400 likes | 511 Views
MARCUS.MURRAY @ TRUESEC.COM Blog: Truesecurity.se Twitter: marcusswede. Whoami ?. Design secure infrastructure. MVP – Enterprise Security. Speaking engagements. Security Team Manager Truesec. Incident responce. Security Assessments/Penetration Testing. Session Goal.
E N D
MARCUS.MURRAY @ TRUESEC.COM Blog: Truesecurity.se Twitter: marcusswede
Whoami? Design secure infrastructure MVP – Enterprise Security Speaking engagements Security Team Manager Truesec Incident responce Security Assessments/Penetration Testing
Session Goal • Make you start thinking about testing your security • Give some EXAMPLES of things you can test • Provide some tools/methods/ideas on testing
8 Deadly sins in IT-Security • Unpatched systems • Weak passwords • Weak exposed client applications (Hardening/configuration) • Weak exposed server services (Hardening/configuration) • Weak local applications (Hardening/configuration) • Sensitive network traffic exposure • Weak access control to protect sensitive data • System dependencies
Unpatched systems • 2 different approaches to choose from • Patch inventory platforms • MBSA • Shavlic • Etc.. • Vulnerability scanners/attack testing platforms • Core Impact • Nessus • Metasploit • Etc...
Weak passwords • Many places to test • Active Directory • User accounts • Computer accounts! • Local SAM • Other services (SQL/Webapplications/VNC etc., etc.) • 2 main methods • Active testing (Brute force/dictionary) • WARNING – don’t forget password lockout policys! • Passive testing
Weak exposed client applications (Hardening/configuration) • Common issues: • Macro Security! • Outdated versions of applications • Browser plugins • Acrobat reader (over and over again...) • Java • Tools: • https://browsercheck.qualys.com/
Weak exposed server services (Hardening/configuration) • Most common: • WEB • SQL • Testing: • Web/sql is challenging to test • There are automated tools out there • Often misses weaknesses • False positives common • Manual testing by experienced tester is recommended • Common weaknesses: Injections/XSS/shared passwords embedded in client application etc. etc.
Weak local applications (Hardening/configuration) • Anything that is run in admin privs and writable with user privs • Registry • File system • Services • Scheduled Tasks • Processes
Sensitive network traffic exposure • Weak protocols: • SMB • http • telnet • Snmp • ftp • RDP • Etc.. • Tools: • Wireshark/Cain etc.
Weak access control to protect sensitive data • Very often high privileges are stored in files accessible by domain users or even everyone! • Scripts • Backups • Webconfigs • Password reaminder docs • Config files
System dependencies • Very often the privileged accounts are stored on systems with lowers security demands • Local admin reuse • Exposed Domain admin logons • Reused service accounts • Tools: • Gsecdump • Lslsass • parallelltask
Process of testing • Decide what tests you want to run • For each test: • Set up a test goal • Identify targets • Find the right tools • Identify risks • Define and try methology to manage risks • Backup/restore/Rollback/Failover/Point of contact • Set up a test methology • Test in a controlled environment • Get acceptance from system owners!! • Perfom test • Analyse result • Take actions
Some resources • Open Source Security Testing Methodology Manual http://www.isecom.org/osstmm/ • Microsoft Baseline Security Analyzer 2.2 http://technet.microsoft.com/en-us/security/cc184923 • Nessus http://www.nessus.org/products/nessus • Truesec.com www.truesec.com
Stay up to date with TechNet Belux Register for our newsletters and stay up to date:http://www.technet-newsletters.be • Technical updates • Event announcements and registration • Top downloads Join us on Facebook http://www.facebook.com/technetbehttp://www.facebook.com/technetbelux LinkedIn: http://linkd.in/technetbelux/ Twitter: @technetbelux DownloadMSDN/TechNet Desktop Gadgethttp://bit.ly/msdntngadget
TechDays 2011 On-Demand • Watchthis session on-demand via TechNet Edge http://technet.microsoft.com/fr-be/edge/http://technet.microsoft.com/nl-be/edge/ • Download to your favorite MP3 or video player • Get access to slides and recommended resources by the speakers
Security Training event! Understand how hackers attack Microsoft platforms • 3 days with Marcus Murray • Hands on labs • Understand how hackers attack Microsoft platforms • The tools & methods they use • Amsterdam, Netherlands June 20-22, 2011 Register at www.truesec.com
THANK YOU Marcus.Murray @ Truesec.com