ITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen

itcampro @ itcamp12 # Premium conference on Microsoft technologies

Private &

Public Cloud ITCamp 2012 sponsors

Private &

Public Cloud Agenda

Intruduction

Hardening Techiques Summary

Infrastructure Techniques

Private &

Public Cloud Hacker Role in IT Development

• Hackers make IT security world running

• Hackers encourage us to be up to date

• Hackers test the newest technology

What is the security

trend?

19790509

Private &

Public Cloud Security Intelligence Report

http://www.microsoft.com/security/sir/

Private &

Public Cloud Agenda

Intruduction

Hardening Techiques Summary

Infrastructure Techniques

Private &

Public Cloud

External Views

Private &

Public Cloud Test Your Users

• Play a social engineer role

• Monitor them…

• …and show you do it

• Break users’ passwords

• Train them well

Private &

Public Cloud Know At Least One Scripting Language

• Hackers love scripts

– Perl

– Python

• You should love PowerShell 2.0

– Server Role management modules

– Server management

– Remoting

– Microsoft Common Criteria

Incorrect Access Control Lists

WYSI (NOT) WYG

Private &

Public Cloud Use Debugger

• Variable choices:

– SoftICE

–WinDbg

–DEBUG

– IDA Pro

• One idea:

– To look through the code and data structures

• Administrators: Crash dump analysis

• Process Explorer

Picture: commons.wikimedia.org

Private &

Public Cloud Network Monitoring

• Watch for protocol anomalies

– Data can leak through the data field

– Watch for protocols used not only for data transfers

• Monitor the traffic

– Unfortunately some traffic may happen only once a month

Private &

Public Cloud Agenda

Hacker role in IT development

Hacker Techniques and Demos

Things you should remember and summary

Lack of General Revisions

Lack of Training

Private &

Public Cloud Keep Your Knowledge Up To Date

• Know law regulations in your country

• IT resources – Mailing Lists

– Blogs / RSS

– Webcasts

• Security bulletins – Microsoft

– SANS

– ISS

Private &

Public Cloud Have Your Own Toolkit

• Internet Browser is sometimes enough

• CMD and build-in system tools

• Specialist tools

• Your own scripts

• Social engineering skills

• PowerShell 2.0/3.0

paula@idesign.net

Thank you!

ITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen

Technology

Transcript of ITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen

Datacentre Stronghold in Finland

Stronghold Builder's Guidebook

ITCamp 2011 - Tiberiu Covaci - Fast Faster ...Async ASPNet

ITCamp 2013 - Peter Leeson - Intelligent Evolution

ITCamp 2012 - Dan Nicola - Scrum v2

ITCamp 2012 - Leonard Abu-Saa - WCF Security

ITCamp 2012 - Raffaele Rialdi - Introduction to WinRT

Florissa Stronghold Medieval Faire Fiinal-01florissacenter.org/wp-content/uploads/2019/04/Florissa-_-Stronghold... · Florissa _ Stronghold Medieval Faire _ Fiinal-01.png Author:

Stronghold Sound

ITCamp 2015. Apps 2015: a legal odissey

Stronghold Readme

ITCamp 2012 - Alex Gyoshev - Kendo-UI

Stronghold manual

Stronghold Cattlemaster 1100m

ITCamp 2012 - Florin Cardasim - HTML5 web-sockets

STRONGHOLD BUSTER SEMINAR

Stronghold Builder's

1,* , Ewa Zaras-Januszkiewicz´ and Andrii Kistechok

Stronghold Diabetes Management

ITCamp 2011 - Mihai Nadas - Windows Azure interop