Prevent Getting Hacked by Using a Network Vulnerability Scanner
-
Upload
gfi-software -
Category
Technology
-
view
3.835 -
download
0
description
Transcript of Prevent Getting Hacked by Using a Network Vulnerability Scanner
How to (Not) Get HackedSix SMB Suggestions to Ensure your Network Security
Never Gets Breached
Sponsored by GFI Software
Greg Shields, MVP, vExpertSenior Partner and Principal Technologist
www.ConcentratedTech.com
Props to the Hackers
Props to the Hackers• While the end result of their activities isn’t terrifically
beneficial to the SMB network...– …one can’t ignore their tenacity…– …and their dedication…– …and their creativity in design.– (One also has to wonder about the hours they keep!)
• Their tenacity, dedication, and creativity is the reason we’re talking today.– These people mean business. So should you.
Early Hacking Attempts• In Windows’ early days, hacking attempts were
relatively easy to spot.– Malware processes often executed as Windows processes.– A casual browse of Task Manager could find their activity.
Early Hacking Attempts• Malware was (and continues to be) a common threat
– But back then, it was easy to find in the file system.– Malware file signatures were often enough to identify and
remove.
More Modern Trickery• Today’s hacking efforts have reached a level of
sophistication where its identification can no longer be seen with the naked eye.
More Modern Trickery• Today’s hacking efforts have reached a level of
sophistication where its identification can no longer bee seen with the naked eye.
• Some examples, by no means comprehensive…– System file patching and process infection hide activities.– Process resuscitation inhibits removal efforts.– Code polymorphism beats signature-based tools.– Rootkit and cloaking behaviors hide code beneath the file
system level.
File Patching / Process Infection
Svchost.exe
function openDatabasefunction openFile
function displayDialog
Svchost.exe
function openDatabasefunction openFile
function displayDialog
function invokeMalware
Hack!
OriginalSystem File
HackedSystem File
Process Resuscitation
Svchost.exe
function openDatabasefunction openFile
function displayDialog
function invokeMalwarefunction restartAifStopped
Hacked System File A
HackedSystem File B
Svchost.exe
function openDatabasefunction openFile
function displayDialog
function invokeMalwarefunction restartBifStopped
Code Polymorphism
Svchost.exe
function openDatabasefunction openFile
function displayDialog
function invokeErawlaM
PolyMalware A PolyMalware A’
Svchost.exe
function openDatabasefunction openFile
function displayDialog
function invokeMalware
Rootkit and Cloaking Behaviors
File System API Windows Kernel
Gimmea dir!
I needa dir!
OK, hereya’ go!
Here’sthat dir!
Before the Rootkit
File System APIEvilRootkit API
function cloakStuff
Gimmea dir!
I needa dir!
Bwahaha!Try this!
Here’sthat dir!
After the Rootkit
Windows Kernel
I needa dir!
OK, hereya’ go!
Hack!
Redirected Memory Pointers
Rootkit and Cloaking Behaviors
File System API Windows Kernel
Gimmea dir!
I needa dir!
OK, hereya’ go!
Here’sthat dir!
Before the Rootkit
File System APIEvilRootkit API
function cloakStuff
Gimmea dir!
I needa dir!
Bwahaha!Try this!
Here’sthat dir!
After the Rootkit
Windows Kernel
I needa dir!
OK, hereya’ go!
Hack!
Redirected Memory Pointers
Thanks, Greg. I know the Problems.What are the Solutions?
Thanks, Greg. I know the Problems.What are the Solutions?
• Not getting hacked today requires a layered approach to protection.– Update Management– Vulnerability Assessment– Network and Software Auditing / Inventory– Change Management– Risk Analysis and Compliance Verification
• Unifying these activities into a single solution goes far into assuring hack-proof-ed-ness.
Six SMB Suggestions• And yet solutions only get you so far.
– The best firewall in the world does no good if its not properly configured.
– Patches and updates do little if they don’t get installed.– A tool remains just a tool until you use it.
• Thus, I offer:Six Suggestions for Hack-Proofing yourSMB Network
Suggestion #1
Computers Missing Updates are your Biggest Security Hole
Suggestion #1
Computers Missing Updates are your Biggest Security Hole
• Vulnerabilities are by nature information in the public domain.– Vulnerabilities must be identified and communicated to
the world for the world to fix them.
• Vulnerabilities beget patches/updates.• Vulnerabilities also beget exploits.
– There is a measurable quantity of time between vulnerability announcement and exploit release.
Suggestion #2
A Reliance on WSUS Alone is a Losing Security Strategy
• …and don’t get me wrong, I like WSUS.
Suggestion #2
A Reliance on WSUS Alone is a Losing Security Strategy
• …and don’t get me wrong, I like WSUS.
• WSUS is by design limited to Microsoft updates only.– A very few third-party updates are available, but they’re
the exception and not the norm.
• Raise your hand if your IT shop runs atop exclusively Microsoft software alone. Nothing else.– Anyone? Anyone?
• Non-Microsoft software has updates too…
Suggestion #3
A Reliance on Patching Alone is also a Losing Security Strategy
Suggestion #3
A Reliance on Patching Alone is also a Losing Security Strategy
• Your patch compliance statistics are an insidious warm fuzzy.– “I’m 99% compliant. I’m protected!”
Suggestion #3
A Reliance on Patching Alone is also a Losing Security Strategy
• Your patch compliance statistics are an insidious warm fuzzy.– “I’m 99% compliant. I’m protected!”
• A holistic protection approach requires patching plus an extra external verification.– An external “white hat” solution, the good guys, that
positively verify whether each system is indeed protected.– Patch compliance statistics can be wrong.
Suggestion #4
Unanticipated Hardware and Software Create Unanticipated Problems
Suggestion #4
Unanticipated Hardware and Software Create Unanticipated Problems
• The slightly less politically correct term is “rogue”.Some examples:– Stan in Accounting who occasionally brings his personal
laptop into work.– Jane from Sales who’s been given Administrator rights and
now installs whatever software she believes necessary.– Dan over with the Marketing team who quietly installed an
Apple server “because he prefers Apple”.– Michele the CEO whose Android phone is again unpatched
and again on the wireless.
Suggestion #4
Unanticipated Hardware and Software Create Unanticipated Problems
• Stan, Jane, Dan, and Michele are security problems.– And yet they’re your problems.
• Automating asset inventory enables you to anticipate the problems this hardware/software will create.– Important: This auditing must source from outside the
Windows domain scope.– “Duh. Nobody installs ‘rogue’ servers into the production
domain.”
Suggestion #5
Every IT Shop Must Embrace Application Automation
Suggestion #5
Every IT Shop Must Embrace Application Automation
• SMB IT Pros are honestly the biggest problems here.– Automating application installation ensures consistent
configuration management.– Automating script execution creates a single point of
deployment, aids in determining “what happened”.– Locking down applications via policies ensures a consistent
user experience.
Suggestion #5
Every IT Shop Must Embrace Application Automation
• SMB IT Pros are honestly the biggest problems here.– Automating application installation ensures consistent
configuration management.– Automating script execution creates a single point of
deployment, aids in determining “what happened”.– Locking down applications via policies ensures a consistent
user experience.
• Before You Shoot Me: Admittedly, not all applications make sense for automation. Just most.
Suggestion #6
The Single-Solution Approach Best Fits the Need for Hack-Proof-Ed-Ness
Suggestion #6
The Single-Solution Approach Best Fits the Need for Hack-Proof-Ed-Ness
• Unifying these activities beneath a single solution creates a unified database of “what happened”.– Update Management– Vulnerability Assessment– Network and Software Auditing / Inventory– Change Management– Risk Analysis and Compliance Verification
• …because if you get hacked, figuring out what happened is exactly what you’ll need.
How to (Not) Get HackedSix SMB Suggestions to Ensure your Network Security
Never Gets Breached
Greg Shields, MVP, vExpertSenior Partner and Principal Technologist
www.ConcentratedTech.com
32
GFI LanGuard™
by Gill LangstonManager, Sales Engineer Group
33
» Offices located around the globe: USA (North Carolina, California & Florida), UK (London & Dundee), Australia, Austria, Romania, and Malta
» Hundreds of thousands of installations worldwide
» Trusted by thousands of companies around the world
» GFI products are sold by a global network of thousands of partners
Corporate overview
34
» Users with the average software portfolio installed on their PCs will need to master around 14 different update mechanisms from individual vendors to update their programs and keep their IT systems protected against vulnerabilities.
Secunia Yearly Report 2010
» Failure to keep machines patched can lead to security breaches and downtime.
» Without an automated patching mechanism, manual patching is time-consuming.
» Failure to comply with compliance regulations such as PCI can result in hefty fines
IT pain points
35
The solution?
36
How does GFI LanGuard work?
Remediate
Scan
AnalyzeInstall
Deploy Agents
(agent-less)
37
» Security□ Have a complete network security overview
□ Remediate security issues
□ Reduce the risks of data theft and data loss
» Productivity□ Lower downtime
□ Improve IT department’s productivity
» Compliance□ Prove your network is secure
□ Reduce the risks of legal penalties
Key benefits
38
Top features – Patch management
» Fix vulnerabilities before they are exploited by malicious software or people
» On demand or automated detection, download and deployment of missing security patches
□ Microsoft operating systems
□ Microsoft applications
□ Other third party applications (including Adobe,Mozilla, Apple, Google, Oracle, etc.)
» Rollback patches
» Network-wide deployment of custom software and scripts
39
Vulnerability assessment
» Software vulnerabilities are the main gates for malware and hackers to enter your network
» Over 45,000 checks against operating system and installed applications for security flaws and misconfigurations
» Scans Windows, Linux and Mac OSs
» Create custom vulnerability checks
40
Assets inventory
» Unmanaged/forgotten machines are a security risk
» Find the devices you were not aware of:□ Servers and workstations
□ Virtual machines
□ IP-based devices such as routers, printers, switches, etc.
41
Network and software audit
» All the information you need to know about your network such as:
» TCP and UDP port scanning
» Automatically remove unauthorized applications
» Check status of over 1,500 security applications (antivirus, antispyware, firewalls, disk encryption, data loss prevention, etc.)
» Get notified of security sensitive changes from your network (e.g., a new application is installed, a service is started/stopped, etc.)
Virtual machines Hardware and software installed Services
CPU information Manufacturer and serial no. Auditing policies
Operating system HDD space Users/Groups
Wireless devices Network adaptors Shares
42
Risk analysis and compliance
» Assistance on what to fix first:□ Security issues are rated by their severity level
□ Each computer has assigned a vulnerability level
» Powerful interactive dashboard with security sensors that are triggered when problems are found
» Full text search support
» Executive, technical and statistical reports
43
Product Screens
44
Product kudos
» Thousands of customers worldwide use GFI LanGuard
» Numerous product awards, a few listed below:
45
Patch management, network security and vulnerability scanner
Download GFI LANguard network vulnerability scanner and
get a free 30-day trial!
You can also check out the GFI LanGuard SmartGuide, which provides helpful tips for successful deployment:
http://www.gfi.com/lannetscan/manual