Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leading Controls and Tools: Small Teams who can do more with little or no budget Jeremy Mio – Security and Research Manager.

Published byAlexina Barnett Modified over 6 years ago

Similar presentations

Presentation on theme: "Leading Controls and Tools: Small Teams who can do more with little or no budget Jeremy Mio – Security and Research Manager."— Presentation transcript:

1 Leading Controls and Tools: Small Teams who can do more with little or no budget
Jeremy Mio – Security and Research Manager

2 Agenda: Hygiene / Controls Tools Examples Q&A

3

4

5 Controls & Resources NIST Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) - consists of standards, guidelines, and practices to promote the protection of critical infrastructure. NIST’s Security Content Automation Protocol (SCAP) - a suite of standard, interoperable specifications for SCAP-capable tools to automate cyber security assessments, including the first five recommended actions of the Cyber Hygiene Campaign. CIS Benchmarks and Configuration Assessment Tool (CIS-CAT) - more than 80 consensus-based, industry recognized security benchmarks for the most commonly used technologies are available, along with the SCAP-implementable CIS-CAT to help assess security posture in an automated way. CIS Top 20 Critical Controls - a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. Australian Government Department of Defense Strategies to Mitigate Targeted Cyber Intrusions - a list of strategies to mitigate targeted cyber intrusions.

6 CIS Top 5 Critical Controls

7 Free and Painful Trial vulnerability scanner… many for ad-hoc scanning
Best practice GPO: Microsoft Baseline Security Analyzer: Tripwire SecureCheq™: Qualys BrowserCheck: KnowBe4 RanSim: KnowBe4 Phish Alert Button: AFAP Domain Admins Limit!!!! Software inventory: Microsoft Software Inventory Analyzer tool

8 NMAP + NDIFF… What is that?
NMAP is you friend nmap -T4 -v -oA myshares –script smb-enum-shares –script-args smbuser=MyUserHere,smbpass=MyPassHere -p && cat myshares.nmap|grep ‘|\|192’|awk ‘/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ { line=$0 } /\|/ { $0 = line $0}1’|grep \||grep -v -E ‘(smb-enum-shares|access: <none>|ADMIN\$|C\$|IPC\$|U\$|access: READ)’|awk ‘{ sub(/Nmap scan report for /, “”); print }’ >> sharelist.txt NMAP + NDIFF… What is that?

9 Other Free and Painful Tips
Disable telnet or alert on use! Lock down logins over https! Don’t store plain text passwords: KeePass on file share shutdown ports that are unused, & setup port security Bitlocker/encryption Network device config backups SSH… user ssh keys!! Patch, Patch, Patch!!

10 SSL vs TLS Disable old/all SSL!!
33% of all HTTPS servers are vulnerable Switch to TLS Heartbleed, DROWN, POODLE, FREAK g+off+SSLv3+for+various+servers+and+client/18837

11 Servers with Desktop Software
Remove the software!!! Do you need to browse the web, read pdf documents, and run flash videos from servers!? Log all the logins from servers… including successful! Check iLo settings/passwords

12 Don’t Forget your printers

13 NetDisco Netbox:

14 Free & not completely easy
Start to purple team: SANS Training User Education: Resources, team up! Diff. local admin passwords: LAPS Least privileges: Practice it! App Whitelisting: AppLocker Canary in the coal mine: Honeypots!!! Egress Filtering: Squid Proxy and others

15 IR: Tool of Tools Katana USB Kit External Storage MiFi
Documentation!!!! Playbooks?... What are thoughts? SANS + MS-ISAC Resources!

16 Show me the $$$ Do we have a budget yet? Real vuln scanner
SIEM/IDS/IPS: AlienVault + MS-ISAC Albert Professional pen test (not security assessment) DHS 2FA Advanced buzzword devices

17 Organize IPAM Password safe Incident Response tabletops and drills
MS-ISAC workgroups Software Inventory and Standards

18 Shodan.io County US: 800 FTP: 163 Telnet: 133

19 Extras Start early on http://osintframework.com/ Books:

20 List of available resources:

21 Questions Contact: Jeremy Mio jmio@cuyahogacounty.us 216.698.2542
Cyber Support Inquires: Register to the mailing list at:

Download ppt "Leading Controls and Tools: Small Teams who can do more with little or no budget Jeremy Mio – Security and Research Manager."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.

Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Securing Windows Internet Servers 23.org / Covert Systems Jon Miller Senior Security Engineer Covert Systems, Inc.

Securing Windows Internet Servers 23.org / Covert Systems Jon Miller Senior Security Engineer Covert Systems, Inc.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,
OPSEC Awareness Briefing Multi-Function Printer (MFP) Security.

OPSEC Awareness Briefing Multi-Function Printer (MFP) Security.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential Document.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Confidential Document.
IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples.

IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples.
EEye Digital Security  1.866.339.3732   On the Frontline of the Threat Landscape: Simple configuration goes a long way.

EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.

Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
IT Security – Scanning / Vulnerability Assessment David Geick State of Connecticut IT Security.

IT Security – Scanning / Vulnerability Assessment David Geick State of Connecticut IT Security.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam

ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam

Similar presentations

Ads by Google