Leading Controls and Tools: Small Teams who can do more with little or no budget Jeremy Mio – Security and Research Manager.

Slides:

Advertisements

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Advertisements

David A. Brown Chief Information Security Officer State of Ohio

System Security Scanning and Discovery Chapter 14.

Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Securing Windows Internet Servers 23.org / Covert Systems Jon Miller Senior Security Engineer Covert Systems, Inc.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

OPSEC Awareness Briefing Multi-Function Printer (MFP) Security.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential Document.

IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples.

EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

IT Security – Scanning / Vulnerability Assessment David Geick State of Connecticut IT Security.

ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam

Microsoft Management Seminar Series SMS 2003 Change Management.

Frontline Enterprise Security

Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Stopping Breaches on a Budget How the Critical Security Controls Can Help You September 2016, Data Connectors Dante LoScalzo,

Defining your requirements for a successful security (and compliance

ArcGIS for Server Security: Advanced

Brian Ventura SANS Community Instructor

Hacking Windows.

Your Partner for Superior Cybersecurity

CISOs Guide To Communicating WNCRY.

OIT Security Operations

CompTIA Security+ Study Guide (SY0-401)

Your security risk is higher than ever.

RPZ, 20 Critical Controls, Linux Server Audit, Printer Security Audit

Introduction to Operating Systems

Cybersecurity - What’s Next? June 2017

Critical Security Controls

Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.

THR2099 What to do BEFORE all hell breaks loose: Building a modern cybersecurity strategy.

Chris D Hicks Director of IT MCSE, MCP + Internet Security

Leverage What’s Out There

OWASP CONSUMER TOP TEN SAFE WEB HABITS

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009

CompTIA Security+ Study Guide (SY0-401)

I have many checklists: how do I get started with cyber security?

Determined Human Adversaries: Mitigations

Implementing and Auditing the Critical Controls

Cybersecurity Strategy

Automating Security in the Cloud

Information Security Awareness

Network hardening Chapter 14.

BACHELOR’S THESIS DEFENSE

Bonrix Software Systems

Technology Convergence

Determined Human Adversaries: Mitigations

16. Account Monitoring and Control

Test 3 review FTP & Cybersecurity

Convergence IT Services Pvt. Ltd

6. Application Software Security

Presented to Information Systems Security Association of Orange County

Presentation transcript:

Leading Controls and Tools: Small Teams who can do more with little or no budget Jeremy Mio – Security and Research Manager

Agenda: Hygiene / Controls Tools Examples Q&A

Controls & Resources NIST Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) - consists of standards, guidelines, and practices to promote the protection of critical infrastructure. NIST’s Security Content Automation Protocol (SCAP) - a suite of standard, interoperable specifications for SCAP-capable tools to automate cyber security assessments, including the first five recommended actions of the Cyber Hygiene Campaign. CIS Benchmarks and Configuration Assessment Tool (CIS-CAT) - more than 80 consensus-based, industry recognized security benchmarks for the most commonly used technologies are available, along with the SCAP-implementable CIS-CAT to help assess security posture in an automated way. CIS Top 20 Critical Controls - a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. Australian Government Department of Defense Strategies to Mitigate Targeted Cyber Intrusions - a list of strategies to mitigate targeted cyber intrusions.

CIS Top 5 Critical Controls https://www.cisecurity.org/critical-controls.cfm

Free and Painful Trial vulnerability scanner… many for ad-hoc scanning Best practice GPO: Microsoft Baseline Security Analyzer: https://www.microsoft.com/en-us/download/details.aspx?id=7558 Tripwire SecureCheq™: http://www.tripwire.com/free-tools/ Qualys BrowserCheck: https://www.qualys.com/free-tools-trials/browsercheck/ KnowBe4 RanSim: https://www.knowbe4.com/ransomware-simulator KnowBe4 Phish Alert Button: https://www.knowbe4.com/free-phish-alert AFAP Domain Admins Limit!!!! Software inventory: Microsoft Software Inventory Analyzer tool

NMAP + NDIFF… What is that? NMAP is you friend nmap -T4 -v -oA myshares –script smb-enum-shares –script-args smbuser=MyUserHere,smbpass=MyPassHere -p445 192.168.0.1-255 && cat myshares.nmap|grep ‘|\|192’|awk ‘/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ { line=$0 } /\|/ { $0 = line $0}1’|grep \||grep -v -E ‘(smb-enum-shares|access: <none>|ADMIN\$|C\$|IPC\$|U\$|access: READ)’|awk ‘{ sub(/Nmap scan report for /, “”); print }’ >> sharelist.txt NMAP + NDIFF… What is that?

Other Free and Painful Tips Disable telnet or alert on use! Lock down logins over https! Don’t store plain text passwords: KeePass on file share shutdown ports that are unused, & setup port security Bitlocker/encryption Network device config backups SSH… user ssh keys!! Patch, Patch, Patch!!

SSL vs TLS Disable old/all SSL!! 33% of all HTTPS servers are vulnerable Switch to TLS Heartbleed, DROWN, POODLE, FREAK https://www.ssllabs.com/ssltest/ https://isc.sans.edu/forums/diary/POODLE+Turnin g+off+SSLv3+for+various+servers+and+client/18837

Servers with Desktop Software Remove the software!!! Do you need to browse the web, read pdf documents, and run flash videos from servers!? Log all the logins from servers… including successful! Check iLo settings/passwords

Don’t Forget your printers

NetDisco Netbox: http://packetlife.net/blog/2016/jun/15/announcing-netbox/

Free & not completely easy Start to purple team: SANS Training User Education: Resources, team up! Diff. local admin passwords: LAPS Least privileges: Practice it! App Whitelisting: AppLocker Canary in the coal mine: Honeypots!!! Egress Filtering: Squid Proxy and others

IR: Tool of Tools Katana USB Kit External Storage MiFi Documentation!!!! Playbooks?... What are thoughts? SANS + MS-ISAC Resources!

Show me the $$$ Do we have a budget yet? Real vuln scanner SIEM/IDS/IPS: AlienVault + MS-ISAC Albert Professional pen test (not security assessment) DHS 2FA Advanced buzzword devices

Organize IPAM Password safe Incident Response tabletops and drills MS-ISAC workgroups Software Inventory and Standards

Shodan.io County US: 800 FTP: 163 Telnet: 133

Extras Start early on http://osintframework.com/ Books: https://www.safaribooksonline.com/library/view/defensive-security-handbook/9781491960370/

List of available resources:

Questions Contact: Jeremy Mio jmio@cuyahogacounty.us 216.698.2542 Cyber Support Inquires: CCISCSecurity@cuyahogacounty.us Register to the mailing list at: www.itsecurity.cuyahogacounty.us/en-us/Education.aspx