WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY.

Slides:

Advertisements

Similar presentations

Patch Management Patch Management in a Windows based environment

Advertisements

So You Think Your Domain Controller Is Secure?

Using PI to Aggregate & Correlate Security Events to Detect Cyber Attacks Dale Peterson Digital Bond, Inc.

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.

Web Vulnerability Assessments

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

Vulnerability Assessments with Nessus 3 Columbia Area LUG January

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.

1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

Vulnerability Types And How to Use Them.

Appliance Firewalls A Technology Review By: Brent Huston T h e B l a c k H a t B r i e f i n g s July 7-8, 1999 Las Vegas.

The Business of Penetration Testing

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.

EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.

Honeypot and Intrusion Detection System

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

CAPTURE THE FLAG Introductions beer brew man dutchrowboat.

# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.

Auditing IT Vulnerabilities IT vulnerabilities are weaknesses or exposures in IT assets or processes that may lead to a business risk or security risk.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

CERN IT Department CH-1211 Genève 23 Switzerland t Security Overview Luca Canali, CERN Distributed Database Operations Workshop April

HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.

Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.

Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.

Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.

C C Introduction to Tivoli Endpoint Manager 8.2 Joe Saylor Tivoli Endpoint Manager Solutions Architect.

1 1 Advanced Cyber Security Event - Introduction 11 th May 2016 Matt Locker.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.

Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.

Enterprise Vulnerability Management

Defining your requirements for a successful security (and compliance

Vulnerability Management Programs & The Lessons Learned

Seminar On Ethical Hacking Submitted To: Submitted By:

Critical Security Controls

CompTIA Security+ SY0-401 Real Exam Question Answer

Security Patching.

Compliance with hardening standards

Putting It All Together

Putting It All Together

IS4550 Security Policies and Implementation

Information Security Session October 24, 2005

National Cyber Security

AppExchange Security Certification

Operating System Security

Network hardening Chapter 14.

The design and development of Vulnerability management system

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY

$WHOAMI Network Security for Dept of VA Father/Husband Fan of Futbol (Viva Mexico!) Fan of Martial Arts Brazilian JiuJitsu

$WHOAMI

WHAT IS A PENTEST? Recon Pwnage Pillage Loot Report

WHAT IS A PENTEST? ing-penetration-testing-report_ test-report/

WHAT IS A PENTEST?

INJUSTICIA!

PROBANDO BOLIGRAFOS - How to Not get a good pentest? -Marcus Ranum – The only favorable or useful outcome of a pentest is the worst one. counterpoint/pentesting.html

PWNING NOOBS -Cons and breaking stuff tracks/talks -Social Media: If you break stuff, talk about how to fix it. -Reporting is Seriously lacking

PENTESTING

PENTESTING – MI MUJER ME PEGA Why dont you find their weaknesses and then help them fix it?

VULNERABILITY ASSESSMENT

-Scan, how? Inside, external, credentials, ips, firewalls -Agent based vs passive vs active -Results integration -Results reporting -Team player

SCAN HOW? -Scanner Location -inside Network, outside network -Denial of service -Nmap

SCAN HOW? -Exclusions for Scanners -White box vs. Black box -Firewalls, IPS

SCAN HOW? -Credentials -Windows Desktops and Servers -Linux/Unix servers with SSH account/keys -SNMP strings -Cisco/Networking SSH credentials -Be careful with credentials: Dave/Immunity, Ron/Tenable, Qualys, more. - February/ htmlhttps://lists.immunityinc.com/pipermail/dailydave/2013- February/ html

CREDENTIALS? -Risks -Capture credentials -Use ssh keys -Never send clear text credentials -Secure your scanner applications -Passive Vulnerability (span port)

SCAN HOW? -Remember HD Moores Law Casual attacker power grows at the rate of Metaspoit. -Joshua Corman

SCAN HOW?

AGENT VS ACTIVE SCANNING -Agent Pros -Near real time -No network traffic -No outages caused by scans -Agent Cons -May not be installed -May not be possible to install -Some vulns cannot be found

VULN ASSESSMENT AND PATCH MGT

VULN SCANNING DOING IT RIGHT Internal Scans Credentialed Scans – Linux, Windows, Network devices Vendor provided exploit availabilities and frameworks Coordinate HIPS/NIPS, Firewall exclusions

SCAN DATA INTEGRATION Integrate with Org CMDB SA information Satellite Server SCCM WSUS BigFix

SCAN DATA INTEGRATION Integrate with Org CMDB

SCAN DATA INTEGRATION Sys Admin information SA POC information (part of cmdb) Sys Admin deemed important information Manual updates from Sys Admins

SCAN DATA INTEGRATION Satellite Server SCCM WSUS BigFix/Tivoli Endpoing Manager(TEM) Red Hat patch info integration Compare with Scan info

SCAN DATA INTEGRATION Where Does all this data go? Access DB Custom App with DB backend Excel Spreadsheet GRC – Governance Risk and Compliance Any other solutions?

SCAN DATA -Incident Response Import into org SIEM or incident correlation tool

SCAN REPORTING -Executive reports on important issues -Report on Org specified critical findings -Organizational severity scoring

SCAN REPORTING -Organizational severity scoring

SCAN REPORTING -Java JRE vuln – RCE -Base Score = 9.3 -Temporal Score = 7.7 -Final Score = ?

SCAN REPORTING -Java JRE vuln – RCE -Base Score = 9.3 -Temporal Score = 7.7 -Final Score = ?

SCAN REPORTING

-Default Credentials -Exploitable Vulns -Malware identification vulns -Indicators of Compromise -Configuration Auditing -More?

CALL TO ACTION -Do work! -Improve scanning -Improve Patch Mgt -Integrate -Consolidate data -Customize to org needs -Work as a team ( Security, Sys Admin, Devs, Operations, etc)

QUESTIONS?