Presentation is loading. Please wait.

Presentation is loading. Please wait.

10 Deadly Sins of Administrators about Windows Security Paula Januszkiewicz Penetration Tester, MVP: Enterprise Security, MCT iDesign - CQURE:

Published byRosamund McDonald Modified over 9 years ago

Similar presentations

Presentation on theme: "10 Deadly Sins of Administrators about Windows Security Paula Januszkiewicz Penetration Tester, MVP: Enterprise Security, MCT iDesign - CQURE:"— Presentation transcript:

1 10 Deadly Sins of Administrators about Windows Security Paula Januszkiewicz Penetration Tester, MVP: Enterprise Security, MCT iDesign - CQURE: paula@idesign.net SIA300

2 1 IntroductionSummary Top 10 Sins 23

3

4 1 IntroductionSummary 23 Top 10 Sins

5 (s) Sin 10: Misunderstanding

6 Will you share your passwords with others? We do this every day! How do services store passwords? Passwords are often similar to your other passwords At least one of them can be easily accessed by the administrator of the service Be prepared for password loss and service recovery

7 demo Passwords Never Sleep

8 I will get your pendrive anyway… Sin 9: Ignoring Offline Access

9 Offline access allows someone to bypass a system’s security mechanisms Useful in critical situations Almost every object that contains information can be read offline It is a minimal privilege for the person with good intentions It is a maximum privilege for… everybody else Simplified offline access is acceptable if you do not value your information

10 demo Sophisticated Offline Access

11 Sin 8: Incorrect Access Control

12

13 demo (Lack of) Permissions in the Operating System

14 Sin 7: Using Old Technology

15 Hacker’s role here is very valuable It is hard to be up to date with technology But some of the antiques like NT4.0 should be thrown on the scrap heap! Perform periodic revisions Even old technology requires updates Sometimes it is not possible (f.e. LNK vulnerability in W2K)

16 demo Old Technology a Little Bit Too… Old

17 Sin 6: Encryption… What is encryption?

18 Data Encryption Protects from offline access – stolen laptops, tapes Transmission Encryption Protects from outsiders testing the network sockets HTTPS – Man-In-The-Middle Encryption is problematic for users Let’s use the lower layer encryption (BitLocker, IPSec) New Security Motto: Encrypt when you can!

19 demo Easy and Useful Encryption

20 Sin 5: Installing Pirated Software

21 Installation of software is performed on the administrative account Malformed installation files are not necessary recognized by antivirus software UAC is not the protection method as everybody is used to giving Installer high privileges Keep your toolbox up to date and keep the checksums in a different place

22 No… 20 of 20 IT admins said: Do you check for the file’s signatures before installation?

23 Do you perform periodic security checks of your folder with installation files? No? 18 of 20 IT admins said:

24 demo Malware Around the Corner

25 Sin 4: Lack of Network Monitoring

26 Violation of the one well known rule: Do not allow traffic that you do not know Most of the protocols have space for data Why not put the sensitive information there and send it out? Malicious traffic can be easily connected to the process It can happen once a month You need context based tools: Network Monitor, Network Miner etc.

27 demo Monitoring Network Traffic

28 Sin 3: What You See Is NOT What You Get

29 Explorer.exe is owned by user Lack of the NTFS permissions does not mean that somebody cannot access the file Troubleshooting after the injection is difficult Rootkits influence the operating system behavior Conclusion: Always have at least two methods of troubleshooting the same issue

30 demo Blinded Operating System

31 Sin 2: Too Much Trust In People

32 The cheapest and most effective attacks are often nontechnical People tend to take shortcuts It is hard to control their intentions They should not be a part of a security chain Monitor them… and show that you’re doing itPerform periodical audits of your infrastructure

33 demo User Becomes Evil

34 Sin 1: Lack of Documentation

35 Is this really the admin’s sin?The negative side of this sin is that you need to trust people Most companies are not prepared for the IT Staff going on a… vacation Set up the rules before creating the solutions

36 1 IntroductionSummary 23 Top 10 Sins

37 Sin 10: Misunderstanding PasswordsSin 5: Installing Pirated SoftwareSin 9: Ignoring Offline AccessSin 4: Lack of Network MonitoringSin 8: Incorrect Access ControlSin 3: What You See is NOT What You GetSin 7: Using Old TechnologySin 2: Too Much Trust in PeopleSin 6: Encryption… What is encryption?Sin 1: Lack of Documentation & Training

38 Split and rotate tasks between admins Eliminate at least one of the sins in your organization Periodically attend trainings and organize them Audit your environmentUse the legal code Source: Heard.TypePad.com

39 www.microsoft.com/twc www.microsoft.com/security www.microsoft.com/privacy www.microsoft.com/reliability

40 Connect. Share. Discuss. http://northamerica.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

41 Required Slide Complete an evaluation on CommNet and enter to win!

42 Scan the Tag to evaluate this session now on myTechEd Mobile

43

44

Download ppt "10 Deadly Sins of Administrators about Windows Security Paula Januszkiewicz Penetration Tester, MVP: Enterprise Security, MCT iDesign - CQURE:"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
What's New in Microsoft Deployment Toolkit 2012 Michael Niehaus Senior Program Manager Microsoft Corporation.

What's New in Microsoft Deployment Toolkit 2012 Michael Niehaus Senior Program Manager Microsoft Corporation.
Windows Intune: Cloud Based PC Management (Technical Overview) Elias Mereb Erdal Ozkaya MVP – Windows Expert-IT Pro WideTech Consulting FastLane – AP.

Windows Intune: Cloud Based PC Management (Technical Overview) Elias Mereb Erdal Ozkaya MVP – Windows Expert-IT Pro WideTech Consulting FastLane – AP.
Sysinternals Primer: Gems Aaron Margosis Principal Consultant Microsoft Corporation SIA311.

Sysinternals Primer: Gems Aaron Margosis Principal Consultant Microsoft Corporation SIA311.
Customizing the User State Migration Tool Michael Niehaus Senior Program Manager Microsoft Corporation WCL322.

Customizing the User State Migration Tool Michael Niehaus Senior Program Manager Microsoft Corporation WCL322.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Paula Januszkiewicz IT Security Auditor, MVP, MCT ISCG Session Code: SIA308.

Paula Januszkiewicz IT Security Auditor, MVP, MCT ISCG Session Code: SIA308.
The Busy Developer’s Guide to Virtualization Brian A. Randell Senior Consultant MCW Technologies AAP301.

The Busy Developer’s Guide to Virtualization Brian A. Randell Senior Consultant MCW Technologies AAP301.
Delivering KPIs with Microsoft SQL Server Analysis Services

Delivering KPIs with Microsoft SQL Server Analysis Services
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Getting Exchange and SharePoint to Play Together J. Peter Bruzzese Exchange MVP, MCSE, MCT Exchange/SharePoint Administration Instructor for TrainSignal.

Getting Exchange and SharePoint to Play Together J. Peter Bruzzese Exchange MVP, MCSE, MCT Exchange/SharePoint Administration Instructor for TrainSignal.
App Compat for Nerds: Understanding, Troubleshooting, and Fixing Busted Apps chris jackson principal consultant microsoft corporation WCL402.

App Compat for Nerds: Understanding, Troubleshooting, and Fixing Busted Apps chris jackson principal consultant microsoft corporation WCL402.
Optimizing Microsoft SQL Server Analysis Services for Big Data Adam Jorgensen Microsoft Corporation.

Optimizing Microsoft SQL Server Analysis Services for Big Data Adam Jorgensen Microsoft Corporation.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.

Similar presentations

Ads by Google