4. Upper Mgmt is your bff
• Present your research
• Tactfully explain
• They are people too
• How to show your stuff
5. Giant quote on Power Point
“Many attacks on Internet and network systems have no
particular target. The attacker simply sends a large broadcast
that uses any unprotected system as a staging point from which
to launch an attack. Using computers without basic protections
like firewalls, anti- virus software, and user education not only
affects your own business, but many other businesses as the
virus is spread around the Internet.
Your system’s lack of protection makes you a target: it
can destroy your computer, your network, and can contribute to
a virus distribution that slows or halts portions of the Internet. All
of us who use the Internet have a responsibility to help create a
culture of security that will enhance consumer and business
confidence. But most importantly, failing to heed best practice
advice could hurt your company significantly” - Internet Security
Alliance Guide1
6. Free & Easy
• Trial vuln scanner
• Best practice GPO
• AFAP domain admins
• http://blog.spiderlabs.com/2013/09/top-
five-ways-spiderlabs-got-domain-admin-
on-your-internal-network.html
7. Free & Easy
• EMET
• Disable telnet
• Lock down logins over http
• Don’t store plain text passwords
• No open wi-fi
• Sslv3
• no-shut ports that are unused, & setup port
security.
8. Free & Easy
• Setup centralized logins for network
devices. Use TACACS+ or radius
• URLscan
• Bitlocker/encryption
• Network device configuration backups.
• Patch *nix boxes
• Always regen ssh keys from default
9. Free & not completely easy
• Start to purple team
• Diff. local admin passwords
• Least privileges
- Install some pentesting flavor of linux and pop a box (obviously with written pre-approval). Yes this is a more advanced step and requires someone to sign off on it, but giving them their information on a white platter is another good step to gain some buy-in.
You have to talk to people and *shudder* collaborate
Vlans not fool proof, but add ACLs, still vlan hopping methods
Real vuln scanner THAT YOU DO SOMETHING WITH
Siem/ids/ips THAT YOU LISTEN TO – tuned – alerting