SIM404. Question Source: Demotivation To prevent this.!
-
Upload
leslie-austin -
Category
Documents
-
view
223 -
download
2
Transcript of SIM404. Question Source: Demotivation To prevent this.!
![Page 1: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/1.jpg)
Hey, You! Get Off My Network! (Repeats on 5/19 at 8:30am)
ERDAL OZKAYA Licensed Penetration Tester–MVP-MCT-CEI CEO IT TRAINING [email protected]
Elias [email protected]
SIM404
![Page 2: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/2.jpg)
Agenda:
Hack Proof Your Server Demo What is Penetration Testing Demo
![Page 3: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/3.jpg)
Question
Is Security Part of Your Job?
![Page 4: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/4.jpg)
Think Again!!!
Source: Demotivation
![Page 5: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/5.jpg)
![Page 6: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/6.jpg)
To prevent this.!
![Page 7: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/7.jpg)
![Page 8: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/8.jpg)
Best Practices to Keep Your Servers SAFE!
Golden Rule!
There is no way to STOP a Hacker, you can only make their
job HARDER !
![Page 9: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/9.jpg)
Sound familiar ?
Costs too much money!Too complicatedNot worth the bother!!My SIMPLE firewall protects me We have got “A” Solution
![Page 10: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/10.jpg)
1. If Possible Use Windows SERVER 2008 R2 CORE
![Page 11: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/11.jpg)
Windows Server Core is Secure Because
There is no GUI shellReduced maintenanceReduced attack surface areaReduced management Less disk space required to install
![Page 12: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/12.jpg)
2. Use AppLocker
Replaces the Software Restriction Policies feature
AppLocker will reduce administrative overhead and help administrators control how users can access and use files, such as .exe files, scripts, Windows Installer files (.msi and .msp files), and DLLs
![Page 13: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/13.jpg)
3. Use Biometrics
Server 2008 R2 enables administrators and users to use
Fingerprint biometric devices to log on to computers,Grant elevation privileges through User Account Control (UAC)Perform basic management of the fingerprint devices.Manage fingerprint biometric devices in Group Policy settings by enabling, limiting, or blocking their use
![Page 14: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/14.jpg)
4. Use Smart Cards
Server 08 R2 make smart cards easier to use and to deploy, and makes it possible to use smart cards to complete a greater variety of tasks
![Page 15: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/15.jpg)
5. Use Strong Passwords
Mandate a minimum password length of at least 8 characters, consider 12… 7 or under is bad under all circumstances
Audit Passwords against English words; (Cain & Abel can do some of it)
Avoid too complex passwords ( for end users)
Train users to avoid simple English words
Remove LM Win 7 and Server 2008 R2 have no support for LAN Man hashes or authentication at all
![Page 16: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/16.jpg)
6. Use Service Accounts
To enhance security while simplifying or eliminating password and Service Principal Name (SPN) management
1. Managed service accountIs designed to provide crucial applications such as SQL Server and IIS with the isolation of their own domain accounts, while eliminating the need for an administrator to manually administer the SPNand credentials for these accounts
2. Virtual accounts Are "managed local accounts" that can use a computer's credentials to access network resources
![Page 17: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/17.jpg)
7. User Account Control (UAC)
The access control model changed to help mitigate the impact of a malicious program; When a user attempts to start an administrator task or service, the UAC dialog box asks the user to click either Yes or No before the user's full administrator access token can be used
Changes in Server 08 R2 areIncrease the number of tasks that the standard user can perform that do not prompt for administrator approval
Allow a user with administrator privileges to configure the UAC experience in the Control Panel
Provide additional local security policies that enable a local administrator to change the behavior of the UAC messages for local administrators in Admin Approval Mode
Provide additional local security policies that enable a local administrator to change the behavior of the UAC messages for standard users
![Page 18: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/18.jpg)
8. Windows Security Auditing
With Server 08 R2 all auditing capabilities have been integrated with Group Policy
Server R2 increase the level of detail in security auditing logs and simplify the deployment and management of auditing policies
New enhancements areGlobal Object Access Auditing"Reason for access" reportingAdvanced audit policy settings
![Page 19: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/19.jpg)
9. Run Security Configuration Wizard (SCW)
SCW guides you through the process of creating, editing, applying, or rolling back a security policy
SCW benefitsdisables unnecessary servicesdetects role dependenciesIt provides hot links to get online helpCan be deployed via Group Policy
![Page 20: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/20.jpg)
10. Use Windows Firewall
Windows Firewall with Advanced Security is an advanced interface for IT professionals
Windows Firewall with Advanced Security is not for home users
![Page 21: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/21.jpg)
11. Disabling Insecure User Accounts
In Windows 2008 server installation, two accounts are created by default
Administrator and GuestDisable or rename admin account
![Page 22: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/22.jpg)
12. Use BitLocker
BitLocker Drive Encryption allows you toEncrypt all data stored on the Windows operating system volumeconfigured data volumes,by using a Trusted Platform Module (TPM), it can also help ensure the integrity of early startup components
![Page 23: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/23.jpg)
13. Use Windows 2008 R2 NAP
Network Access Protection monitors and assess the ‘health” of hosts in a network to determine their level of compliance to the configured health policy. NAP ensures that vulnerable/infected systems don’t become a launch pad for a more wide spread hacker/malicious code attack
![Page 24: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/24.jpg)
14. Use Microsoft Baseline Security Analyzer
MBSA is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems
http://www.microsoft.com/mbsa
![Page 25: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/25.jpg)
15. Be Aware of Social Engineering
![Page 26: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/26.jpg)
Social Engineering Explored
There is no method to ensure complete security from social engineering attacksIts difficult to detectSecurity policy's are strong as their weakest link, and humans are the most susceptible factorThere is no specific SOFTWARE or HARDWARE to defend against it
![Page 27: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/27.jpg)
What Else Can You Do to Protect Your Servers?
Learn to look for weakness...The old excuse is not an EXCUSE
“It will never happen to meIt’s the way we've always done itIt’s standard practice throughout the company….”
![Page 28: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/28.jpg)
Microsoft Tools to Harden our ServersSecurity Compliance Manager
is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor the security baselines of
computers running Windows Server 2008 in your environment
http://go.microsoft.com/fwlink/?LinkId=182512
![Page 29: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/29.jpg)
Have You Met…
SIR?
![Page 30: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/30.jpg)
Microsoft Security Intelligence Report
The Security Intelligence Report (SIR) is an investigation of the current threat landscape
It analyzes exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, internet services, and three Microsoft Security Centers
http://www.microsoft.com/security/sir/
![Page 31: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/31.jpg)
demo
How to harden your servers?
![Page 32: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/32.jpg)
What Is Penetration Testing?
Testing the security of systems and architectures from a hacker’s point of viewA “simulated attack” with a predetermined goal.It is an authorized attempt to violate specific constraints stated in the form of a security or integrity policy.It is a testing technique for discovering, understanding, and documenting all the security holes that can be found in a system.
![Page 33: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/33.jpg)
Why Penetration Testing ?
![Page 34: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/34.jpg)
Identify the threats facing your assets
![Page 35: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/35.jpg)
ROSI
Reduce the IT Security costs & provide a better Return On IT Security Investment (ROSI) by identifying & resolving vulnerabilities and weakness
![Page 36: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/36.jpg)
Comprehensive Assessment
Pen Testing will assure the organization that allPolicyProcedure Design & Implementation has been assets
![Page 37: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/37.jpg)
ISMS PDCA example
Interested Parties
Managed information security
Maintain and Improve the ISMSImplement the
ISMS
Establish an ISMS
Monitor and review the ISMS
Plan
Check
Act Do
Interested Parties
Information security
requirements and expectations
Process Best Practice for legal & industry regulations approach
![Page 38: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/38.jpg)
Gain & maintain certification
Information Security Management Systems Like ISO 27001BS7799 HIPPAA ( Privacy certification for Health Insurance Portability and Accountability )etc.
![Page 39: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/39.jpg)
Evaluate the efficiency of Security Devices
![Page 40: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/40.jpg)
What Should be Tested?
A risk assessment should be conducted to identify main threats, such us:
Communications – E-Commerce & loss of confidential information failure Public facing systems, websites, e-mail gateways & remote platformsMail, DNS, firewall, passwords, FTP, IIS & other web servers
![Page 41: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/41.jpg)
Access Points to Your Network
Internet gatewaysModemsWireless NetworksPhysical entrySocial Engineering
![Page 42: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/42.jpg)
What Makes a Good Penetration Test?
Establish the parameters for the pen-test such us: Objectives ,Limitations & justification of procedures
Choose suitable set of tests that balance cost & benefitsFollowing a methodology with proper planning & documentation Stating all the results clearly in the final report
![Page 43: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/43.jpg)
Penetration Testing Is Not…
An alternative to other IT security measures – it complements other testsExpensive game of Capture the FlagA guarantee of securityIt is not a proof techniques. It can never prove the absence of security flaws. It can only prove their presence.
![Page 44: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/44.jpg)
Hacking Methodology (Steps)
Scanning
Footprinting
Enumeration
Gaining Access
Escalating PrivilegePilferting
Covering Tracks
Creating Back Doors
Denial of Service
whois, nslookup
GFILan \nmap
rpcinfo Tcpdump
Johntheripper
Config files, registry rootkits
keystroke loggerremote desktop
Ping of death
![Page 45: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/45.jpg)
Limitations
It’s only valid for the period testedTime to perform
![Page 46: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/46.jpg)
Types of Penetration Testing
External Testing Involves analysis of publicly available information a network enumeration phase, and the behaviour of the security devices analysed
Internal Testing Will be performed from a number of network access points , representing each logical & physical segment
![Page 47: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/47.jpg)
![Page 48: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/48.jpg)
Phases of Pen Testing
Pre- Attack PhaseAttack PhasePost Attack Phase
![Page 49: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/49.jpg)
Pre- Attack PhaseGoals of the attack will be defined
Reconnaissance Refers to phase where attacker gathers as much information as possible (Learn About Target)1. Passive Reconnaissance
Hacker does not interact with the system directlyUse publicly available info
* Social Engineering ,Dumpster Diving2. Active Reconnaissance
Open ports ,Router locations ,Network mapping, Details of O/S & apps
![Page 50: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/50.jpg)
Attack Phase
Penetrate PerimeterAcquire TargetExecute, Implant RetractEscalate Privilege
![Page 51: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/51.jpg)
Penetrating Testing Methodology
![Page 52: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/52.jpg)
![Page 53: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/53.jpg)
Resources used:
www.GFI.comwww.astaro.comEC-Council Licensed Penetration Testerwww.eccouncil.orgwww.optus.comwww.bettertogether.org.au
![Page 54: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/54.jpg)
Recommended Web Sites
www.erdalozkaya.comhttp://www.vulnerabilityassessment.co.uk/http://www.social-engineer.org/http://www.nist.govhttp://dradisframework.org/Your favorite search engine
![Page 55: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/55.jpg)
demo
How to conduct a Pen Test?
![Page 56: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/56.jpg)
Safety and Security Centerhttp://www.microsoft.com/security
Security Development Lifecyclehttp://www.microsoft.com/sdl
Security Intelligence Reporthttp://www.microsoft.com/sir
End to End Trusthttp://www.microsoft.com/endtoendtrust
Trustworthy Computing
![Page 57: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/57.jpg)
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
http://northamerica.msteched.com
Connect. Share. Discuss.
![Page 58: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/58.jpg)
Complete an evaluation on CommNet and enter to win!
![Page 59: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/59.jpg)
Scan the Tag to evaluate this session now on myTech•Ed Mobile
![Page 60: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/60.jpg)
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.
![Page 61: SIM404. Question Source: Demotivation To prevent this.!](https://reader035.fdocuments.net/reader035/viewer/2022081519/56649f305503460f94c4bb5b/html5/thumbnails/61.jpg)