TOP mistakes in Microsoft infrastructure

2
TOP mistakes in Microsoft infrastructure Glib Pakharenko 2016-09-14 gpaharenko at gmail.com

Transcript of TOP mistakes in Microsoft infrastructure

Page 1: TOP mistakes in Microsoft infrastructure

TOP mistakes in Microsoft infrastructure

Glib Pakharenko2016-09-14

gpaharenko at gmail.com

Page 2: TOP mistakes in Microsoft infrastructure

TOP 10 sysadmin mistakes

# Sysadmin mistake Microsoft good practice1 Weak passwords https://technet.microsoft.com/en-us/itpro/windows/keep-se

cure/password-policy2 Mimikatz (password theft) https://technet.microsoft.com/en-us/security/dn920237.aspx 3 Kerberos Golden Ticket https://cert.europa.eu/static/WhitePapers/CERT-EU-SWP_14_07_PassTheGolden_Ticket_v1_1.pdf 4 WMI hidden process

executionhttps://www.fireeye.com/blog/threat-research/2016/08/wmi_vs_wmi_monitor.html

5 Powershell attacks https://www.blackhat.com/docs/us-14/materials/us-14-Kazanciyan-Investigating-Powershell-Attacks.pdf 6 Malicious Office Documents https://blogs.technet.microsoft.com/mmpc/2014/12/30/before-you-enable-those-macros/ 7 Group policy preferences

saved passwordhttps://support.microsoft.com/en-us/kb/2962486

8 Too many domain admins https://msdn.microsoft.com/en-us/library/cc875827.aspx 9 The lack of updates https://technet.microsoft.com/en-us/security/bulletins.aspx 10 The lack of proper time https://support.microsoft.com/uk-ua/kb/262680

https://technet.microsoft.com/en-us/itpro/windows/keep-secure/password-policy
https://technet.microsoft.com/en-us/itpro/windows/keep-secure/password-policy
https://technet.microsoft.com/en-us/security/dn920237.aspx
https://technet.microsoft.com/en-us/security/dn920237.aspx
https://cert.europa.eu/static/WhitePapers/CERT-EU-SWP_14_07_PassTheGolden_Ticket_v1_1.pdf
https://cert.europa.eu/static/WhitePapers/CERT-EU-SWP_14_07_PassTheGolden_Ticket_v1_1.pdf
https://www.blackhat.com/docs/us-14/materials/us-14-Kazanciyan-Investigating-Powershell-Attacks.pdf
https://www.blackhat.com/docs/us-14/materials/us-14-Kazanciyan-Investigating-Powershell-Attacks.pdf
https://blogs.technet.microsoft.com/mmpc/2014/12/30/before-you-enable-those-macros/
https://blogs.technet.microsoft.com/mmpc/2014/12/30/before-you-enable-those-macros/
https://support.microsoft.com/en-us/kb/2962486
https://msdn.microsoft.com/en-us/library/cc875827.aspx
https://technet.microsoft.com/en-us/security/bulletins.aspx
https://support.microsoft.com/uk-ua/kb/262680

17 Mistakes Microsoft made in the Xbox Security System Microsoft

17 Mistakes Microsoft made in the Xbox Security System Microsoft

Microsoft Fast Study – Hybrid Cloud Infrastructure

Microsoft Fast Study – Hybrid Cloud Infrastructure

White Paper: EMC Infrastructure for Microsoft Private Cloud

White Paper: EMC Infrastructure for Microsoft Private Cloud

H6188 - EMC Virtual Infrastructure for Microsoft Applications ...

H6188 - EMC Virtual Infrastructure for Microsoft Applications ...

Building the Right Infrastructure for Microsoft SharePoint

Building the Right Infrastructure for Microsoft SharePoint

infrastructure As A Service In Microsoft Azure Infrastructure as a Service in... · Infrastructure as a Service in Microsoft Azure ... commonly known as Infrastructure as a Service

infrastructure As A Service In Microsoft Azure Infrastructure as a Service in... · Infrastructure as a Service in Microsoft Azure ... commonly known as Infrastructure as a Service

Hitachi Infrastructure Analytics Advisor · Microsoft, the Microsoft ... SmartScreen, SQL Server, Visual Basic, Visual C++, Visual Studio, ... • Hitachi Infrastructure Analytics

Hitachi Infrastructure Analytics Advisor · Microsoft, the Microsoft ... SmartScreen, SQL Server, Visual Basic, Visual C++, Visual Studio, ... • Hitachi Infrastructure Analytics

VMware Infrastructure Setup for Microsoft Cluster Service

VMware Infrastructure Setup for Microsoft Cluster Service

Microsoft Infrastructure Assessment

Microsoft Infrastructure Assessment

Microsoft PowerPoint - TIA-942 Datacenter Infrastructure Standard

Microsoft PowerPoint - TIA-942 Datacenter Infrastructure Standard

Infrastructure Solutions for Microsoft SQL Server

Infrastructure Solutions for Microsoft SQL Server

Applications Infrastructure - Microsoft Home Page | Devices and

Applications Infrastructure - Microsoft Home Page | Devices and

Stanislas Quastana, CISSP Architecte Infrastructure Microsoft France .

Stanislas Quastana, CISSP Architecte Infrastructure Microsoft France .

Microsoft Azure Cloud Infrastructure & Management ...contentit.ingrammicro.eu/.../CLOUD/.../Azure_Tech_Journey2019WebinarMS.pdf · Microsoft Azure Cloud Infrastructure & Management

Microsoft Azure Cloud Infrastructure & Management ...contentit.ingrammicro.eu/.../CLOUD/.../Azure_Tech_Journey2019WebinarMS.pdf · Microsoft Azure Cloud Infrastructure & Management

THE FIVE NASTIEST SECURITY MISTAKES LURKING IN PUBLIC ...€¦ · infrastructure exposures—many of them caused by preventable, common mistakes. Since software started eating the

THE FIVE NASTIEST SECURITY MISTAKES LURKING IN PUBLIC ...€¦ · infrastructure exposures—many of them caused by preventable, common mistakes. Since software started eating the

Virtual Desktop Infrastructure (VDI) from Microsoft Antonio Gámir TSP – Windows Client Microsoft Ibérica.

Virtual Desktop Infrastructure (VDI) from Microsoft Antonio Gámir TSP – Windows Client Microsoft Ibérica.

EMC Virtual Infrastructure for Microsoft SQL Server · PDF fileEMC Virtual Infrastructure for Microsoft SQL Server . ... compatible with existing network infrastructure ... EMC Virtual

EMC Virtual Infrastructure for Microsoft SQL Server · PDF fileEMC Virtual Infrastructure for Microsoft SQL Server . ... compatible with existing network infrastructure ... EMC Virtual

Top 20 Mistakes in Microsoft Public Key Infrastructure PKI

Top 20 Mistakes in Microsoft Public Key Infrastructure PKI

Building Your Cloud Infrastructure With Microsoft Azure · PDF fileBuilding Your Cloud Infrastructure with Microsoft Azure 3 Building Your Cloud Infrastructure with Azure Five High

Building Your Cloud Infrastructure With Microsoft Azure · PDF fileBuilding Your Cloud Infrastructure with Microsoft Azure 3 Building Your Cloud Infrastructure with Azure Five High

Microsoft (ECI) Enrollment for Core Infrastructure · Enrollment for Core Infrastructure ... Microsoft (ECI) Enrollment for Core Infrastructure ... •System Center Data Protection

Microsoft (ECI) Enrollment for Core Infrastructure · Enrollment for Core Infrastructure ... Microsoft (ECI) Enrollment for Core Infrastructure ... •System Center Data Protection