1 / 61

Hey, You! Get Off My Network! (Repeats on 5/19 at 8:30am)

SIM404. Hey, You! Get Off My Network! (Repeats on 5/19 at 8:30am). ERDAL OZKAYA Licensed Penetration Tester–MVP-MCT-CEI CEO IT TRAINING erdal@ceotraining.com.au Elias Mereb MVP-MCT

wilford
Télécharger la présentation

Hey, You! Get Off My Network! (Repeats on 5/19 at 8:30am)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIM404 Hey, You! Get Off My Network! (Repeats on 5/19 at 8:30am) ERDAL OZKAYA Licensed Penetration Tester–MVP-MCT-CEI CEO IT TRAINING erdal@ceotraining.com.au Elias Mereb MVP-MCT emereb@widetechconsulting.com

  2. Agenda:Hack Proof Your Server Demo What is Penetration Testing Demo

  3. Is Security Part of Your Job? Question

  4. Think Again!!! Source: Demotivation

  5. To prevent this.!

  6. Best Practices to Keep Your Servers SAFE! Golden Rule! There is no way to STOP a Hacker, you can only make their job HARDER !

  7. Sound familiar ? • Costs too much money! • Too complicated • Not worth the bother!! • My SIMPLE firewall protects me  • We have got “A” Solution

  8. 1. If Possible Use Windows SERVER 2008 R2 CORE

  9. Windows Server Core is Secure Because • There is no GUI shell • Reduced maintenance • Reduced attack surface area • Reduced management • Less disk space required to install

  10. 2. Use AppLocker • Replaces the Software Restriction Policies feature • AppLocker will reduce administrative overhead and help administrators control how users can access and use files, such as .exe files, scripts, Windows Installer files (.msi and .msp files), and DLLs

  11. 3. Use Biometrics Server 2008 R2 enables administrators and users to use • Fingerprint biometric devices to log on to computers, • Grant elevation privileges through User Account Control (UAC) • Perform basic management of the fingerprint devices. • Manage fingerprint biometric devices in Group Policy settings by enabling, limiting, or blocking their use

  12. 4. Use Smart Cards Server 08 R2 make smart cards easier to use and to deploy, and makes it possible to use smart cards to complete a greater variety of tasks

  13. 5. Use Strong Passwords • Mandate a minimum password length of at least 8 characters, consider 12… 7 or under is bad under all circumstances • Audit Passwords against English words; (Cain & Abel can do some of it) • Avoid too complex passwords ( for end users) • Train users to avoid simple English words • Remove LM Win 7 and Server 2008 R2 have no support for LAN Man hashes or authentication at all

  14. 6. Use Service Accounts To enhance security while simplifying or eliminating password and Service Principal Name (SPN) management 1. Managed service account Is designed to provide crucial applications such as SQL Server and IIS with the isolation of their own domain accounts, while eliminating the need for an administrator to manually administer the SPNand credentials for these accounts 2. Virtual accounts Are "managed local accounts" that can use a computer's credentials to access network resources

  15. 7. User Account Control (UAC) • The access control model changed to help mitigate the impact of a malicious program; When a user attempts to start an administrator task or service, the UAC dialog box asks the user to click either Yes or No before the user's full administrator access token can be used Changes in Server 08 R2 are • Increase the number of tasks that the standard user can perform that do not prompt for administrator approval • Allow a user with administrator privileges to configure the UAC experience in the Control Panel • Provide additional local security policies that enable a local administrator to change the behavior of the UAC messages for local administrators in Admin Approval Mode • Provide additional local security policies that enable a local administrator to change the behavior of the UAC messages for standard users

  16. 8. Windows Security Auditing With Server 08 R2 all auditing capabilities have been integrated with Group Policy Server R2 increase the level of detail in security auditing logs and simplify the deployment and management of auditing policies New enhancements are • Global Object Access Auditing • "Reason for access" reporting • Advanced audit policy settings

  17. 9. Run Security Configuration Wizard (SCW) SCW guides you through the process of creating, editing, applying, or rolling back a security policy SCW benefits • disables unnecessary services • detects role dependencies • It provides hot links to get online help • Can be deployed via Group Policy

  18. 10. Use Windows Firewall Windows Firewall with Advanced Security is an advanced interface for IT professionals Windows Firewall with Advanced Security is not for home users

  19. 11. Disabling Insecure User Accounts In Windows 2008 server installation, two accounts are created by default • Administrator and Guest • Disable or rename admin account

  20. 12. Use BitLocker BitLocker Drive Encryption allows you to • Encrypt all data stored on the Windows operating system volume • configured data volumes, • by using a Trusted Platform Module (TPM), it can also help ensure the integrity of early startup components

  21. 13. Use Windows 2008 R2 NAP Network Access Protection monitors and assess the ‘health” of hosts in a network to determine their level of compliance to the configured health policy. NAP ensures that vulnerable/infected systems don’t become a launch pad for a more wide spread hacker/malicious code attack

  22. 14. Use Microsoft Baseline Security Analyzer MBSA is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems http://www.microsoft.com/mbsa

  23. 15. Be Aware of Social Engineering

  24. Social Engineering Explored • There is no method to ensure complete security from social engineering attacks • Its difficult to detect • Security policy's are strong as their weakest link, and humans are the most susceptible factor • There is no specific SOFTWARE or HARDWARE to defend against it

  25. What Else Can You Do to Protect Your Servers? • Learn to look for weakness... • The old excuse is not an EXCUSE “It will never happen to me It’s the way we've always done it It’s standard practice throughout the company ….”

  26. Microsoft Tools to Harden our Servers Security Compliance Manager is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor the security baselines of computers running Windows Server 2008 in your environment http://go.microsoft.com/fwlink/?LinkId=182512

  27. SIR? Have You Met…

  28. Microsoft Security Intelligence Report • The Security Intelligence Report (SIR) is an investigation of the current threat landscapeIt analyzes exploits, vulnerabilities, and malware based on data from over 600 million systems worldwide, internet services, and three Microsoft Security Centers • http://www.microsoft.com/security/sir/

  29. How to harden your servers? demo

  30. What Is Penetration Testing? • Testing the security of systems and architectures from a hacker’s point of view • A “simulated attack” with a predetermined goal. • It is an authorized attempt to violate specific constraints stated in the form of a security or integrity policy. • It is a testing technique for discovering, understanding, and documenting all the security holes that can be found in a system.

  31. Why Penetration Testing ?

  32. Identify the threats facing your assets

  33. ROSI • Reduce the IT Security costs & provide a better Return On IT Security Investment (ROSI) by identifying & resolving vulnerabilities and weakness

  34. Comprehensive Assessment • Pen Testing will assure the organization that all • Policy • Procedure • Design & Implementation has been assets

  35. Process Best Practice for legal & industry regulations approach • ISMS PDCA example Interested Parties Information security requirements and expectations Interested Parties Managed information security Plan Establish an ISMS Act Do Implement the ISMS Maintain and Improve the ISMS Monitor and review the ISMS Check

  36. Gain & maintain certification • Information Security Management Systems • Like ISO 27001 • BS7799 • HIPPAA ( Privacy certification for Health Insurance Portability and Accountability ) • etc.

  37. Evaluate the efficiency of Security Devices

  38. What Should be Tested? • A risk assessment should be conducted to identify main threats, such us: • Communications – E-Commerce & loss of confidential information failure • Public facing systems, websites, e-mail gateways & remote platforms • Mail, DNS, firewall, passwords, FTP, IIS & other web servers

  39. Access Points to Your Network • Internet gateways • Modems • Wireless Networks • Physical entry • Social Engineering

  40. What Makes a Good Penetration Test? • Establish the parameters for the pen-test such us: Objectives ,Limitations & justification of procedures • Choose suitable set of tests that balance cost & benefits • Following a methodology with proper planning & documentation • Stating all the results clearly in the final report

  41. Penetration Testing Is Not… • An alternative to other IT security measures – it complements other tests • Expensive game of Capture the Flag • A guarantee of security • It is not a proof techniques. It can never prove the absence of security flaws. It can only prove their presence.

  42. Hacking Methodology (Steps) Footprinting Scanning Enumeration Gaining Access Escalating Privilege Pilferting Covering Tracks Creating Back Doors Denial of Service whois, nslookup GFILan \nmap rpcinfo Tcpdump Johntheripper Config files, registry rootkits keystroke logger remote desktop Ping of death

  43. Limitations • It’s only valid for the period tested • Time to perform

  44. External Testing Involves analysis of publicly available information a network enumeration phase, and the behaviour of the security devices analysed Types of Penetration Testing Internal Testing Will be performed from a number of network access points , representing each logical & physical segment

  45. Phases of Pen Testing • Pre- Attack Phase • Attack Phase • Post Attack Phase

  46. Pre- Attack Phase • Goals of the attack will be defined Reconnaissance Refers to phase where attacker gathers as much information as possible (Learn About Target) • Passive Reconnaissance • Hacker does not interact with the system directly • Use publicly available info * Social Engineering ,Dumpster Diving 2. Active Reconnaissance • Open ports ,Router locations ,Network mapping, Details of O/S & apps

  47. Attack Phase • Penetrate Perimeter • Acquire Target • Execute, Implant Retract • Escalate Privilege

More Related