GCSCAugust 2005

Backup Exec Critical Vulnerability Cannot offer tcp/6101, tcp/6106 & tcp/10000 to

offsite Will be scanning from offsite soon

Strongly encouraged to limit access while onsite to only between the backup servers & clients

Will be performing onsite scans in a few months

MS05-039 Critical Vulnerability 22 infections ~200 vulnerable machines

Need better patching efforts across the Lab (DOE will be happy to do this for us)

NIMI & SMS worked very well How can CST communicate better?

DOE wants our jobs Patching Virus Scanning Access Controls Baseline Configurations Versioning System Administration Inventory/Asset Management User tracking/authentication/identification

Penetration Testing Preparation Policies and Procedures C&A Package Security Plans Risk Assessments Self Assessments Network Diagrams Access Control Lists Firewall Rules Netblock Information Phone number blocks WLAN Access Points

Penetration Testing External:

Footprinting NMAP Nessus Exploit Wardialing

Penetration Testing cont Internal:

Very loud/no masking/no IDS evasion Wardriving NMAP Nessus/ISS/SAINT CANVAS/Metasploit/Custom Exploits Exploit misconfigurations Last resort: ARP poisoning/AP impersonation No intentional DoS, but may crash services

Penetration Testing cont Social Engineering:

Opt-in for the ASSIST, required for Red Team Call helpdesks to get passwords reset/given over

phone Crafted/directed emails Driveby emails Plants

Penetration Testing cont Reports:

Big stack of open ports/reachable hosts Nessus/ISS canned reports Evaluated vulnerability reports