10 Deadly Sins of Administrators
 in regards to Windows Security
                                        Paula Januszkiewicz
                       CQURE: IT Security Auditor, MVP, MCT
                             http://blogs.technet.com/plwit/
                                                                   paula@cqure.pl



    Premium conference on Microsoft’s Dev and ITPro technologies      @itcampro / #itcampro
IT Camp 2011
• Thanks for coming!
• ITCamp is made possible by our sponsors:




      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
MVP-Press Training Course

Planning, Deploying and Managing
Microsoft Forefront Threat Management
Gateway 2010

Available for online purchase:
http://www.mvp-press.com




Follow us on:
   http://facebook.com/MVPpress
   http://twitter.com/MVPpress



           Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Agenda
Intruduction                                                       Summary




1                                 2                            3


                                      Top 10 Sins: From bottom to top



Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
2




Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
9. Insecure Internet Browsing




   Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Insecure Internet Browsing / Publishing Data

DEMO


       Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
8. Lack of updates
     Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
7. Lack of Encryption




    Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
SMB vs. IPSec

DEMO


       Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
6. WYSI (NOT) WYG
  Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Explorer.exe Misinterpretation, BackupRead/ BackupWrite

DEMO


       Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
5. Network Monitoring
 Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Evil WebSite, Files over DNS, Files over ICMP

DEMO


       Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
4. Pirated Software
Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Malware

DEMO


      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
3. Lack of Backup Mechanisms




     Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
MoveFileEx

DEMO


      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
2. Lack of Training
Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Image Hijacks

DEMO


       Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
1. Lack

                                     of

           Documentation

Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
PowerShell, Autoruns

DEMO


       Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Top 10 List
Life without passwords…
10. Weak Passwords
9. Insecure Internet Browsing
8. Lack of Regular Updates
7. Lack of Encryption
6. WUSI (NOT) WUG
5. Lack of Network Monitoring
4. Using Pirated Software
3. Lack of Backup Mechanisms
2. Lack of Training
1. Lack of Documentation
Summary
      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Be Proactive!
• Infrastructure must be well documented
• Split and rotate tasks between admins
• Use the legal code

• Perform periodical checks
  –   Autoruns
  –   Kernel Level Files
  –   Network Traffic
  –   Processes


         Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Network Layers (In) Security
• http://northamerica.msteched.com/topic
  /details/SIM314?fbid=cCOEzy8IHuN




     Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Q&A


  Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Don’t forget!
Get your free Azure pass!                            We want your feedback!

• 30+15 days, no CC req’d                        • Win a WP7 smartphone
   – http://bit.ly/ITCAMP11                             – Fill in your feedback forms
   – Promo code: ITCAMP11                               – Raffle: end of the day




        Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro

ITCamp 2011 - Paula Januszkiewicz - 10 deadly sins of Windows Administrators

  • 1.
    10 Deadly Sinsof Administrators in regards to Windows Security Paula Januszkiewicz CQURE: IT Security Auditor, MVP, MCT http://blogs.technet.com/plwit/ paula@cqure.pl Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 2.
    IT Camp 2011 •Thanks for coming! • ITCamp is made possible by our sponsors: Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 3.
    MVP-Press Training Course Planning,Deploying and Managing Microsoft Forefront Threat Management Gateway 2010 Available for online purchase: http://www.mvp-press.com Follow us on: http://facebook.com/MVPpress http://twitter.com/MVPpress Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 4.
    Agenda Intruduction Summary 1 2 3 Top 10 Sins: From bottom to top Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 5.
    Premium conference onMicrosoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 6.
    2 Premium conference onMicrosoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 7.
    9. Insecure InternetBrowsing Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 8.
    Insecure Internet Browsing/ Publishing Data DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 9.
    8. Lack ofupdates Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 10.
    7. Lack ofEncryption Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 11.
    SMB vs. IPSec DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 12.
    6. WYSI (NOT)WYG Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 13.
    Explorer.exe Misinterpretation, BackupRead/BackupWrite DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 14.
    5. Network Monitoring Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 15.
    Evil WebSite, Filesover DNS, Files over ICMP DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 16.
    4. Pirated Software Premiumconference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 17.
    Malware DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 18.
    3. Lack ofBackup Mechanisms Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 19.
    Premium conference onMicrosoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 20.
    MoveFileEx DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 21.
    2. Lack ofTraining Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 22.
    Image Hijacks DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 23.
    1. Lack of Documentation Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 24.
    PowerShell, Autoruns DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 25.
    Top 10 List Lifewithout passwords… 10. Weak Passwords 9. Insecure Internet Browsing 8. Lack of Regular Updates 7. Lack of Encryption 6. WUSI (NOT) WUG 5. Lack of Network Monitoring 4. Using Pirated Software 3. Lack of Backup Mechanisms 2. Lack of Training 1. Lack of Documentation Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 26.
    Be Proactive! • Infrastructuremust be well documented • Split and rotate tasks between admins • Use the legal code • Perform periodical checks – Autoruns – Kernel Level Files – Network Traffic – Processes Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 27.
    Network Layers (In)Security • http://northamerica.msteched.com/topic /details/SIM314?fbid=cCOEzy8IHuN Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 28.
    Q&A Premiumconference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 29.
    Don’t forget! Get yourfree Azure pass! We want your feedback! • 30+15 days, no CC req’d • Win a WP7 smartphone – http://bit.ly/ITCAMP11 – Fill in your feedback forms – Promo code: ITCAMP11 – Raffle: end of the day Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro