Presentation is loading. Please wait.

Presentation is loading. Please wait.

WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY.

Published byBrianne Arrow Modified over 10 years ago

Similar presentations

Presentation on theme: "WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY."— Presentation transcript:

1 WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY

2 $WHOAMI Network Security for Dept of VA Father/Husband Fan of Futbol (Viva Mexico!) Fan of Martial Arts Brazilian JiuJitsu

3 $WHOAMI

4

5

6

7 WHAT IS A PENTEST? Recon Pwnage Pillage Loot Report

8 WHAT IS A PENTEST? http://www.pentest-standard.org/ http://www.sans.org/reading_room/whitepapers/bestprac/writ ing-penetration-testing-report_33343 http://www.offensive-security.com/offsec/sample-penetration- test-report/

9 WHAT IS A PENTEST?

10

11

12 INJUSTICIA!

13 PROBANDO BOLIGRAFOS - How to Not get a good pentest? http://blog.pentesterlab.com/2012/12/how-not-to-get-good-pentest.html -Marcus Ranum – The only favorable or useful outcome of a pentest is the worst one. http://www.ranum.com/security/computer_security/editorials/point- counterpoint/pentesting.html

14 PWNING NOOBS -Cons and breaking stuff tracks/talks -Social Media: If you break stuff, talk about how to fix it. -Reporting is Seriously lacking

15 PENTESTING

16 PENTESTING – MI MUJER ME PEGA Why dont you find their weaknesses and then help them fix it?

17 VULNERABILITY ASSESSMENT

18

19 -Scan, how? Inside, external, credentials, ips, firewalls -Agent based vs passive vs active -Results integration -Results reporting -Team player

20 SCAN HOW? -Scanner Location -inside Network, outside network -Denial of service -Nmap

21 SCAN HOW? -Exclusions for Scanners -White box vs. Black box -Firewalls, IPS

22 SCAN HOW? -Credentials -Windows Desktops and Servers -Linux/Unix servers with SSH account/keys -SNMP strings -Cisco/Networking SSH credentials -Be careful with credentials: Dave/Immunity, Ron/Tenable, Qualys, more. -https://lists.immunityinc.com/pipermail/dailydave/2013- February/000334.htmlhttps://lists.immunityinc.com/pipermail/dailydave/2013- February/000334.html

23 CREDENTIALS? -Risks -Capture credentials -Use ssh keys -Never send clear text credentials -Secure your scanner applications -Passive Vulnerability (span port)

24 SCAN HOW? -Remember HD Moores Law Casual attacker power grows at the rate of Metaspoit. -Joshua Corman

25 SCAN HOW?

26 AGENT VS ACTIVE SCANNING -Agent Pros -Near real time -No network traffic -No outages caused by scans -Agent Cons -May not be installed -May not be possible to install -Some vulns cannot be found

27 VULN ASSESSMENT AND PATCH MGT

28

29

30 VULN SCANNING DOING IT RIGHT Internal Scans Credentialed Scans – Linux, Windows, Network devices Vendor provided exploit availabilities and frameworks Coordinate HIPS/NIPS, Firewall exclusions

31 SCAN DATA INTEGRATION Integrate with Org CMDB SA information Satellite Server SCCM WSUS BigFix

32 SCAN DATA INTEGRATION Integrate with Org CMDB

33 SCAN DATA INTEGRATION Sys Admin information SA POC information (part of cmdb) Sys Admin deemed important information Manual updates from Sys Admins

34 SCAN DATA INTEGRATION Satellite Server SCCM WSUS BigFix/Tivoli Endpoing Manager(TEM) Red Hat patch info integration Compare with Scan info

35 SCAN DATA INTEGRATION Where Does all this data go? Access DB Custom App with DB backend Excel Spreadsheet GRC – Governance Risk and Compliance Any other solutions?

36 SCAN DATA -Incident Response Import into org SIEM or incident correlation tool

37 SCAN REPORTING -Executive reports on important issues -Report on Org specified critical findings -Organizational severity scoring

38 SCAN REPORTING -Organizational severity scoring

39 SCAN REPORTING -Java JRE vuln – RCE -Base Score = 9.3 -Temporal Score = 7.7 -Final Score = ?

40 SCAN REPORTING -Java JRE vuln – RCE -Base Score = 9.3 -Temporal Score = 7.7 -Final Score = ?

41 SCAN REPORTING

42 -Default Credentials -Exploitable Vulns -Malware identification vulns -Indicators of Compromise -Configuration Auditing -More?

43 CALL TO ACTION -Do work! -Improve scanning -Improve Patch Mgt -Integrate -Consolidate data -Customize to org needs -Work as a team ( Security, Sys Admin, Devs, Operations, etc)

44 QUESTIONS?

45

46

Download ppt "WHEN A VULNERABILITY ASSESSMENT > PENTEST THE ANOMALY."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
So You Think Your Domain Controller Is Secure?

So You Think Your Domain Controller Is Secure?
Using PI to Aggregate & Correlate Security Events to Detect Cyber Attacks Dale Peterson Digital Bond, Inc.

Using PI to Aggregate & Correlate Security Events to Detect Cyber Attacks Dale Peterson Digital Bond, Inc.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
Web Vulnerability Assessments

Web Vulnerability Assessments
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Vulnerability Assessments with Nessus 3 Columbia Area LUG January 10 2007.

Vulnerability Assessments with Nessus 3 Columbia Area LUG January
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.

1 GFI LANguard Network Security Scanner. 2 Contents Introduction Features Source & Installation Testing environment Results Conclusion.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Vulnerability Types And How to Use Them.

Vulnerability Types And How to Use Them.
Appliance Firewalls A Technology Review By: Brent Huston T h e B l a c k H a t B r i e f i n g s July 7-8, 1999 Las Vegas.

Appliance Firewalls A Technology Review By: Brent Huston T h e B l a c k H a t B r i e f i n g s July 7-8, 1999 Las Vegas.
The Business of Penetration Testing

The Business of Penetration Testing

Similar presentations

Ads by Google