When a vulnerability assessment pentest
This presentation is the property of its rightful owner.
Sponsored Links
1 / 46

When a vulnerability assessment > pentest PowerPoint PPT Presentation


  • 61 Views
  • Uploaded on
  • Presentation posted in: General

When a vulnerability assessment > pentest. The Anomaly. $ whoami. Network Security for Dept of VA Father/Husband Fan of Futbol (Viva Mexico!) Fan of Martial Arts Brazilian JiuJitsu. $ whoami. $ whoami. $ whoami. $ whoami. What is a Pentest ?. Recon Pwnage Pillage Loot

Download Presentation

When a vulnerability assessment > pentest

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


When a vulnerability assessment pentest

When a vulnerability assessment > pentest

The Anomaly


Whoami

$whoami

  • Network Security for Dept of VA

  • Father/Husband

  • Fan of Futbol (Viva Mexico!)

  • Fan of Martial Arts

  • Brazilian JiuJitsu


Whoami1

$whoami


Whoami2

$whoami


Whoami3

$whoami


Whoami4

$whoami


What is a pentest

What is a Pentest?

  • Recon

  • Pwnage

  • Pillage

  • Loot

  • Report


What is a pentest1

What is a Pentest?

  • http://www.pentest-standard.org/

  • http://www.sans.org/reading_room/whitepapers/bestprac/writing-penetration-testing-report_33343

  • http://www.offensive-security.com/offsec/sample-penetration-test-report/


What is a pentest2

What is a Pentest?


What is a pentest3

What is a Pentest?


What is a pentest4

What is a Pentest?


Injusticia

Injusticia!


Probando boligrafos

Probandoboligrafos

  • - How to Not get a good pentest?

  • http://blog.pentesterlab.com/2012/12/how-not-to-get-good-pentest.html

  • Marcus Ranum – “The only favorable or useful outcome of a pentest is the worst one.”

  • http://www.ranum.com/security/computer_security/editorials/point-counterpoint/pentesting.html


Pwning noobs

Pwningnoobs

  • Cons and breaking stuff tracks/talks

  • Social Media: If you break stuff, talk about how to fix it.

  • Reporting is Seriously lacking


Pentesting

Pentesting


Pentesting mi mujer me pega

Pentesting – mi mujer me pega

  • “Why don’t you find their weaknesses and then help them fix it?”


Vulnerability assessment

Vulnerability Assessment


Vulnerability assessment1

Vulnerability Assessment


Vulnerability assessment2

Vulnerability Assessment

  • Scan, how? Inside, external, credentials, ips, firewalls

  • Agent based vs passive vs active

  • Results integration

  • Results reporting

  • Team player


Scan how

Scan how?

  • Scanner Location

    • inside Network, outside network

    • Denial of service

    • Nmap


Scan how1

Scan how?

  • Exclusions for Scanners

    • White box vs. Black box

    • Firewalls, IPS


Scan how2

Scan how?

  • Credentials

    • Windows Desktops and Servers

    • Linux/Unix servers with SSH account/keys

    • SNMP strings

    • Cisco/Networking SSH credentials

    • Be careful with credentials: Dave/Immunity, Ron/Tenable, Qualys, more.

    • https://lists.immunityinc.com/pipermail/dailydave/2013-February/000334.html


Credentials

Credentials?

  • Risks

    • Capture credentials

      • Use ssh keys

      • Never send clear text credentials

      • Secure your scanner applications

      • Passive Vulnerability (span port)


Scan how3

Scan how?

  • Remember HD Moore’s Law

    • “Casual attacker power grows at the rate of Metaspoit.”

    • -Joshua Corman


Scan how4

Scan how?


Agent vs active scanning

Agent vs Active scanning

  • Agent Pros

    • Near real time

    • No network traffic

    • No outages caused by scans

  • Agent Cons

    • May not be installed

    • May not be possible to install

    • Some vulns cannot be found


Vuln assessment and patch mgt

Vuln Assessment and Patch Mgt


Vuln assessment and patch mgt1

Vuln Assessment and Patch Mgt


Vuln assessment and patch mgt2

Vuln Assessment and Patch Mgt


Vuln scanning doing it right

VulnScanningdoing it right

  • Internal Scans

  • Credentialed Scans – Linux, Windows, Network devices

  • Vendor provided exploit availabilities and frameworks

  • Coordinate HIPS/NIPS, Firewall exclusions


Scan data integration

Scan Data integration

  • Integrate with Org CMDB

  • SA information

  • Satellite Server

  • SCCM

  • WSUS

  • BigFix


Scan data integration1

Scan Data integration

  • Integrate with Org CMDB


Scan data integration2

Scan Data integration

  • Sys Admin information

  • SA POC information (part of cmdb)

  • Sys Admin deemed important information

  • Manual updates from Sys Admins


Scan data integration3

Scan Data integration

  • Satellite Server

  • SCCM

  • WSUS

  • BigFix/Tivoli Endpoing Manager(TEM)

  • Red Hat patch info integration

  • Compare with Scan info


Scan data integration4

Scan Data integration

  • Where Does all this data go?

Access DB

Custom App with DB backend

Excel Spreadsheet

GRC – Governance Risk and Compliance

Any other solutions?


Scan data

Scan data

  • Incident Response

  • Import into org SIEM or incident correlation tool


Scan reporting

Scan Reporting

  • Executive reports on important issues

  • Report on Org specified critical findings

  • Organizational severity scoring


Scan reporting1

Scan Reporting

  • Organizational severity scoring


Scan reporting2

Scan Reporting

  • Java JRE vuln – RCE

    • Base Score = 9.3

    • Temporal Score = 7.7

    • Final Score = ?


Scan reporting3

Scan Reporting

  • Java JRE vuln – RCE

    • Base Score = 9.3

    • Temporal Score = 7.7

    • Final Score = ?


Scan reporting4

Scan Reporting


Scan reporting5

Scan Reporting

  • Default Credentials

  • Exploitable Vulns

  • Malware identification vulns

  • Indicators of Compromise

  • Configuration Auditing

  • More?


Call to action

Call to Action

  • Do work!

  • Improve scanning

  • Improve Patch Mgt

  • Integrate

  • Consolidate data

  • Customize to org needs

  • Work as a team ( Security, Sys Admin, Devs, Operations, etc)


Questions

Questions?


  • Login