When a vulnerability assessment pentest
Download
1 / 46

When a vulnerability assessment > pentest - PowerPoint PPT Presentation


  • 109 Views
  • Uploaded on

When a vulnerability assessment > pentest. The Anomaly. $ whoami. Network Security for Dept of VA Father/Husband Fan of Futbol (Viva Mexico!) Fan of Martial Arts Brazilian JiuJitsu. $ whoami. $ whoami. $ whoami. $ whoami. What is a Pentest ?. Recon Pwnage Pillage Loot

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' When a vulnerability assessment > pentest' - maren


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Whoami
$whoami

  • Network Security for Dept of VA

  • Father/Husband

  • Fan of Futbol (Viva Mexico!)

  • Fan of Martial Arts

  • Brazilian JiuJitsu


Whoami1
$whoami


Whoami2
$whoami


Whoami3
$whoami


Whoami4
$whoami


What is a pentest
What is a Pentest?

  • Recon

  • Pwnage

  • Pillage

  • Loot

  • Report


What is a pentest1
What is a Pentest?

  • http://www.pentest-standard.org/

  • http://www.sans.org/reading_room/whitepapers/bestprac/writing-penetration-testing-report_33343

  • http://www.offensive-security.com/offsec/sample-penetration-test-report/


What is a pentest2
What is a Pentest?


What is a pentest3
What is a Pentest?


What is a pentest4
What is a Pentest?



Probando boligrafos
Probandoboligrafos

  • - How to Not get a good pentest?

  • http://blog.pentesterlab.com/2012/12/how-not-to-get-good-pentest.html

  • Marcus Ranum – “The only favorable or useful outcome of a pentest is the worst one.”

  • http://www.ranum.com/security/computer_security/editorials/point-counterpoint/pentesting.html


Pwning noobs
Pwningnoobs

  • Cons and breaking stuff tracks/talks

  • Social Media: If you break stuff, talk about how to fix it.

  • Reporting is Seriously lacking



Pentesting mi mujer me pega
Pentesting – mi mujer me pega

  • “Why don’t you find their weaknesses and then help them fix it?”




Vulnerability assessment2
Vulnerability Assessment

  • Scan, how? Inside, external, credentials, ips, firewalls

  • Agent based vs passive vs active

  • Results integration

  • Results reporting

  • Team player


Scan how
Scan how?

  • Scanner Location

    • inside Network, outside network

    • Denial of service

    • Nmap


Scan how1
Scan how?

  • Exclusions for Scanners

    • White box vs. Black box

    • Firewalls, IPS


Scan how2
Scan how?

  • Credentials

    • Windows Desktops and Servers

    • Linux/Unix servers with SSH account/keys

    • SNMP strings

    • Cisco/Networking SSH credentials

    • Be careful with credentials: Dave/Immunity, Ron/Tenable, Qualys, more.

    • https://lists.immunityinc.com/pipermail/dailydave/2013-February/000334.html


Credentials
Credentials?

  • Risks

    • Capture credentials

      • Use ssh keys

      • Never send clear text credentials

      • Secure your scanner applications

      • Passive Vulnerability (span port)


Scan how3
Scan how?

  • Remember HD Moore’s Law

    • “Casual attacker power grows at the rate of Metaspoit.”

    • - Joshua Corman



Agent vs active scanning
Agent vs Active scanning

  • Agent Pros

    • Near real time

    • No network traffic

    • No outages caused by scans

  • Agent Cons

    • May not be installed

    • May not be possible to install

    • Some vulns cannot be found


Vuln assessment and patch mgt
Vuln Assessment and Patch Mgt


Vuln assessment and patch mgt1
Vuln Assessment and Patch Mgt


Vuln assessment and patch mgt2
Vuln Assessment and Patch Mgt


Vuln scanning doing it right
VulnScanningdoing it right

  • Internal Scans

  • Credentialed Scans – Linux, Windows, Network devices

  • Vendor provided exploit availabilities and frameworks

  • Coordinate HIPS/NIPS, Firewall exclusions


Scan data integration
Scan Data integration

  • Integrate with Org CMDB

  • SA information

  • Satellite Server

  • SCCM

  • WSUS

  • BigFix


Scan data integration1
Scan Data integration

  • Integrate with Org CMDB


Scan data integration2
Scan Data integration

  • Sys Admin information

  • SA POC information (part of cmdb)

  • Sys Admin deemed important information

  • Manual updates from Sys Admins


Scan data integration3
Scan Data integration

  • Satellite Server

  • SCCM

  • WSUS

  • BigFix/Tivoli Endpoing Manager(TEM)

  • Red Hat patch info integration

  • Compare with Scan info


Scan data integration4
Scan Data integration

  • Where Does all this data go?

Access DB

Custom App with DB backend

Excel Spreadsheet

GRC – Governance Risk and Compliance

Any other solutions?


Scan data
Scan data

  • Incident Response

  • Import into org SIEM or incident correlation tool


Scan reporting
Scan Reporting

  • Executive reports on important issues

  • Report on Org specified critical findings

  • Organizational severity scoring


Scan reporting1
Scan Reporting

  • Organizational severity scoring


Scan reporting2
Scan Reporting

  • Java JRE vuln – RCE

    • Base Score = 9.3

    • Temporal Score = 7.7

    • Final Score = ?


Scan reporting3
Scan Reporting

  • Java JRE vuln – RCE

    • Base Score = 9.3

    • Temporal Score = 7.7

    • Final Score = ?



Scan reporting5
Scan Reporting

  • Default Credentials

  • Exploitable Vulns

  • Malware identification vulns

  • Indicators of Compromise

  • Configuration Auditing

  • More?


Call to action
Call to Action

  • Do work!

  • Improve scanning

  • Improve Patch Mgt

  • Integrate

  • Consolidate data

  • Customize to org needs

  • Work as a team ( Security, Sys Admin, Devs, Operations, etc)



ad