1 / 40

MARCUS.MURRAY @ TRUESEC.COM Blog: Truesecurity.se Twitter: marcusswede

MARCUS.MURRAY @ TRUESEC.COM Blog: Truesecurity.se Twitter: marcusswede. Whoami ?. Design secure infrastructure. MVP – Enterprise Security. Speaking engagements. Security Team Manager Truesec. Incident responce. Security Assessments/Penetration Testing. Session Goal.

elga
Download Presentation

MARCUS.MURRAY @ TRUESEC.COM Blog: Truesecurity.se Twitter: marcusswede

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. MARCUS.MURRAY @ TRUESEC.COM Blog: Truesecurity.se Twitter: marcusswede

  2. Whoami? Design secure infrastructure MVP – Enterprise Security Speaking engagements Security Team Manager Truesec Incident responce Security Assessments/Penetration Testing

  3. Session Goal • Make you start thinking about testing your security • Give some EXAMPLES of things you can test • Provide some tools/methods/ideas on testing

  4. Why do wee need to care about threats?

  5. Sony PSN

  6. 8 Deadly sins in IT-Security • Unpatched systems • Weak passwords • Weak exposed client applications (Hardening/configuration) • Weak exposed server services (Hardening/configuration) • Weak local applications (Hardening/configuration) • Sensitive network traffic exposure • Weak access control to protect sensitive data • System dependencies

  7. Unpatched systems • 2 different approaches to choose from • Patch inventory platforms • MBSA • Shavlic • Etc.. • Vulnerability scanners/attack testing platforms • Core Impact • Nessus • Metasploit • Etc...

  8. Unpatched systems

  9. Weak passwords • Many places to test • Active Directory • User accounts • Computer accounts! • Local SAM • Other services (SQL/Webapplications/VNC etc., etc.) • 2 main methods • Active testing (Brute force/dictionary) • WARNING – don’t forget password lockout policys! • Passive testing

  10. Weak passwords

  11. Weak exposed client applications (Hardening/configuration) • Common issues: • Macro Security! • Outdated versions of applications • Browser plugins • Acrobat reader (over and over again...) • Java • Tools: • https://browsercheck.qualys.com/

  12. Weak exposed client applications (Hardening/configuration)

  13. Weak exposed server services (Hardening/configuration) • Most common: • WEB • SQL • Testing: • Web/sql is challenging to test • There are automated tools out there • Often misses weaknesses • False positives common • Manual testing by experienced tester is recommended • Common weaknesses: Injections/XSS/shared passwords embedded in client application etc. etc.

  14. Weak exposed server services (Hardening/configuration)

  15. Weak local applications (Hardening/configuration) • Anything that is run in admin privs and writable with user privs • Registry • File system • Services • Scheduled Tasks • Processes

  16. Weak local applications (Hardening/configuration)

  17. Sensitive network traffic exposure • Weak protocols: • SMB • http • telnet • Snmp • ftp • RDP • Etc.. • Tools: • Wireshark/Cain etc.

  18. Sensitive network traffic exposure

  19. Weak access control to protect sensitive data • Very often high privileges are stored in files accessible by domain users or even everyone! • Scripts • Backups • Webconfigs • Password reaminder docs • Config files

  20. Weak access control to protect sensitive data

  21. System dependencies • Very often the privileged accounts are stored on systems with lowers security demands • Local admin reuse • Exposed Domain admin logons • Reused service accounts • Tools: • Gsecdump • Lslsass • parallelltask

  22. System dependencies

  23. Process of testing • Decide what tests you want to run • For each test: • Set up a test goal • Identify targets • Find the right tools • Identify risks • Define and try methology to manage risks • Backup/restore/Rollback/Failover/Point of contact • Set up a test methology • Test in a controlled environment • Get acceptance from system owners!! • Perfom test • Analyse result • Take actions

  24. Some resources  • Open Source Security Testing Methodology Manual http://www.isecom.org/osstmm/ • Microsoft Baseline Security Analyzer 2.2 http://technet.microsoft.com/en-us/security/cc184923 • Nessus http://www.nessus.org/products/nessus • Truesec.com www.truesec.com

  25. Stay up to date with TechNet Belux Register for our newsletters and stay up to date:http://www.technet-newsletters.be • Technical updates • Event announcements and registration • Top downloads Join us on Facebook http://www.facebook.com/technetbehttp://www.facebook.com/technetbelux LinkedIn: http://linkd.in/technetbelux/ Twitter: @technetbelux DownloadMSDN/TechNet Desktop Gadgethttp://bit.ly/msdntngadget

  26. TechDays 2011 On-Demand • Watchthis session on-demand via TechNet Edge http://technet.microsoft.com/fr-be/edge/http://technet.microsoft.com/nl-be/edge/ • Download to your favorite MP3 or video player • Get access to slides and recommended resources by the speakers

  27. Security Training event! Understand how hackers attack Microsoft platforms • 3 days with Marcus Murray • Hands on labs • Understand how hackers attack Microsoft platforms • The tools & methods they use • Amsterdam, Netherlands June 20-22, 2011 Register at www.truesec.com

  28. THANK YOU Marcus.Murray @ Truesec.com

More Related