decade. It is not everything, as there are lots of security mistakes that could be made by administrator and users as well. The reasons are very typical: lack of time, monitoring systems, or knowledge. We will discuss the so-called "Big Little Sins" of infrastructure to make all those networks significantly more secure! During the presentation, we will be demoing various examples of kill-chains, most of them taken from practice. Kill-chains represent realistic but also surprising infrastructure takeovers, they usually start with user or even no privileges. Demonstrations will be followed up with a zero trust approach for administrative accounts, implemented according to best security practices. Participants will receive a ready-to-launch approach and knowledge to start implementing zero trust Zero trust is an important concept to know and implement. All from the perspective of very engaged cybersecurity experts, engaged with research and supported by the team. What you will learn: • How hackers start their attacks, • What are the lateral movement techniques used nowadays, • How VPN connection could be dangerous and what to do to secure it, • How to find ‘low hanging fruits’ in misconfigurations and how they can be overused by hackers, • What are the kill-chains seen in practice? • What are the good practices for securing the environment?