Prevent Getting Hacked by Using a Network Vulnerability Scanner

45
How to (Not) Get Hacked Six SMB Suggestions to Ensure your Network Security Never Gets Breached Sponsored by GFI Software Greg Shields, MVP, vExpert Senior Partner and Principal Technologist www.ConcentratedTech.com

description

How to (Not) Get Hacked - A Webinar by Greg Shields that discusses how activities such as Network Scanning, Vulnerability Scanning and Patch Management can ensure that your Network Security never gets breached.

Transcript of Prevent Getting Hacked by Using a Network Vulnerability Scanner

Page 1: Prevent Getting Hacked by Using a Network Vulnerability Scanner

How to (Not) Get HackedSix SMB Suggestions to Ensure your Network Security

Never Gets Breached

Sponsored by GFI Software

Greg Shields, MVP, vExpertSenior Partner and Principal Technologist

www.ConcentratedTech.com

Page 2: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Props to the Hackers

Page 3: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Props to the Hackers• While the end result of their activities isn’t terrifically

beneficial to the SMB network...– …one can’t ignore their tenacity…– …and their dedication…– …and their creativity in design.– (One also has to wonder about the hours they keep!)

• Their tenacity, dedication, and creativity is the reason we’re talking today.– These people mean business. So should you.

Page 4: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Early Hacking Attempts• In Windows’ early days, hacking attempts were

relatively easy to spot.– Malware processes often executed as Windows processes.– A casual browse of Task Manager could find their activity.

Page 5: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Early Hacking Attempts• Malware was (and continues to be) a common threat

– But back then, it was easy to find in the file system.– Malware file signatures were often enough to identify and

remove.

Page 6: Prevent Getting Hacked by Using a Network Vulnerability Scanner

More Modern Trickery• Today’s hacking efforts have reached a level of

sophistication where its identification can no longer be seen with the naked eye.

Page 7: Prevent Getting Hacked by Using a Network Vulnerability Scanner

More Modern Trickery• Today’s hacking efforts have reached a level of

sophistication where its identification can no longer bee seen with the naked eye.

• Some examples, by no means comprehensive…– System file patching and process infection hide activities.– Process resuscitation inhibits removal efforts.– Code polymorphism beats signature-based tools.– Rootkit and cloaking behaviors hide code beneath the file

system level.

Page 8: Prevent Getting Hacked by Using a Network Vulnerability Scanner

File Patching / Process Infection

Svchost.exe

function openDatabasefunction openFile

function displayDialog

Svchost.exe

function openDatabasefunction openFile

function displayDialog

function invokeMalware

Hack!

OriginalSystem File

HackedSystem File

Page 9: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Process Resuscitation

Svchost.exe

function openDatabasefunction openFile

function displayDialog

function invokeMalwarefunction restartAifStopped

Hacked System File A

HackedSystem File B

Svchost.exe

function openDatabasefunction openFile

function displayDialog

function invokeMalwarefunction restartBifStopped

Page 10: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Code Polymorphism

Svchost.exe

function openDatabasefunction openFile

function displayDialog

function invokeErawlaM

PolyMalware A PolyMalware A’

Svchost.exe

function openDatabasefunction openFile

function displayDialog

function invokeMalware

Page 11: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Rootkit and Cloaking Behaviors

File System API Windows Kernel

Gimmea dir!

I needa dir!

OK, hereya’ go!

Here’sthat dir!

Before the Rootkit

File System APIEvilRootkit API

function cloakStuff

Gimmea dir!

I needa dir!

Bwahaha!Try this!

Here’sthat dir!

After the Rootkit

Windows Kernel

I needa dir!

OK, hereya’ go!

Hack!

Redirected Memory Pointers

Page 12: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Rootkit and Cloaking Behaviors

File System API Windows Kernel

Gimmea dir!

I needa dir!

OK, hereya’ go!

Here’sthat dir!

Before the Rootkit

File System APIEvilRootkit API

function cloakStuff

Gimmea dir!

I needa dir!

Bwahaha!Try this!

Here’sthat dir!

After the Rootkit

Windows Kernel

I needa dir!

OK, hereya’ go!

Hack!

Redirected Memory Pointers

Page 13: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Thanks, Greg. I know the Problems.What are the Solutions?

Page 14: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Thanks, Greg. I know the Problems.What are the Solutions?

• Not getting hacked today requires a layered approach to protection.– Update Management– Vulnerability Assessment– Network and Software Auditing / Inventory– Change Management– Risk Analysis and Compliance Verification

• Unifying these activities into a single solution goes far into assuring hack-proof-ed-ness.

Page 15: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Six SMB Suggestions• And yet solutions only get you so far.

– The best firewall in the world does no good if its not properly configured.

– Patches and updates do little if they don’t get installed.– A tool remains just a tool until you use it.

• Thus, I offer:Six Suggestions for Hack-Proofing yourSMB Network

Page 16: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #1

Computers Missing Updates are your Biggest Security Hole

Page 17: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #1

Computers Missing Updates are your Biggest Security Hole

• Vulnerabilities are by nature information in the public domain.– Vulnerabilities must be identified and communicated to

the world for the world to fix them.

• Vulnerabilities beget patches/updates.• Vulnerabilities also beget exploits.

– There is a measurable quantity of time between vulnerability announcement and exploit release.

Page 18: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #2

A Reliance on WSUS Alone is a Losing Security Strategy

• …and don’t get me wrong, I like WSUS.

Page 19: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #2

A Reliance on WSUS Alone is a Losing Security Strategy

• …and don’t get me wrong, I like WSUS.

• WSUS is by design limited to Microsoft updates only.– A very few third-party updates are available, but they’re

the exception and not the norm.

• Raise your hand if your IT shop runs atop exclusively Microsoft software alone. Nothing else.– Anyone? Anyone?

• Non-Microsoft software has updates too…

Page 20: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #3

A Reliance on Patching Alone is also a Losing Security Strategy

Page 21: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #3

A Reliance on Patching Alone is also a Losing Security Strategy

• Your patch compliance statistics are an insidious warm fuzzy.– “I’m 99% compliant. I’m protected!”

Page 22: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #3

A Reliance on Patching Alone is also a Losing Security Strategy

• Your patch compliance statistics are an insidious warm fuzzy.– “I’m 99% compliant. I’m protected!”

• A holistic protection approach requires patching plus an extra external verification.– An external “white hat” solution, the good guys, that

positively verify whether each system is indeed protected.– Patch compliance statistics can be wrong.

Page 23: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #4

Unanticipated Hardware and Software Create Unanticipated Problems

Page 24: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #4

Unanticipated Hardware and Software Create Unanticipated Problems

• The slightly less politically correct term is “rogue”.Some examples:– Stan in Accounting who occasionally brings his personal

laptop into work.– Jane from Sales who’s been given Administrator rights and

now installs whatever software she believes necessary.– Dan over with the Marketing team who quietly installed an

Apple server “because he prefers Apple”.– Michele the CEO whose Android phone is again unpatched

and again on the wireless.

Page 25: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #4

Unanticipated Hardware and Software Create Unanticipated Problems

• Stan, Jane, Dan, and Michele are security problems.– And yet they’re your problems.

• Automating asset inventory enables you to anticipate the problems this hardware/software will create.– Important: This auditing must source from outside the

Windows domain scope.– “Duh. Nobody installs ‘rogue’ servers into the production

domain.”

Page 26: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #5

Every IT Shop Must Embrace Application Automation

Page 27: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #5

Every IT Shop Must Embrace Application Automation

• SMB IT Pros are honestly the biggest problems here.– Automating application installation ensures consistent

configuration management.– Automating script execution creates a single point of

deployment, aids in determining “what happened”.– Locking down applications via policies ensures a consistent

user experience.

Page 28: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #5

Every IT Shop Must Embrace Application Automation

• SMB IT Pros are honestly the biggest problems here.– Automating application installation ensures consistent

configuration management.– Automating script execution creates a single point of

deployment, aids in determining “what happened”.– Locking down applications via policies ensures a consistent

user experience.

• Before You Shoot Me: Admittedly, not all applications make sense for automation. Just most.

Page 29: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #6

The Single-Solution Approach Best Fits the Need for Hack-Proof-Ed-Ness

Page 30: Prevent Getting Hacked by Using a Network Vulnerability Scanner

Suggestion #6

The Single-Solution Approach Best Fits the Need for Hack-Proof-Ed-Ness

• Unifying these activities beneath a single solution creates a unified database of “what happened”.– Update Management– Vulnerability Assessment– Network and Software Auditing / Inventory– Change Management– Risk Analysis and Compliance Verification

• …because if you get hacked, figuring out what happened is exactly what you’ll need.

Page 31: Prevent Getting Hacked by Using a Network Vulnerability Scanner

How to (Not) Get HackedSix SMB Suggestions to Ensure your Network Security

Never Gets Breached

Greg Shields, MVP, vExpertSenior Partner and Principal Technologist

www.ConcentratedTech.com

Page 32: Prevent Getting Hacked by Using a Network Vulnerability Scanner

32

GFI LanGuard™

by Gill LangstonManager, Sales Engineer Group

Page 34: Prevent Getting Hacked by Using a Network Vulnerability Scanner

34

» Users with the average software portfolio installed on their PCs will need to master around 14 different update mechanisms from individual vendors to update their programs and keep their IT systems protected against vulnerabilities.

Secunia Yearly Report 2010

» Failure to keep machines patched can lead to security breaches and downtime.

» Without an automated patching mechanism, manual patching is time-consuming.

» Failure to comply with compliance regulations such as PCI can result in hefty fines

IT pain points

Page 35: Prevent Getting Hacked by Using a Network Vulnerability Scanner

35

The solution?

Page 36: Prevent Getting Hacked by Using a Network Vulnerability Scanner

36

How does GFI LanGuard work?

Remediate

Scan

AnalyzeInstall

Deploy Agents

(agent-less)

Page 37: Prevent Getting Hacked by Using a Network Vulnerability Scanner

37

» Security□ Have a complete network security overview

□ Remediate security issues

□ Reduce the risks of data theft and data loss

» Productivity□ Lower downtime

□ Improve IT department’s productivity

» Compliance□ Prove your network is secure

□ Reduce the risks of legal penalties

Key benefits

Page 38: Prevent Getting Hacked by Using a Network Vulnerability Scanner

38

Top features – Patch management

» Fix vulnerabilities before they are exploited by malicious software or people

» On demand or automated detection, download and deployment of missing security patches

□ Microsoft operating systems

□ Microsoft applications

□ Other third party applications (including Adobe,Mozilla, Apple, Google, Oracle, etc.)

» Rollback patches

» Network-wide deployment of custom software and scripts

Page 39: Prevent Getting Hacked by Using a Network Vulnerability Scanner

39

Vulnerability assessment

» Software vulnerabilities are the main gates for malware and hackers to enter your network

» Over 45,000 checks against operating system and installed applications for security flaws and misconfigurations

» Scans Windows, Linux and Mac OSs

» Create custom vulnerability checks

Page 40: Prevent Getting Hacked by Using a Network Vulnerability Scanner

40

Assets inventory

» Unmanaged/forgotten machines are a security risk

» Find the devices you were not aware of:□ Servers and workstations

□ Virtual machines

□ IP-based devices such as routers, printers, switches, etc.

Page 41: Prevent Getting Hacked by Using a Network Vulnerability Scanner

41

Network and software audit

» All the information you need to know about your network such as:

» TCP and UDP port scanning

» Automatically remove unauthorized applications

» Check status of over 1,500 security applications (antivirus, antispyware, firewalls, disk encryption, data loss prevention, etc.)

» Get notified of security sensitive changes from your network (e.g., a new application is installed, a service is started/stopped, etc.)

Virtual machines Hardware and software installed Services

CPU information Manufacturer and serial no. Auditing policies

Operating system HDD space Users/Groups

Wireless devices Network adaptors Shares

Page 42: Prevent Getting Hacked by Using a Network Vulnerability Scanner

42

Risk analysis and compliance

» Assistance on what to fix first:□ Security issues are rated by their severity level

□ Each computer has assigned a vulnerability level

» Powerful interactive dashboard with security sensors that are triggered when problems are found

» Full text search support

» Executive, technical and statistical reports

Page 43: Prevent Getting Hacked by Using a Network Vulnerability Scanner

43

Product Screens

Page 44: Prevent Getting Hacked by Using a Network Vulnerability Scanner

44

Product kudos

» Thousands of customers worldwide use GFI LanGuard

» Numerous product awards, a few listed below:

Page 45: Prevent Getting Hacked by Using a Network Vulnerability Scanner

45

Patch management, network security and vulnerability scanner

Download GFI LANguard network vulnerability scanner and

get a free 30-day trial!

You can also check out the GFI LanGuard SmartGuide, which provides helpful tips for successful deployment:

http://www.gfi.com/lannetscan/manual