goltsev yuriy - Ломать - не строить!
TRANSCRIPT
Ломать - не строить!Юрий Гольцев
@ygoltsev
Intro
Invest in your knowledge of practical information security
Please, don’t order a penetration test until…
My own TOP of security issues, related to internal networks:1. Weak password policy2. Default accounts3. Local accounts/unnecessary privileges4. Windows architecture5. WPAD configuration mismatch6. Antivirus software configuration mismatch7. No network segmentation8. No patch management
Weak password policy
DescriptionEasy to bruteforce
Common TargetsDirectory Service (Active Directory/Lotus Domino/LDAP/Novell/etc)
RecommendationsImplement strong password policy, just follow next rules:- 8 chars (at least)-Lower, upper case-Alpha-Numeric
Check for common passwords once a day (at least)
- Special chars- Change every 60 days
Default accounts
DescriptionEasy to bruteforce
Common TargetsDBs, network devices (routers/printers/etc)
Recommendations-Disable all unused accounts-Set strong password
Local accounts/unnecessary privileges
DescriptionLocal administrator accounts/privileges – is bad
Common TargetsWindows hosts
Recommendations-Disable accounts of local administrators on Windows hosts-Do not use GP to manage accounts of local administrators on Windows hosts
Windows architecture
DescriptionYou can’t prevent it, if you use it
Common TargetsWindows hosts
Recommendations-Follow principle of minimal privileges-Use privileged accounts for administration tasks only-Implement two factor authentication for privileged accounts-Implement patch management
WPAD configuration mismatch
DescriptionVery useful for corporate users if implemented, and for attacker – if not
Common TargetsWindows hosts
RecommendationsDisable WPAD (Web Proxy Auto Discovery) feature if it is not implemented
Antivirus software configuration mismatch
DescriptionAntivirus software can be disable with local admin privileges
Common TargetsWindows hosts
RecommendationsConfigure self defense feature of antivirus software
No network segmentation
DescriptionNo restrictions and no data filtration on network level
Common TargetsNetwork topology
RecommendationsImplement data filtration – it is better to use white lists for access
No patch management
DescriptionMS08-067 still can be found during penetration test
Common TargetsWindows/Unix hosts
RecommendationsImplement patch management
Outro