1. The Deep Technical Audit: How to Identify and Mitigate Risks Presented in Other Sessions David J. Goldman Joseph Nocera

2. David J. Goldman Joseph Nocera Overview Background Windows Security Vulnerabilities Dealing with Security The Role of the Audit Maintaining a Secure Environment

3. David J. Goldman Joseph Nocera Background Why this conference exists Windows Security Overview Internal Security Management

4. David J. Goldman Joseph Nocera Windows Security Vulnerabilities Loss of Confidentiality, Integrity, Accessibility Denial of Service Enticement Information Undesired Access Inability to recover from breach Inability to prosecute

5. David J. Goldman Joseph Nocera Windows Security Vulnerabilities Areas of Concern Unneeded Services Incorrect System Configuration Improper Access Control Lists Buffer Overflows Other Code Vulnerabilities Known vs. Unknown

6. David J. Goldman Joseph Nocera Unneeded Services Services Simple TCP/IP Services FTP, WWW, SMTP, NNTP Telnet Terminal Services, Other Remote Access (pcAnywhere, ControlIT, etc) “R” Services (rsh, rcmd, rexec, etc.) Devices Sniffers NFS Key Loggers

7. David J. Goldman Joseph Nocera Incorrect System Configuration Service Packs/Hotfixes Group Membership Registry Values Shares User Rights User Settings

8. David J. Goldman Joseph Nocera Improper Access Control Lists Shares Registry Keys Directories Other Securable Objects System Resources  Printers, Services, Tasks, etc. Active Directory Objects  OUs, GPOs, etc.

9. David J. Goldman Joseph Nocera Buffer Overflows Core Operating System Components Internet Information Server (IIS) SQL Server Third-Party Applications

10. David J. Goldman Joseph Nocera Other Code Vulnerabilities Core Operating System Components Third-Party Applications Custom Developed Applications Web Pages and Internet Applications

11. David J. Goldman Joseph Nocera Dealing With Security Overall Security Architecture Risk Assessment Data Classification Audit the Environment Security Design/Implementation Plan Monitor and Control

12. David J. Goldman Joseph Nocera The Role of the Audit Determine Vulnerable Areas Obtain Specific Security Information Allow for Remediation Check for Compliance Ensure Ongoing Security

13. David J. Goldman Joseph Nocera Security Audit Components The “Fab Five” User Resource System Network Auditing, Logging, and Monitoring

14. David J. Goldman Joseph Nocera User Security Components User Account Properties Account Policy User Rights Groups Configuration Issues Passwords – Complexity/Aging/Uniqueness Disabled/Locked Accts Wkstn Restrictions 4 Logon Types Sensitive User Rights Privileged Group Membership

15. David J. Goldman Joseph Nocera Resource Security Components File Systems File, Folder, and Object Security Shares Configuration Issues NTFS vs. FAT, EFS DACLs/SACLs – reg, files/folders, printers, services Shares – who needs read/change/full

16. David J. Goldman Joseph Nocera Resource Security Cont. Critical Resources %systemroot% (repair, config, LogFiles) %systemroot%\*.exe \Program Files Inetpub, Inetsrv, IIS data directories

17. David J. Goldman Joseph Nocera System Security Components Registry Services Configuration Issues Access Paths - Winreg/AllowedPaths Reg Permissions - Run, RunOnce, AeDebug Reg Values – Restrictanonymous Crashdump/Clearpagefile, lmcompatibility Installed Services Service Context – System vs. User

18. David J. Goldman Joseph Nocera Network Security Components Domains and Trusts Protocols Internet Information Server (IIS) Configuration Issues Relationships – appropriate access What is needed – TCP/IP, NetBIOS, NWLink IIS – WWW, FTP, SMTP, NNTP

19. David J. Goldman Joseph Nocera Auditing, Logging, and Monitoring Components Audit Policies Event Logs Network Alerts Performance Monitor Configuration Issues System Events Files and Directories Registry Log Settings

20. David J. Goldman Joseph Nocera Maintaining a Secure Environment Methodology Tools Implementation Scripts

21. David J. Goldman Joseph Nocera Security Methodologies Assess Design Implement Operate/Maintain

22. David J. Goldman Joseph Nocera Tools Assessment Security Configuration Manager DumpSec and DumpReg Custom scripts (Visual Basic Scripting) Implemenetation Security Configuration Manager Resource Kit Utilities Custom Scripts  VB Script, Command Shell, other scripting languages

23. David J. Goldman Joseph Nocera Scripts and Examples DEMO

24. David J. Goldman Joseph Nocera Conclusion Holistic Approach to Security Detailed plan Ongoing Process David Goldman: 646-471-5682 david.goldman@us.pwcglobal.com Joseph Nocera: 312-298-2745 joseph.nocera@us.pwcglobal.com