1 / 0

When a vulnerability assessment > pentest

When a vulnerability assessment > pentest. The Anomaly. $ whoami. Network Security for Dept of VA Father/Husband Fan of Futbol (Viva Mexico!) Fan of Martial Arts Brazilian JiuJitsu. $ whoami. $ whoami. $ whoami. $ whoami. What is a Pentest ?. Recon Pwnage Pillage Loot

maren
Télécharger la présentation

When a vulnerability assessment > pentest

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. When a vulnerability assessment > pentest

    The Anomaly
  2. $whoami Network Security for Dept of VA Father/Husband Fan of Futbol (Viva Mexico!) Fan of Martial Arts Brazilian JiuJitsu
  3. $whoami
  4. $whoami
  5. $whoami
  6. $whoami
  7. What is a Pentest? Recon Pwnage Pillage Loot Report
  8. What is a Pentest? http://www.pentest-standard.org/ http://www.sans.org/reading_room/whitepapers/bestprac/writing-penetration-testing-report_33343 http://www.offensive-security.com/offsec/sample-penetration-test-report/
  9. What is a Pentest?
  10. What is a Pentest?
  11. What is a Pentest?
  12. Injusticia!
  13. Probandoboligrafos - How to Not get a good pentest? http://blog.pentesterlab.com/2012/12/how-not-to-get-good-pentest.html Marcus Ranum – “The only favorable or useful outcome of a pentest is the worst one.” http://www.ranum.com/security/computer_security/editorials/point-counterpoint/pentesting.html
  14. Pwningnoobs Cons and breaking stuff tracks/talks Social Media: If you break stuff, talk about how to fix it. Reporting is Seriously lacking
  15. Pentesting
  16. Pentesting – mi mujer me pega “Why don’t you find their weaknesses and then help them fix it?”
  17. Vulnerability Assessment
  18. Vulnerability Assessment
  19. Vulnerability Assessment Scan, how? Inside, external, credentials, ips, firewalls Agent based vs passive vs active Results integration Results reporting Team player
  20. Scan how? Scanner Location inside Network, outside network Denial of service Nmap
  21. Scan how? Exclusions for Scanners White box vs. Black box Firewalls, IPS
  22. Scan how? Credentials Windows Desktops and Servers Linux/Unix servers with SSH account/keys SNMP strings Cisco/Networking SSH credentials Be careful with credentials: Dave/Immunity, Ron/Tenable, Qualys, more. https://lists.immunityinc.com/pipermail/dailydave/2013-February/000334.html
  23. Credentials? Risks Capture credentials Use ssh keys Never send clear text credentials Secure your scanner applications Passive Vulnerability (span port)
  24. Scan how? Remember HD Moore’s Law “Casual attacker power grows at the rate of Metaspoit.” - Joshua Corman
  25. Scan how?
  26. Agent vs Active scanning Agent Pros Near real time No network traffic No outages caused by scans Agent Cons May not be installed May not be possible to install Some vulns cannot be found
  27. Vuln Assessment and Patch Mgt
  28. Vuln Assessment and Patch Mgt
  29. Vuln Assessment and Patch Mgt
  30. VulnScanningdoing it right Internal Scans Credentialed Scans – Linux, Windows, Network devices Vendor provided exploit availabilities and frameworks Coordinate HIPS/NIPS, Firewall exclusions
  31. Scan Data integration Integrate with Org CMDB SA information Satellite Server SCCM WSUS BigFix
  32. Scan Data integration Integrate with Org CMDB
  33. Scan Data integration Sys Admin information SA POC information (part of cmdb) Sys Admin deemed important information Manual updates from Sys Admins
  34. Scan Data integration Satellite Server SCCM WSUS BigFix/Tivoli Endpoing Manager(TEM) Red Hat patch info integration Compare with Scan info
  35. Scan Data integration Where Does all this data go? Access DB Custom App with DB backend Excel Spreadsheet GRC – Governance Risk and Compliance Any other solutions?
  36. Scan data Incident Response Import into org SIEM or incident correlation tool
  37. Scan Reporting Executive reports on important issues Report on Org specified critical findings Organizational severity scoring
  38. Scan Reporting Organizational severity scoring
  39. Scan Reporting Java JRE vuln – RCE Base Score = 9.3 Temporal Score = 7.7 Final Score = ?
  40. Scan Reporting Java JRE vuln – RCE Base Score = 9.3 Temporal Score = 7.7 Final Score = ?
  41. Scan Reporting
  42. Scan Reporting Default Credentials Exploitable Vulns Malware identification vulns Indicators of Compromise Configuration Auditing More?
  43. Call to Action Do work! Improve scanning Improve Patch Mgt Integrate Consolidate data Customize to org needs Work as a team ( Security, Sys Admin, Devs, Operations, etc)
  44. Questions?
More Related