SlideShare uma empresa Scribd logo

Top 9 Critical Findings - Dramatically Improve Your Organization's Security

Transferir como PPT, PDF
Praetorian
Praetorian

As an information security consulting company, Praetorian has a unique ability to observe security programs across a wide range of companies. Based on the vulnerability patterns seen across organizations, a top ten list of common critical findings was created. The purpose of this presentation is to examine each of those critical findings and provide recommendations for mitigation. Examples from actual engagements are used to emphasize risk through real world scenarios. Some information from the screenshots provided has been redacted to protect confidentiality. Praetorian's goal is to help our clients understand minimize their overall security exposure and liability. Through our services, your organization can obtain an accurate, independent security assessment.

Tecnologia
1 de 50
Praetorian Top 9 Critical Findings Nathan Sportsman Founder and Chief Executive Officer 1 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Introduction  Consulting gives a unique ability to examine security programs across companies of varying size, function, and industry  Presentation identifies common critical findings from the point of view of a penetration tester / ethical hacker  Organizations who take measures to mitigate these critical findings will dramatically improve their security 2 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
A Few Notes  Examples represent only a sample of security holes identified for each type of finding  Screenshots provided are from actual engagements to drive home the severity behind each finding  Some information has been redacted to protect client identity  Complete compromise of a company usually involves a combination of these techniques 3 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Common Critical Findings 1. Incomplete Patch Management Strategy 2. Poor Password Policy 3. Active Directory & GPO Setting Weaknesses 4. Insufficient Network Controls 5. Network Device Configuration Weaknesses 6. Inadequate Detective And Reactive Capabilities 7. Insecure Wireless Infrastructure 8. Ineffective Employee Awareness Training 9. Deficient Application Security 4 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Common Critical Finding Incomplete Patch Management Strategy 5 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Incomplete Patch Management Strategy  Poor asset management and limited change control leaves environment in unmanageable state  Clients do not know what applications make up the IT ecosystem to produce an effective patch management strategy  Staff does not monitor vulnerability announcements other than Microsoft Patch Tuesday  Patch strategy does not address non-Windows and third party patches  Time to patch is not based on risk of vulnerability and a default response time is applied for all vulnerabilities 6 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 1: Veritas NetBackup Missing Critical Patch 7 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 2: Cisco Device Missing Critical Patch 8 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 3: UNIX Server Missing Critical Patch 9 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Recommendations  Create a comprehensive patch management strategy to cover all applications and platforms within the environment  Define a patch management strategy based on risk and a time to patch based on severity of vulnerability  Institute regular vulnerability scanning to compliment and measure the success of the patching efforts  Strategy will only help protect against publicly known vulnerabilities. For 0 day protection a defense in depth strategy must be implemented 10 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Common Critical Finding Poor Password Policy 11 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Poor Password Policy  Default accounts left unchanged on various devices and applications  No complexity requirements are enforced leaving users to choose weak and easily guessable passwords  Account lockout policy is not implemented to mitigate brute force attacks  Password expiration too infrequent or not defined leaving attackers long periods of access to compromised accounts and making time intensive attacks worthwhile  Password reuse across the environment and single instance of password compromise can deliver high yield return 12 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 1: Weak Domain Admin password 13 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 1: Default SA Password on MSSQL 14 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 3: Oracle Smoking Joe Accounts 15 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Recommendations  Remove or redefine default accounts as part of the standard build process for all applications and platforms  Enforce password length and complexity where possible  Pass phrases are the best approach  Enable account lockout mechanisms where possible  Require password changes at least every 90 days 16 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Common Critical Findings Active Directory & GPO Setting Weaknesses 17 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Active Directory & GPO Setting Weaknesses  Active Directory architecture is complicated and inadequate understanding leads to simplistic and insecure design models  Password policy and computer banners are often the only configuration settings understood and subsequently defined  Implication of not defining key security settings can be extremely damaging and assists in complete compromise of Windows environment  Null user, group, and share enumeration  LANMAN hashes enabled  Account lockout disabled  Autorun enabled  … 18 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 1: Domain Admin Enumeration 19 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 2: Password Policy Enumeration 20 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 3: LANMAN Hash Cracking 21 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Recommendations  A wealth of information is available on Active Directory security  Follow best practices and Microsoft standards for hardening Active Directory  Settings changes can affect availability of legacy platforms and applications  Validate changes in test environment before rolling out to production 22 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Common Critical Findings Insufficient Network Controls 23 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Insufficient Network Controls  Lack of network admission controls allows any unauthorized person and system to access the company network without verification  Inadequate network segmentation allows individuals to access any other resource on the network regardless of their location or data classification  Limited or no egress filtering allows user to circumvent Internet filtering controls and hackers to introduce malware with easy Internet phone home capabilities 24 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 1: Bypass Content Filter via Poor Egress Rule 25 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 1: Bypass Content Filter via Poor Egress Rule 26 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 1: Bypass Content Filter via Poor Egress Rule 27 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Recommendations  Implement Network Admission Control Solution to prevent unauthorized users and systems from accessing the networking  Segment critical infrastructure and high value assets from the network  Segment networks designated for visitors, contractors, and vendor presentations  Enforce restrictions based on a default deny policy for both Ingress AND Egress filtering 28 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Common Critical Finding Network Device Configuration Weaknesses 29 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Network Device Configuration Weaknesses  Insecure settings such as default read write SNMP community strings and type 7 passwords can quickly compromise routers and switches  Insecure, plaintext management protocols such as Telnet, HTTP, and SNMP allows credentials to be sniffed off the wire  Layer 2 and Layer 3 weaknesses provides the ability to reroute network traffic and perform DOS attacks  …… 30 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 1: Default RW Community String 31 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 2: Type 7 Passwords 32 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 3: ARP Spoofing 33 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Recommendations  Develop and enforce secure configuration guidelines for network equipment  Leverage best practices and industry standards when defining configuration procedures  Perform ongoing reviews on samples of network devices  Some attacks are extremely difficult to fully protect against 34 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Common Critical Finding Inadequate Detective And Reactive Capabilities 35 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Inadequate Detective And Reactive Capabilities  Aggregation, correlation, and alerting capabilities extremely limited at many organizations  Organizations that have procured expensive detection capabilities fall short in human expertise and resource allocation to use them  Coverage often limited to external threats and internal threats go undetected  Client employees are unable to detect valid attacks in real time with red team - blue team testing  Incidents and breaches often uncovered by 3rd party consultants 36 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Recommendations  Conduct a cost benefit analysis for performing security analysis functions in-house  For majority of cases, the most effective outcome is to leverage outside expertise and transfer liability  Partner with managed security services firms who specialize in prevention and detection capabilities  For internal analysis, implement best of breed products and leverage unified threat management system for aggregation, correlation, alerting, and querying of data 37 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Common Critical Finding Insecure Wireless Infrastructure 38 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Insecure Wireless Infrastructure  Wireless network is not segmented from wired network and users on the wireless network can reach any resource on the wired network  Infrastructure built on insecure protocols such as WEP and WPA which can be cracked in a matter of minutes  Insecure rogue access points are setup by users unaware of the security implications  Tricking users to access spoofed access points is trivial 39 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 1: Cracking WEP 40 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Recommendations  Wireless is inherently insecure and should be segregated from wired network  For complex, enterprise environments create varying access levels for wireless use  Migrate from flawed protocols such as WEP and WPA to WPA2 enterprise  Define, communicate, and enforce wireless use policies  Perform ongoing wireless assessments 41 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Common Critical Finding Deficient Application Security 42 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Deficient Application Security  Over 75% of attacks occur at the application level  Websites on average contain 7 critical and remotely exploitable vulnerabilities  Few companies are incorporating application security in any meaningful way 43 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 1: SQL Injection Command Shell 44 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Recommendations  Prioritize efforts based on value of application data and level of risk  Determine the maturity of your organizations application security program and begin instituting activities accordingly  Gradually integrate security over the entire software development cycle  Perform ongoing assessments of critical applications to validate security controls 45 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Common Critical Finding Ineffective Employee Awareness Training 46 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Ineffective Employee Awareness Training  Humans are the weakest link and represent one of the greatest dangers to a company  At many company awareness training only occurs at the time of hire, but people forget and threats evolve  Unsophisticated attacks such as phishing and trojaned USBs obtain sensitive information and spread malware through employee gullibility  The most common spread of malware is through email, p2p networks, USB sticks, and drive by downloads 47 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Example 1: Phishing For CEO Email Credentials 48 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Recommendations  Require Employee Awareness Training on an ongoing basis  Leverage computer based training over instructor lead training to maximize volume and reduce costs  Define, communicate, and enforce allowed and prohibited user activities  Perform social engineering assessments at least once a year to measure the success of training 49 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
Praetorian Top 9 Critical Findings Nathan Sportsman Founder and Chief Executive Officer 50 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured

Recomendados

Exploring Risk and Mapping the Internet of Things with Autonomous Drones
Exploring Risk and Mapping the Internet of Things with Autonomous DronesExploring Risk and Mapping the Internet of Things with Autonomous Drones
Exploring Risk and Mapping the Internet of Things with Autonomous DronesPraetorian
 
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...Praetorian
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineKaspersky
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyFrancesco Faenzi
 

Recomendados

Exploring Risk and Mapping the Internet of Things with Autonomous Drones
Exploring Risk and Mapping the Internet of Things with Autonomous DronesExploring Risk and Mapping the Internet of Things with Autonomous Drones
Exploring Risk and Mapping the Internet of Things with Autonomous DronesPraetorian
 
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...Praetorian
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineKaspersky
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyFrancesco Faenzi
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstSatria Ady Pradana
 
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...CODE BLUE
 
Check Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast AgentCheck Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast AgentMarketingArrowECS_CZ
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Tim Wright
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Check Point Mobile Threat Prevention
Check Point Mobile Threat PreventionCheck Point Mobile Threat Prevention
Check Point Mobile Threat PreventionMarketingArrowECS_CZ
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
Check Point Threat emulation 2013
Check Point Threat emulation 2013Check Point Threat emulation 2013
Check Point Threat emulation 2013Group of company MUK
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
Are You Prepared for the Next Mobile Attack?
Are You Prepared for the Next Mobile Attack?Are You Prepared for the Next Mobile Attack?
Are You Prepared for the Next Mobile Attack?Check Point Software Technologies
 
Breaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration testsBreaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration testsPriyanka Aash
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
Advanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usAdvanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usPriyanka Aash
 
How to expose shortcuts in competitive poc
How to expose shortcuts in competitive pocHow to expose shortcuts in competitive poc
How to expose shortcuts in competitive pocMoti Sagey מוטי שגיא
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 

Mais conteúdo relacionado

Mais procurados

Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstSatria Ady Pradana
 
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...CODE BLUE
 
Check Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast AgentCheck Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast AgentMarketingArrowECS_CZ
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Tim Wright
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Check Point Mobile Threat Prevention
Check Point Mobile Threat PreventionCheck Point Mobile Threat Prevention
Check Point Mobile Threat PreventionMarketingArrowECS_CZ
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
Breaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration testsBreaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration testsPriyanka Aash
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
Advanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usAdvanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usPriyanka Aash
 

Mais procurados (20)

Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
IoT Security - Preparing for the Worst
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the Worst
 
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
Threat Analysis on Win10 IoT Core and Recommaended Security Measures by Naohi...
 
Check Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast AgentCheck Point SandBlast and SandBlast Agent
Check Point SandBlast and SandBlast Agent
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
Check Point Mobile Threat Prevention
Check Point Mobile Threat PreventionCheck Point Mobile Threat Prevention
Check Point Mobile Threat Prevention
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing Keynote
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain
 
Check Point Threat emulation 2013
Check Point Threat emulation 2013Check Point Threat emulation 2013
Check Point Threat emulation 2013
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
Are You Prepared for the Next Mobile Attack?
Are You Prepared for the Next Mobile Attack?Are You Prepared for the Next Mobile Attack?
Are You Prepared for the Next Mobile Attack?
 
Breaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration testsBreaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration tests
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Advanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to usAdvanced red teaming all your badges are belong to us
Advanced red teaming all your badges are belong to us
 
How to expose shortcuts in competitive poc
How to expose shortcuts in competitive pocHow to expose shortcuts in competitive poc
How to expose shortcuts in competitive poc
 

Semelhante a Top 9 Critical Findings - Dramatically Improve Your Organization's Security

Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Advantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcAdvantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcKristen Wilson
 
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and PerformanceEric Vétillard
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxjenkinsmandie
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Mukesh Chinta
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-WilheminaRossi174
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solutionSchneider Electric India
 
Security hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersSecurity hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersJiri Danihelka
 
SENG8060_Lesson01_Introduction (2).pptx
SENG8060_Lesson01_Introduction (2).pptxSENG8060_Lesson01_Introduction (2).pptx
SENG8060_Lesson01_Introduction (2).pptxVatsalPatel147291
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklistbackdoor
 
APAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecurityAPAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecuritySolarWinds
 
Secure codingguide
Secure codingguideSecure codingguide
Secure codingguideDavid Kwak
 

Semelhante a Top 9 Critical Findings - Dramatically Improve Your Organization's Security (20)

Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Advantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcAdvantages And Disadvantages Of Nc
Advantages And Disadvantages Of Nc
 
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and Performance
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docx
 
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
Hacking DevOps
Hacking DevOpsHacking DevOps
Hacking DevOps
 
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
Chapter 4Secure Design PrinciplesCopyright © 2014 by McGraw-
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution
 
Security hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersSecurity hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developers
 
SENG8060_Lesson01_Introduction (2).pptx
SENG8060_Lesson01_Introduction (2).pptxSENG8060_Lesson01_Introduction (2).pptx
SENG8060_Lesson01_Introduction (2).pptx
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklist
 
APAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecurityAPAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds Security
 
Secure codingguide
Secure codingguideSecure codingguide
Secure codingguide
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 

Último

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Último (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Top 9 Critical Findings - Dramatically Improve Your Organization's Security

  • 1. Praetorian Top 9 Critical Findings Nathan Sportsman Founder and Chief Executive Officer 1 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 2. Introduction  Consulting gives a unique ability to examine security programs across companies of varying size, function, and industry  Presentation identifies common critical findings from the point of view of a penetration tester / ethical hacker  Organizations who take measures to mitigate these critical findings will dramatically improve their security 2 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 3. A Few Notes  Examples represent only a sample of security holes identified for each type of finding  Screenshots provided are from actual engagements to drive home the severity behind each finding  Some information has been redacted to protect client identity  Complete compromise of a company usually involves a combination of these techniques 3 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 4. Common Critical Findings 1. Incomplete Patch Management Strategy 2. Poor Password Policy 3. Active Directory & GPO Setting Weaknesses 4. Insufficient Network Controls 5. Network Device Configuration Weaknesses 6. Inadequate Detective And Reactive Capabilities 7. Insecure Wireless Infrastructure 8. Ineffective Employee Awareness Training 9. Deficient Application Security 4 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 5. Common Critical Finding Incomplete Patch Management Strategy 5 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 6. Incomplete Patch Management Strategy  Poor asset management and limited change control leaves environment in unmanageable state  Clients do not know what applications make up the IT ecosystem to produce an effective patch management strategy  Staff does not monitor vulnerability announcements other than Microsoft Patch Tuesday  Patch strategy does not address non-Windows and third party patches  Time to patch is not based on risk of vulnerability and a default response time is applied for all vulnerabilities 6 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 7. Example 1: Veritas NetBackup Missing Critical Patch 7 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 8. Example 2: Cisco Device Missing Critical Patch 8 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 9. Example 3: UNIX Server Missing Critical Patch 9 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 10. Recommendations  Create a comprehensive patch management strategy to cover all applications and platforms within the environment  Define a patch management strategy based on risk and a time to patch based on severity of vulnerability  Institute regular vulnerability scanning to compliment and measure the success of the patching efforts  Strategy will only help protect against publicly known vulnerabilities. For 0 day protection a defense in depth strategy must be implemented 10 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 11. Common Critical Finding Poor Password Policy 11 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 12. Poor Password Policy  Default accounts left unchanged on various devices and applications  No complexity requirements are enforced leaving users to choose weak and easily guessable passwords  Account lockout policy is not implemented to mitigate brute force attacks  Password expiration too infrequent or not defined leaving attackers long periods of access to compromised accounts and making time intensive attacks worthwhile  Password reuse across the environment and single instance of password compromise can deliver high yield return 12 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 13. Example 1: Weak Domain Admin password 13 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 14. Example 1: Default SA Password on MSSQL 14 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 15. Example 3: Oracle Smoking Joe Accounts 15 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 16. Recommendations  Remove or redefine default accounts as part of the standard build process for all applications and platforms  Enforce password length and complexity where possible  Pass phrases are the best approach  Enable account lockout mechanisms where possible  Require password changes at least every 90 days 16 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 17. Common Critical Findings Active Directory & GPO Setting Weaknesses 17 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 18. Active Directory & GPO Setting Weaknesses  Active Directory architecture is complicated and inadequate understanding leads to simplistic and insecure design models  Password policy and computer banners are often the only configuration settings understood and subsequently defined  Implication of not defining key security settings can be extremely damaging and assists in complete compromise of Windows environment  Null user, group, and share enumeration  LANMAN hashes enabled  Account lockout disabled  Autorun enabled  … 18 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 19. Example 1: Domain Admin Enumeration 19 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 20. Example 2: Password Policy Enumeration 20 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 21. Example 3: LANMAN Hash Cracking 21 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 22. Recommendations  A wealth of information is available on Active Directory security  Follow best practices and Microsoft standards for hardening Active Directory  Settings changes can affect availability of legacy platforms and applications  Validate changes in test environment before rolling out to production 22 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 23. Common Critical Findings Insufficient Network Controls 23 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 24. Insufficient Network Controls  Lack of network admission controls allows any unauthorized person and system to access the company network without verification  Inadequate network segmentation allows individuals to access any other resource on the network regardless of their location or data classification  Limited or no egress filtering allows user to circumvent Internet filtering controls and hackers to introduce malware with easy Internet phone home capabilities 24 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 25. Example 1: Bypass Content Filter via Poor Egress Rule 25 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 26. Example 1: Bypass Content Filter via Poor Egress Rule 26 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 27. Example 1: Bypass Content Filter via Poor Egress Rule 27 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 28. Recommendations  Implement Network Admission Control Solution to prevent unauthorized users and systems from accessing the networking  Segment critical infrastructure and high value assets from the network  Segment networks designated for visitors, contractors, and vendor presentations  Enforce restrictions based on a default deny policy for both Ingress AND Egress filtering 28 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 29. Common Critical Finding Network Device Configuration Weaknesses 29 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 30. Network Device Configuration Weaknesses  Insecure settings such as default read write SNMP community strings and type 7 passwords can quickly compromise routers and switches  Insecure, plaintext management protocols such as Telnet, HTTP, and SNMP allows credentials to be sniffed off the wire  Layer 2 and Layer 3 weaknesses provides the ability to reroute network traffic and perform DOS attacks  …… 30 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 31. Example 1: Default RW Community String 31 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 32. Example 2: Type 7 Passwords 32 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 33. Example 3: ARP Spoofing 33 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 34. Recommendations  Develop and enforce secure configuration guidelines for network equipment  Leverage best practices and industry standards when defining configuration procedures  Perform ongoing reviews on samples of network devices  Some attacks are extremely difficult to fully protect against 34 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 35. Common Critical Finding Inadequate Detective And Reactive Capabilities 35 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 36. Inadequate Detective And Reactive Capabilities  Aggregation, correlation, and alerting capabilities extremely limited at many organizations  Organizations that have procured expensive detection capabilities fall short in human expertise and resource allocation to use them  Coverage often limited to external threats and internal threats go undetected  Client employees are unable to detect valid attacks in real time with red team - blue team testing  Incidents and breaches often uncovered by 3rd party consultants 36 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 37. Recommendations  Conduct a cost benefit analysis for performing security analysis functions in-house  For majority of cases, the most effective outcome is to leverage outside expertise and transfer liability  Partner with managed security services firms who specialize in prevention and detection capabilities  For internal analysis, implement best of breed products and leverage unified threat management system for aggregation, correlation, alerting, and querying of data 37 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 38. Common Critical Finding Insecure Wireless Infrastructure 38 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 39. Insecure Wireless Infrastructure  Wireless network is not segmented from wired network and users on the wireless network can reach any resource on the wired network  Infrastructure built on insecure protocols such as WEP and WPA which can be cracked in a matter of minutes  Insecure rogue access points are setup by users unaware of the security implications  Tricking users to access spoofed access points is trivial 39 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 40. Example 1: Cracking WEP 40 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 41. Recommendations  Wireless is inherently insecure and should be segregated from wired network  For complex, enterprise environments create varying access levels for wireless use  Migrate from flawed protocols such as WEP and WPA to WPA2 enterprise  Define, communicate, and enforce wireless use policies  Perform ongoing wireless assessments 41 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 42. Common Critical Finding Deficient Application Security 42 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 43. Deficient Application Security  Over 75% of attacks occur at the application level  Websites on average contain 7 critical and remotely exploitable vulnerabilities  Few companies are incorporating application security in any meaningful way 43 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 44. Example 1: SQL Injection Command Shell 44 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 45. Recommendations  Prioritize efforts based on value of application data and level of risk  Determine the maturity of your organizations application security program and begin instituting activities accordingly  Gradually integrate security over the entire software development cycle  Perform ongoing assessments of critical applications to validate security controls 45 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 46. Common Critical Finding Ineffective Employee Awareness Training 46 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 47. Ineffective Employee Awareness Training  Humans are the weakest link and represent one of the greatest dangers to a company  At many company awareness training only occurs at the time of hire, but people forget and threats evolve  Unsophisticated attacks such as phishing and trojaned USBs obtain sensitive information and spread malware through employee gullibility  The most common spread of malware is through email, p2p networks, USB sticks, and drive by downloads 47 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 48. Example 1: Phishing For CEO Email Credentials 48 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 49. Recommendations  Require Employee Awareness Training on an ongoing basis  Leverage computer based training over instructor lead training to maximize volume and reduce costs  Define, communicate, and enforce allowed and prohibited user activities  Perform social engineering assessments at least once a year to measure the success of training 49 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured
  • 50. Praetorian Top 9 Critical Findings Nathan Sportsman Founder and Chief Executive Officer 50 Entire contents © 2011 Praetorian. All rights reserved. Your World, Secured

Notas do Editor

  1. Threat Modeling © 2009 Praetorian. All rights reserved.
  2. Threat Modeling © 2009 Praetorian. All rights reserved.
  3. Threat Modeling © 2009 Praetorian. All rights reserved.
  4. Web Service Security © 2009 Praetorian. All rights reserved.
  5. Web Service Security © 2009 Praetorian. All rights reserved.
  6. Web Service Security © 2009 Praetorian. All rights reserved.
  7. Web Service Security © 2009 Praetorian. All rights reserved.
  8. Web Service Security © 2009 Praetorian. All rights reserved.
  9. Web Service Security © 2009 Praetorian. All rights reserved.
  10. Web Service Security © 2009 Praetorian. All rights reserved.
  11. Web Service Security © 2009 Praetorian. All rights reserved.