1 / 9

GCSC

GCSC. August 2005. Backup Exec Critical Vulnerability. Cannot offer tcp/6101, tcp/6106 & tcp/10000 to offsite Will be scanning from offsite soon Strongly encouraged to limit access while onsite to only between the backup servers & clients Will be performing onsite scans in a few months.

manjit
Download Presentation

GCSC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GCSC August 2005

  2. Backup Exec Critical Vulnerability • Cannot offer tcp/6101, tcp/6106 & tcp/10000 to offsite • Will be scanning from offsite soon • Strongly encouraged to limit access while onsite to only between the backup servers & clients • Will be performing onsite scans in a few months

  3. MS05-039 Critical Vulnerability • 22 infections • ~200 vulnerable machines • Need better patching efforts across the Lab (DOE will be happy to do this for us) • NIMI & SMS worked very well • How can CST communicate better?

  4. DOE wants our jobs • Patching • Virus Scanning • Access Controls • Baseline Configurations • Versioning • System Administration • Inventory/Asset Management • User tracking/authentication/identification

  5. Penetration Testing Preparation • Policies and Procedures • C&A Package • Security Plans • Risk Assessments • Self Assessments • Network Diagrams • Access Control Lists • Firewall Rules • Netblock Information • Phone number blocks • WLAN Access Points

  6. Penetration Testing • External: • Footprinting • NMAP • Nessus • Exploit • Wardialing

  7. Penetration Testing cont • Internal: • Very loud/no masking/no IDS evasion • Wardriving • NMAP • Nessus/ISS/SAINT • CANVAS/Metasploit/Custom Exploits • Exploit misconfigurations • Last resort: ARP poisoning/AP impersonation • No intentional DoS, but may crash services

  8. Penetration Testing cont • Social Engineering: • Opt-in for the ASSIST, required for Red Team • Call helpdesks to get passwords reset/given over phone • Crafted/directed emails • Driveby emails • Plants

  9. Penetration Testing cont • Reports: • Big stack of open ports/reachable hosts • Nessus/ISS canned reports • Evaluated vulnerability reports

More Related