1 / 21

Maximizing Small Team Efficiency with Cybersecurity Controls and Tools

Explore how small teams can achieve more with limited budgets using cybersecurity controls and tools. Discover NIST Framework, CIS Benchmarks, and essential free tools for security assessments and vulnerability scanning. Learn practical tips for enhancing cyber hygiene and safeguarding critical infrastructure. Find resources for incident response, penetration testing, user education, and more. Upgrade your security posture without breaking the bank!

bettytaylor
Download Presentation

Maximizing Small Team Efficiency with Cybersecurity Controls and Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Leading Controls and Tools: Small Teams who can do more with little or no budget Jeremy Mio – Security and Research Manager

  2. Agenda: • Hygiene / Controls • Tools • Examples • Q&A

  3. Controls & Resources • NIST Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) - consists of standards, guidelines, and practices to promote the protection of critical infrastructure. • NIST’s Security Content Automation Protocol (SCAP) - a suite of standard, interoperable specifications for SCAP-capable tools to automate cyber security assessments, including the first five recommended actions of the Cyber Hygiene Campaign. • CIS Benchmarks and Configuration Assessment Tool (CIS-CAT) - more than 80 consensus-based, industry recognized security benchmarks for the most commonly used technologies are available, along with the SCAP-implementable CIS-CAT to help assess security posture in an automated way. • CIS Top 20 Critical Controls - a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. • Australian Government Department of Defense Strategies to Mitigate Targeted Cyber Intrusions - a list of strategies to mitigate targeted cyber intrusions.

  4. CIS Top 5 Critical Controls https://www.cisecurity.org/critical-controls.cfm

  5. Free and Painful • Trial vulnerability scanner… many for ad-hoc scanning • Best practice GPO: • Microsoft Baseline Security Analyzer: https://www.microsoft.com/en-us/download/details.aspx?id=7558 • Tripwire SecureCheq™: http://www.tripwire.com/free-tools/ • Qualys BrowserCheck: https://www.qualys.com/free-tools-trials/browsercheck/ • KnowBe4 RanSim: https://www.knowbe4.com/ransomware-simulator • KnowBe4 Phish Alert Button: https://www.knowbe4.com/free-phish-alert • AFAP Domain Admins Limit!!!! • Software inventory: • Microsoft Software Inventory Analyzer tool

  6. NMAP is you friend nmap -T4 -v -oA myshares –script smb-enum-shares –script-args smbuser=MyUserHere,smbpass=MyPassHere -p445 192.168.0.1-255 && cat myshares.nmap|grep ‘|\|192’|awk ‘/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ { line=$0 } /\|/ { $0 = line $0}1’|grep \||grep -v -E ‘(smb-enum-shares|access: <none>|ADMIN\$|C\$|IPC\$|U\$|access: READ)’|awk ‘{ sub(/Nmap scan report for /, “”); print }’ >> sharelist.txt NMAP + NDIFF… What is that?

  7. Other Free and Painful Tips • Disable telnet or alert on use! • Lock down logins over https! • Don’t store plain text passwords: KeePass on file share • shutdown ports that are unused, & setup port security • Bitlocker/encryption • Network device config backups • SSH… user ssh keys!! • Patch, Patch, Patch!!

  8. SSL vs TLS Disable old/all SSL!! • 33% of all HTTPS servers are vulnerable • Switch to TLS • Heartbleed, DROWN, POODLE, FREAK • https://www.ssllabs.com/ssltest/ • https://isc.sans.edu/forums/diary/POODLE+Turning+off+SSLv3+for+various+servers+and+client/18837

  9. Servers with Desktop Software • Remove the software!!! • Do you need to browse the web, read pdf documents, and run flash videos from servers!? • Log all the logins from servers… including successful! • Check iLo settings/passwords

  10. Don’t Forget your printers

  11. NetDisco Netbox: http://packetlife.net/blog/2016/jun/15/announcing-netbox/

  12. Free & not completely easy • Start to purple team: SANS Training • User Education: Resources, team up! • Diff. local admin passwords: LAPS • Least privileges: Practice it! • App Whitelisting: AppLocker • Canary in the coal mine: Honeypots!!! • Egress Filtering: Squid Proxy and others

  13. IR: Tool of Tools • Katana USB Kit • External Storage • MiFi • Documentation!!!! Playbooks?... What are thoughts? • SANS + MS-ISAC Resources!

  14. Show me the $$$ • Do we have a budget yet? • Real vuln scanner • SIEM/IDS/IPS: AlienVault + MS-ISAC Albert • Professional pen test (not security assessment) DHS • 2FA • Advanced buzzword devices

  15. Organize • IPAM • Password safe • Incident Response tabletops and drills • MS-ISAC workgroups • Software Inventory and Standards

  16. Shodan.io County • US: 800 • FTP: 163 • Telnet: 133

  17. Extras • Start early on • http://osintframework.com/ • Books: https://www.safaribooksonline.com/library/view/defensive-security-handbook/9781491960370/

  18. List of available resources:

  19. Questions Contact: Jeremy Mio jmio@cuyahogacounty.us 216.698.2542 Cyber Support Inquires: CCISCSecurity@cuyahogacounty.us Register to the mailing list at: www.itsecurity.cuyahogacounty.us/en-us/Education.aspx

More Related