Twitter, Blogs, & Sam: Oh why?! Twitter: @samjshah | Blog: .
MARCUS.MURRAY @ TRUESEC.COM Blog: Truesecurity.se Twitter: marcusswede
description
Transcript of MARCUS.MURRAY @ TRUESEC.COM Blog: Truesecurity.se Twitter: marcusswede
MARCUS.MURRAY @ TRUESEC.COMBlog: Truesecurity.se Twitter: marcusswede
Whoami?
2
MVP – Enterprise Security
Security Team Manager Truesec
Security Assessments/Penetration Testing
Design secure infrastructure
Speaking engagements
Incident responce
Session Goal
• Make you start thinking about testing your security
• Give some EXAMPLES of things you can test
• Provide some tools/methods/ideas on testing
Why do wee need to care about threats?
4
Sony PSN
5
16
8 Deadly sins in IT-Security
1. Unpatched systems2. Weak passwords3. Weak exposed client applications (Hardening/configuration)4. Weak exposed server services (Hardening/configuration)5. Weak local applications (Hardening/configuration)6. Sensitive network traffic exposure7. Weak access control to protect sensitive data8. System dependencies
18
Unpatched systems
• 2 different approaches to choose from
• Patch inventory platforms • MBSA• Shavlic • Etc..
• Vulnerability scanners/attack testing platforms • Core Impact• Nessus• Metasploit• Etc...
19
Unpatched systems
20
Weak passwords
• Many places to test• Active Directory• User accounts• Computer accounts!
• Local SAM• Other services (SQL/Webapplications/VNC etc., etc.)
• 2 main methods• Active testing (Brute force/dictionary)• WARNING – don’t forget password lockout policys!
• Passive testing
21
Weak passwords
22
Weak exposed client applications (Hardening/configuration)
• Common issues:• Macro Security!• Outdated versions of applications• Browser plugins• Acrobat reader (over and over again...)• Java
• Tools:• https://browsercheck.qualys.com/
23
Weak exposed client applications (Hardening/configuration)
Weak exposed server services (Hardening/configuration)
• Most common:• WEB• SQL
• Testing:• Web/sql is challenging to test• There are automated tools out there• Often misses weaknesses• False positives common
• Manual testing by experienced tester is recommended• Common weaknesses: Injections/XSS/shared passwords
embedded in client application etc. etc.25
Weak exposed server services (Hardening/configuration)
Weak local applications (Hardening/configuration)
• Anything that is run in admin privs and writable with user privs• Registry• File system• Services• Scheduled Tasks• Processes
27
Weak local applications (Hardening/configuration)
28
Sensitive network traffic exposure
• Weak protocols:• SMB• http• telnet• Snmp• ftp• RDP• Etc..
• Tools:• Wireshark/Cain etc.
29
Sensitive network traffic exposure
30
Weak access control to protect sensitive data
• Very often high privileges are stored in files accessible by domain users or even everyone!• Scripts• Backups• Webconfigs• Password reaminder docs• Config files
31
Weak access control to protect sensitive data
System dependencies
• Very often the privileged accounts are stored on systems with lowers security demands• Local admin reuse• Exposed Domain admin logons• Reused service accounts• Tools:• Gsecdump• Lslsass• parallelltask
33
System dependencies
34
Process of testing
• Decide what tests you want to run• For each test:
• Set up a test goal• Identify targets• Find the right tools• Identify risks• Define and try methology to manage risks
• Backup/restore/Rollback/Failover/Point of contact• Set up a test methology• Test in a controlled environment• Get acceptance from system owners!!• Perfom test• Analyse result• Take actions
Some resources • Open Source Security Testing Methodology Manual
http://www.isecom.org/osstmm/
• Microsoft Baseline Security Analyzer 2.2http://technet.microsoft.com/en-us/security/cc184923
• Nessushttp://www.nessus.org/products/nessus
• Truesec.comwww.truesec.com
Stay up to date with TechNet Belux
Register for our newsletters and stay up to date:http://www.technet-newsletters.be
• Technical updates• Event announcements and registration• Top downloads
Join us on Facebookhttp://www.facebook.com/technetbehttp://www.facebook.com/technetbelux
LinkedIn: http://linkd.in/technetbelux/
Twitter: @technetbelux
Download MSDN/TechNet Desktop Gadget
http://bit.ly/msdntngadget
TechDays 2011 On-Demand
• Watch this session on-demand via TechNet Edge http://technet.microsoft.com/fr-be/edge/
http://technet.microsoft.com/nl-be/edge/• Download to your favorite MP3 or video player• Get access to slides and recommended resources by the speakers
Security Training event! Understand how hackers attack Microsoft platforms
• 3 days with Marcus Murray
• Hands on labs
• Understand how hackers attack Microsoft platforms
• The tools & methods they use
• Amsterdam, Netherlands June 20-22, 2011
Register at www.truesec.com
THANK YOUMarcus.Murray @ Truesec.com