SQL Database Design For Developers at php[tek] 2024
ITCamp 2011 - Paula Januszkiewicz - 10 deadly sins of Windows Administrators
1. 10 Deadly Sins of Administrators
in regards to Windows Security
Paula Januszkiewicz
CQURE: IT Security Auditor, MVP, MCT
http://blogs.technet.com/plwit/
paula@cqure.pl
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
2. IT Camp 2011
• Thanks for coming!
• ITCamp is made possible by our sponsors:
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
3. MVP-Press Training Course
Planning, Deploying and Managing
Microsoft Forefront Threat Management
Gateway 2010
Available for online purchase:
http://www.mvp-press.com
Follow us on:
http://facebook.com/MVPpress
http://twitter.com/MVPpress
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
4. Agenda
Intruduction Summary
1 2 3
Top 10 Sins: From bottom to top
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
20. MoveFileEx
DEMO
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
21. 2. Lack of Training
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
22. Image Hijacks
DEMO
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
23. 1. Lack
of
Documentation
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
24. PowerShell, Autoruns
DEMO
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
25. Top 10 List
Life without passwords…
10. Weak Passwords
9. Insecure Internet Browsing
8. Lack of Regular Updates
7. Lack of Encryption
6. WUSI (NOT) WUG
5. Lack of Network Monitoring
4. Using Pirated Software
3. Lack of Backup Mechanisms
2. Lack of Training
1. Lack of Documentation
Summary
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
26. Be Proactive!
• Infrastructure must be well documented
• Split and rotate tasks between admins
• Use the legal code
• Perform periodical checks
– Autoruns
– Kernel Level Files
– Network Traffic
– Processes
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
27. Network Layers (In) Security
• http://northamerica.msteched.com/topic
/details/SIM314?fbid=cCOEzy8IHuN
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
28. Q&A
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
29. Don’t forget!
Get your free Azure pass! We want your feedback!
• 30+15 days, no CC req’d • Win a WP7 smartphone
– http://bit.ly/ITCAMP11 – Fill in your feedback forms
– Promo code: ITCAMP11 – Raffle: end of the day
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro