SlideShare uma empresa Scribd logo

Where To Start When Your Environment is Fucked

Transferir como PPTX, PDF
Amanda Berlin
Amanda Berlin

Blueteam infosec defense measures you can take to strengthen your infrastructure against script kiddies, hackers, and compliance mongers

Tecnologia
1 de 14
Where to Start When Your Environment is F*(k3d
Amanda Berlin @InfoSystir
Do your research • Shodan.io • Arin.net • LinkedIn • Company website
Upper Mgmt is your bff • Present your research • Tactfully explain • They are people too • How to show your stuff
Giant quote on Power Point “Many attacks on Internet and network systems have no particular target. The attacker simply sends a large broadcast that uses any unprotected system as a staging point from which to launch an attack. Using computers without basic protections like firewalls, anti- virus software, and user education not only affects your own business, but many other businesses as the virus is spread around the Internet. Your system’s lack of protection makes you a target: it can destroy your computer, your network, and can contribute to a virus distribution that slows or halts portions of the Internet. All of us who use the Internet have a responsibility to help create a culture of security that will enhance consumer and business confidence. But most importantly, failing to heed best practice advice could hurt your company significantly” - Internet Security Alliance Guide1
Free & Easy • Trial vuln scanner • Best practice GPO • AFAP domain admins • http://blog.spiderlabs.com/2013/09/top- five-ways-spiderlabs-got-domain-admin- on-your-internal-network.html
Free & Easy • EMET • Disable telnet • Lock down logins over http • Don’t store plain text passwords • No open wi-fi • Sslv3 • no-shut ports that are unused, & setup port security.
Free & Easy • Setup centralized logins for network devices. Use TACACS+ or radius • URLscan • Bitlocker/encryption • Network device configuration backups. • Patch *nix boxes • Always regen ssh keys from default
Free & not completely easy • Start to purple team • Diff. local admin passwords • Least privileges
Policies
Segmentation • For the love of God have a DMZ... BEHIND a firewall even • Vlans and more vlans • AD delegation of rights
Show me the $$$
Show me the $$$ • Do we have a budget yet? • Real vuln scanner • Siem/ids/ips • Professional pentest (not vuln assessment) • 2FA
Get organized • IPAM • Password safe • Incident Response drills

Recomendados

Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
Md. Hasan Basri (Angel)
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
eLearning Consortium 電子學習聯盟
 
Your internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerableYour internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerable
IIMBNSRCEL
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secure
IIMBNSRCEL
 
Security-Web Vulnerabilities-Browser Attacks
Security-Web Vulnerabilities-Browser AttacksSecurity-Web Vulnerabilities-Browser Attacks
Security-Web Vulnerabilities-Browser Attacks
Raghu Addanki
 
Wi-Fi Sense
Wi-Fi SenseWi-Fi Sense
Wi-Fi Sense
Sudeshna Roy
 
How secure is your website?
How secure is your website?How secure is your website?
How secure is your website?
Ian Grey
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016
Gareth Davies
 

Recomendados

Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
Md. Hasan Basri (Angel)
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
eLearning Consortium 電子學習聯盟
 
Your internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerableYour internet-exposure-that-makes-you-vulnerable
Your internet-exposure-that-makes-you-vulnerable
IIMBNSRCEL
 
How to-become-secure-and-stay-secure
How to-become-secure-and-stay-secureHow to-become-secure-and-stay-secure
How to-become-secure-and-stay-secure
IIMBNSRCEL
 
Security-Web Vulnerabilities-Browser Attacks
Security-Web Vulnerabilities-Browser AttacksSecurity-Web Vulnerabilities-Browser Attacks
Security-Web Vulnerabilities-Browser Attacks
Raghu Addanki
 
Wi-Fi Sense
Wi-Fi SenseWi-Fi Sense
Wi-Fi Sense
Sudeshna Roy
 
How secure is your website?
How secure is your website?How secure is your website?
How secure is your website?
Ian Grey
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016
Gareth Davies
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network Security
Bryley Systems Inc.
 
Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...
Thomas Malmberg
 
Resume
ResumeResume
Resume
Michael Lux
 
How to keep your laptop & mobile safe
How to keep your laptop & mobile safeHow to keep your laptop & mobile safe
How to keep your laptop & mobile safe
kanika sharma
 
Aegis Personal Cybersecurity 101
Aegis Personal Cybersecurity 101Aegis Personal Cybersecurity 101
Aegis Personal Cybersecurity 101
Nick Powers
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
Mohammed Adam
 
Mc afee activate
Mc afee activateMc afee activate
Mc afee activate
McAfee.com/activate
 
Internet security for browser support
Internet security for browser supportInternet security for browser support
Internet security for browser support
RepairStreet
 
Securing Yourself in the Cyber World
Securing Yourself in the Cyber WorldSecuring Yourself in the Cyber World
Securing Yourself in the Cyber World
Emil Tan
 
Adult Internet Safety
Adult Internet SafetyAdult Internet Safety
Adult Internet Safety
reidcollins42
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?
Sucuri
 
Web security
Web security Web security
Web security
Kaushal Bhavsar
 
Simplitfy - Guarding your Data
Simplitfy - Guarding your DataSimplitfy - Guarding your Data
Simplitfy - Guarding your Data
Erick Solms
 
Building an Intranet with WordPress
Building an Intranet with WordPressBuilding an Intranet with WordPress
Building an Intranet with WordPress
Jeff Hester
 
Data Breach: Hot Topics in Information Security Trends Webinar Recording
Data Breach: Hot Topics in Information Security Trends Webinar RecordingData Breach: Hot Topics in Information Security Trends Webinar Recording
Data Breach: Hot Topics in Information Security Trends Webinar Recording
Bradley Arant Boult Cummings LLP
 
Top Keys to create a secure website
Top Keys to create a secure websiteTop Keys to create a secure website
Top Keys to create a secure website
Click Ripple Solutions
 
Feeding the Virtual Patch Pipeline
Feeding the Virtual Patch PipelineFeeding the Virtual Patch Pipeline
Feeding the Virtual Patch Pipeline
DevOps.com
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
Ana Meskovska
 
Top 6 Technology Threats to Your Long Term Care Organization
Top 6 Technology Threats to Your Long Term Care Organization Top 6 Technology Threats to Your Long Term Care Organization
Top 6 Technology Threats to Your Long Term Care Organization
Gross, Mendelsohn & Associates
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
Brian Pichman
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
Brian Pichman
 

Mais conteúdo relacionado

Mais procurados

Adult Internet Safety
Adult Internet SafetyAdult Internet Safety
Adult Internet Safety
reidcollins42
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
Ana Meskovska
 

Mais procurados (20)

Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network Security
 
Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...
 
Resume
ResumeResume
Resume
 
How to keep your laptop & mobile safe
How to keep your laptop & mobile safeHow to keep your laptop & mobile safe
How to keep your laptop & mobile safe
 
Aegis Personal Cybersecurity 101
Aegis Personal Cybersecurity 101Aegis Personal Cybersecurity 101
Aegis Personal Cybersecurity 101
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
Mc afee activate
Mc afee activateMc afee activate
Mc afee activate
 
Internet security for browser support
Internet security for browser supportInternet security for browser support
Internet security for browser support
 
Securing Yourself in the Cyber World
Securing Yourself in the Cyber WorldSecuring Yourself in the Cyber World
Securing Yourself in the Cyber World
 
Adult Internet Safety
Adult Internet SafetyAdult Internet Safety
Adult Internet Safety
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?Kludges and PHP. Why Should You Use a WAF?
Kludges and PHP. Why Should You Use a WAF?
 
Web security
Web security Web security
Web security
 
Simplitfy - Guarding your Data
Simplitfy - Guarding your DataSimplitfy - Guarding your Data
Simplitfy - Guarding your Data
 
Building an Intranet with WordPress
Building an Intranet with WordPressBuilding an Intranet with WordPress
Building an Intranet with WordPress
 
Data Breach: Hot Topics in Information Security Trends Webinar Recording
Data Breach: Hot Topics in Information Security Trends Webinar RecordingData Breach: Hot Topics in Information Security Trends Webinar Recording
Data Breach: Hot Topics in Information Security Trends Webinar Recording
 
Top Keys to create a secure website
Top Keys to create a secure websiteTop Keys to create a secure website
Top Keys to create a secure website
 
Feeding the Virtual Patch Pipeline
Feeding the Virtual Patch PipelineFeeding the Virtual Patch Pipeline
Feeding the Virtual Patch Pipeline
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
 
Top 6 Technology Threats to Your Long Term Care Organization
Top 6 Technology Threats to Your Long Term Care Organization Top 6 Technology Threats to Your Long Term Care Organization
Top 6 Technology Threats to Your Long Term Care Organization
 

Semelhante a Where To Start When Your Environment is Fucked

So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A Pentester
NorthBayWeb
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
amiinaaa
 
OWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls PresentationOWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls Presentation
OWASP Atlanta
 

Semelhante a Where To Start When Your Environment is Fucked (20)

Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
Where to Start When Your Environment is Fucked
Where to Start When Your Environment is FuckedWhere to Start When Your Environment is Fucked
Where to Start When Your Environment is Fucked
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 
So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A Pentester
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a Database
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 
Cyber security for small businesses
Cyber security for small businessesCyber security for small businesses
Cyber security for small businesses
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & security
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
 
Information security
Information securityInformation security
Information security
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
OWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls PresentationOWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls Presentation
 
Avoid the Hack
Avoid the HackAvoid the Hack
Avoid the Hack
 
Computer security and malware by shahzad younas
Computer security and malware by shahzad younasComputer security and malware by shahzad younas
Computer security and malware by shahzad younas
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Último (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Where To Start When Your Environment is Fucked

  • 1. Where to Start When Your Environment is F*(k3d
  • 3. Do your research • Shodan.io • Arin.net • LinkedIn • Company website
  • 4. Upper Mgmt is your bff • Present your research • Tactfully explain • They are people too • How to show your stuff
  • 5. Giant quote on Power Point “Many attacks on Internet and network systems have no particular target. The attacker simply sends a large broadcast that uses any unprotected system as a staging point from which to launch an attack. Using computers without basic protections like firewalls, anti- virus software, and user education not only affects your own business, but many other businesses as the virus is spread around the Internet. Your system’s lack of protection makes you a target: it can destroy your computer, your network, and can contribute to a virus distribution that slows or halts portions of the Internet. All of us who use the Internet have a responsibility to help create a culture of security that will enhance consumer and business confidence. But most importantly, failing to heed best practice advice could hurt your company significantly” - Internet Security Alliance Guide1
  • 6. Free & Easy • Trial vuln scanner • Best practice GPO • AFAP domain admins • http://blog.spiderlabs.com/2013/09/top- five-ways-spiderlabs-got-domain-admin- on-your-internal-network.html
  • 7. Free & Easy • EMET • Disable telnet • Lock down logins over http • Don’t store plain text passwords • No open wi-fi • Sslv3 • no-shut ports that are unused, & setup port security.
  • 8. Free & Easy • Setup centralized logins for network devices. Use TACACS+ or radius • URLscan • Bitlocker/encryption • Network device configuration backups. • Patch *nix boxes • Always regen ssh keys from default
  • 9. Free & not completely easy • Start to purple team • Diff. local admin passwords • Least privileges
  • 11. Segmentation • For the love of God have a DMZ... BEHIND a firewall even • Vlans and more vlans • AD delegation of rights
  • 12. Show me the $$$
  • 13. Show me the $$$ • Do we have a budget yet? • Real vuln scanner • Siem/ids/ips • Professional pentest (not vuln assessment) • 2FA
  • 14. Get organized • IPAM • Password safe • Incident Response drills

Notas do Editor

  1. Read title slide.
  2. Say your name and experience.
  3. Shodan and arin demo
  4. Blue teaming is cost avoidance
  5. Nessus/nexpose/qualys
  6. Net device backups – rancid AAAAB3NzaC1kc3MAAACBAOzsVhZOXqUwp3nVYn8Mz8kx6mtyq8GTXFC/33GPthFX0uJtQqVU1OHt 6L5PFPr5NoGFgNge0iy8nF2we8TZatsChGeMLp7DGHx1qHaKvbu1NRtBtkYyZV//QRO8vEXeZ7HE FDaDMEDVm/Lf7lZrW1kOq2r0zFinA4BXsQ+f7+mjAAAAFQD3s06rQbz9ICaR3LBbI0b6uQPehwAA AIAcDSZlQpW57DQ8cftWqEbvxebZt3PP5mb2A2aFXHg6jHVEP9ed6JWLi2xKISSQgwkzQFGPXspN RwoM9ptSshzYLaw6z13bDVYQp1znsqcxuz2YBP0XkLDQ62456MWMt4cdpJjJvPtxUqVHj22ACoCL IaDSwrVgf2qBUj86zcGViQAAAIEA18tjcw6uZQcnvrewQtQJZYaTpsqzLSv0Oj1Dfb+TexKoNMgJ 85X7PB3pHRWCLkWM8Vh6/H83JSe0KdD7Oitu6xE2nHWPg/mgJOKTZ8c7+aWTN2FpqTgWxLt2moC9 +Er2CYYhts79fHb6fuQB4H72ZI7XdtAy4nCRyJJPCvR50fk=
  7.           - Install some pentesting flavor of linux and pop a box (obviously with written pre-approval). Yes this is a more advanced step and requires someone to sign off on it, but giving them their information on a white platter is another good step to gain some buy-in.
  8. You have to talk to people and *shudder* collaborate
  9. Vlans not fool proof, but add ACLs, still vlan hopping methods
  10. Real vuln scanner THAT YOU DO SOMETHING WITH Siem/ids/ips THAT YOU LISTEN TO – tuned – alerting
  11. Gestio for ipam Safe = free products or thycotic