How to (Not) Get HackedSix SMB Suggestions to Ensure your Network SecurityNever Gets BreachedSponsored by GFI Software<br ...
Props to the Hackers<br />
Props to the Hackers<br />While the end result of their activities isn’t terrifically beneficial to the SMB network...<br ...
Early Hacking Attempts<br />In Windows’ early days, hacking attempts were relatively easy to spot.<br />Malware processes ...
Early Hacking Attempts<br />Malware was (and continues to be) a common threat<br />But back then, it was easy to find in t...
More Modern Trickery<br />Today’s hacking efforts have reached a level of sophistication where its identification can no l...
More Modern Trickery<br />Today’s hacking efforts have reached a level of sophistication where its identification can no l...
File Patching / Process Infection<br />
Process Resuscitation<br />
Code Polymorphism<br />
Rootkit and Cloaking Behaviors<br />
Rootkit and Cloaking Behaviors<br />
Thanks, Greg.  I know the Problems.What are the Solutions?<br />
Thanks, Greg.  I know the Problems.What are the Solutions?<br />Not getting hacked today requires a layered approach to pr...
Six SMB Suggestions<br />And yet solutions only get you so far.<br />The best firewall in the world does no good if its no...
Suggestion #1Computers Missing Updates are your Biggest Security Hole<br />
Suggestion #1Computers Missing Updates are your Biggest Security Hole<br />Vulnerabilities are by nature information in th...
Suggestion #2A Reliance on WSUS Alone is a Losing Security Strategy<br />…and don’t get me wrong, I like WSUS.<br />
Suggestion #2A Reliance on WSUS Alone is a Losing Security Strategy<br />…and don’t get me wrong, I like WSUS.<br />WSUS i...
Suggestion #3A Reliance on Patching Alone is also a Losing Security Strategy<br />
Suggestion #3A Reliance on Patching Alone is also a Losing Security Strategy<br />Your patch compliance statistics are an ...
Suggestion #3A Reliance on Patching Alone is also a Losing Security Strategy<br />Your patch compliance statistics are an ...
Suggestion #4Unanticipated Hardware and Software Create Unanticipated Problems<br />
Suggestion #4Unanticipated Hardware and Software Create Unanticipated Problems<br />The slightly less politically correct ...
Suggestion #4Unanticipated Hardware and Software Create Unanticipated Problems<br />Stan, Jane, Dan, and Michele are secur...
Suggestion #5Every IT Shop Must Embrace Application Automation<br />
Suggestion #5Every IT Shop Must Embrace Application Automation<br />SMB IT Pros are honestly the biggest problems here.<br...
Suggestion #5Every IT Shop Must Embrace Application Automation<br />SMB IT Pros are honestly the biggest problems here.<br...
Suggestion #6The Single-Solution Approach Best Fits the Need for Hack-Proof-Ed-Ness<br />
Suggestion #6The Single-Solution Approach Best Fits the Need for Hack-Proof-Ed-Ness<br /><ul><li>Unifying these activities...
Update Management
Vulnerability Assessment
Network and Software Auditing / Inventory
Change Management
Risk Analysis and Compliance Verification
…because if you get hacked, figuring outwhat happened is exactly what you’ll need.</li></li></ul><li>How to (Not) Get Hack...
GFI LanGuard™by Gill LangstonManager, Sales Engineer Group<br />
Offices located around the globe: USA (North Carolina, California & Florida), UK (London & Dundee), Australia, Austria, Ro...
Users with the average software portfolio installed on their PCs will need to master around 14 different update mechanisms...
The solution?<br />
How does GFI LanGuard work?<br />Deploy Agents<br />Scan<br />(agent-less)<br />Analyze<br />Install<br />Remediate<br />
Security<br />Have a complete network security overview<br />Remediate security issues<br />Reduce the risks of data theft...
Top features – Patch management<br />Fix vulnerabilities before they are exploited by malicious software or people<br />On...
Vulnerability assessment<br />Software vulnerabilities are the main gates for malware and hackers to enter your network<br...
Assets inventory<br />Unmanaged/forgotten machines are a security risk<br />Find the devices you were not aware of:<br />S...
Upcoming SlideShare
Loading in …5
×

Prevent Getting Hacked by Using a Network Vulnerability Scanner

3,670 views

Published on

How to (Not) Get Hacked - A Webinar by Greg Shields that discusses how activities such as Network Scanning, Vulnerability Scanning and Patch Management can ensure that your Network Security never gets breached.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,670
On SlideShare
0
From Embeds
0
Number of Embeds
20
Actions
Shares
0
Downloads
57
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Install: Takes only few minutes to be up and running Works either agentless or optionally agents can be deployed for better performance and scalabilityScan: Find vulnerabilities, missing patches, open ports, services, hardware &amp; software, etc.Analyze: Powerful, interactive dashboard-Vulnerability level assigned to each computerReports, results filtering, network changes historyCheck external referencesRemediate: Deploy missing updates, uninstall applications, deploy custom scripts, open remote desktop connections, etc.Scan again: Start a new cycle because vulnerability and patch definitions are continuously updated from GFI servers to report and remediate latest threats
  • Security: Complete overview of network security status: vulnerability assessment, patch management, network &amp; software auditNot just detects security issues, but also assists with remediationImproved security means reduced risks of data theft and data lossProductivity: Less downtimes - the company can concentrate on the core businessReduce the number of hours network &amp; system administrators need to spend on vulnerability &amp; patch managementManual vulnerability and patch management is slow and error proneCompliance: Prove your network is secure: when reporting to superiors or when compliance must be achieved-Failure to comply to different regulations can lead to missing business opportunities or even legal penalties
  • - GFI LanGuard helps fixing vulnerabilities before they get discovered and exploited by malicious software or people.- Support for all security updates released by Microsoft: all operating systems, all applications and all languages.Additionally it supports various popular non-Microsoft applications, highly targeted by hackers (i.e. Adobe Reader, Adobe Acrobat, Adobe Flash Player, Apple Quick Time, Java Runtime Environment, etc.). It automates patching for all major web browsers running on Windows platform: Internet Explorer, Mozilla Firefox, Google Chrome, Opera and Apple Safari. Web browsers are the number one source of vulnerabilities among third party applications.Sometimes patches can interfere with business environment and GFI LanGuard can help in these situations too by providing support to rollback installed patches.Even more: GFI LanGuard can deploy network wide any custom software or script that can run silently.
  • Software security vulnerabilities are the most important way viruses and other malware are using to get into your network.GFI LANguard helps to find out how exposed you are by performing over 45,000 checks against operating system and installed applications for security flaws and miss configurations using sources like OVAL, CVE, Top 20 SANS, Microsoft Security Bulletins, National Vulnerability Database.Vulnerability scanning engine offers the capability to perform multi-platform scans (Windows, Mac OS, Linux) across all environments including virtual machines.Easily create custom vulnerability checks through simple wizard-assisted set-up screens. This is very powerful and offers endless possibilities as scripting is supported (VBS, Python)
  • Unmanaged/forgotten machines have their security outdated; they are good entry points in your network for hackers and malware.GFI LanGuard comes with a powerful network discovery engine able to detect any IP based device, from servers and workstations, to virtual machines and routers, printers, switches, etc.
  • Network and software audit gathers a lot of security sensitive information with the aim to help you get an insight of what is happening in your network. To find about applications and default configurations that poses a security risk.I.e. check what unnecessary services are running; or check what shares with permissions to everyone are available in your network – you might have surprises;GFI LanGuard automates - where possible - the removal of unauthorized applications and integrates with over 1500 security applications like antivirus, antispyware, anti-phishing, firewalls, backup clients, device access control, etc. It reports on their status (i.e. are they up to date? are they enabled?) and actively helps to remediate related issues (i.e. turn antivirus on, trigger definitions update, etc.)The easiest way to maintain your network secure over time is to track security sensitive changes. New applications that are installed, services that are started/stopped are all events that an administrator needs to know about and GFI LanGuard helps with this by giving you a complete history of network changes that are relevant to the security of your network and sending notifications when these occur.
  • GFI LanGuard helps identifying urgent problems by rating security issues and computers vulnerability level. This and the powerful reporting helps you prioritize remediation operations efficiently and prove – if required - your network is secure.The latest version of the product ships with a powerful new dashboard that provides a summary of current network security status and support to drill down for details.Locate instantly the information you are interested in. Full text search support allows searching through LANguard scan results as you would search on the Internet. It is possible to search in current results and scan results history or search only for specific items, such as vulnerabilities or installed software.GFI LanGuard ships with a large number of easy to customize reports that can be scheduled, exported to popular formats like PDF, HTML, XLSX, RTF, and that can be rebranded.GFI LanGuard also comes with PCI DSS dedicated reports
  • Prevent Getting Hacked by Using a Network Vulnerability Scanner

    1. 1. How to (Not) Get HackedSix SMB Suggestions to Ensure your Network SecurityNever Gets BreachedSponsored by GFI Software<br />Greg Shields, MVP, vExpert<br />Senior Partner and Principal Technologist<br />www.ConcentratedTech.com<br />
    2. 2. Props to the Hackers<br />
    3. 3. Props to the Hackers<br />While the end result of their activities isn’t terrifically beneficial to the SMB network...<br />…one can’t ignore their tenacity…<br />…and their dedication…<br />…and their creativity in design.<br />(One also has to wonder about the hours they keep!)<br />Their tenacity, dedication, and creativity is the reason we’re talking today.<br />These people mean business. So should you.<br />
    4. 4. Early Hacking Attempts<br />In Windows’ early days, hacking attempts were relatively easy to spot.<br />Malware processes often executed as Windows processes.<br />A casual browse of Task Manager could find their activity.<br />
    5. 5. Early Hacking Attempts<br />Malware was (and continues to be) a common threat<br />But back then, it was easy to find in the file system.<br />Malware file signatures were often enough to identify and remove. <br />
    6. 6. More Modern Trickery<br />Today’s hacking efforts have reached a level of sophistication where its identification can no longer be seen with the naked eye.<br />
    7. 7. More Modern Trickery<br />Today’s hacking efforts have reached a level of sophistication where its identification can no longer bee seen with the naked eye.<br />Some examples, by no means comprehensive…<br />System file patching and process infection hide activities.<br />Process resuscitation inhibits removal efforts.<br />Code polymorphism beats signature-based tools.<br />Rootkit and cloaking behaviors hide code beneath the file system level.<br />
    8. 8. File Patching / Process Infection<br />
    9. 9. Process Resuscitation<br />
    10. 10. Code Polymorphism<br />
    11. 11. Rootkit and Cloaking Behaviors<br />
    12. 12. Rootkit and Cloaking Behaviors<br />
    13. 13. Thanks, Greg. I know the Problems.What are the Solutions?<br />
    14. 14. Thanks, Greg. I know the Problems.What are the Solutions?<br />Not getting hacked today requires a layered approach to protection.<br />Update Management<br />Vulnerability Assessment<br />Network and Software Auditing / Inventory<br />Change Management<br />Risk Analysis and Compliance Verification<br />Unifying these activities into a single solution goes far into assuring hack-proof-ed-ness.<br />
    15. 15. Six SMB Suggestions<br />And yet solutions only get you so far.<br />The best firewall in the world does no good if its not properly configured.<br />Patches and updates do little if they don’t get installed.<br />A tool remains just a tool until you use it.<br />Thus, I offer:Six Suggestions for Hack-Proofing yourSMB Network<br />
    16. 16. Suggestion #1Computers Missing Updates are your Biggest Security Hole<br />
    17. 17. Suggestion #1Computers Missing Updates are your Biggest Security Hole<br />Vulnerabilities are by nature information in the public domain.<br />Vulnerabilities must be identified and communicated to the world for the world to fix them.<br />Vulnerabilities beget patches/updates.<br />Vulnerabilities also beget exploits.<br />There is a measurable quantity of time between vulnerability announcement and exploit release.<br />
    18. 18. Suggestion #2A Reliance on WSUS Alone is a Losing Security Strategy<br />…and don’t get me wrong, I like WSUS.<br />
    19. 19. Suggestion #2A Reliance on WSUS Alone is a Losing Security Strategy<br />…and don’t get me wrong, I like WSUS.<br />WSUS is by design limited to Microsoft updates only.<br />A very few third-party updates are available, but they’re the exception and not the norm.<br />Raise your hand if your IT shop runs atop exclusively Microsoft software alone. Nothing else.<br />Anyone? Anyone?<br />Non-Microsoft software has updates too…<br />
    20. 20. Suggestion #3A Reliance on Patching Alone is also a Losing Security Strategy<br />
    21. 21. Suggestion #3A Reliance on Patching Alone is also a Losing Security Strategy<br />Your patch compliance statistics are an insidious warm fuzzy.<br />“I’m 99% compliant. I’m protected!”<br />
    22. 22. Suggestion #3A Reliance on Patching Alone is also a Losing Security Strategy<br />Your patch compliance statistics are an insidious warm fuzzy.<br />“I’m 99% compliant. I’m protected!”<br />A holistic protection approach requires patching plus an extra external verification.<br />An external “white hat” solution, the good guys, that positively verify whether each system is indeed protected.<br />Patch compliance statistics can be wrong.<br />
    23. 23. Suggestion #4Unanticipated Hardware and Software Create Unanticipated Problems<br />
    24. 24. Suggestion #4Unanticipated Hardware and Software Create Unanticipated Problems<br />The slightly less politically correct term is “rogue”.Some examples:<br />Stan in Accounting who occasionally brings his personal laptop into work.<br />Jane from Sales who’s been given Administrator rights and now installs whatever software she believes necessary.<br />Dan over with the Marketing team who quietly installed an Apple server “because he prefers Apple”.<br />Michele the CEO whose Android phone is again unpatched and again on the wireless.<br />
    25. 25. Suggestion #4Unanticipated Hardware and Software Create Unanticipated Problems<br />Stan, Jane, Dan, and Michele are security problems.<br />And yet they’re your problems.<br />Automating asset inventory enables you to anticipate the problems this hardware/software will create.<br />Important: This auditing must source from outside the Windows domain scope.<br />“Duh. Nobody installs ‘rogue’ servers into the production domain.”<br />
    26. 26. Suggestion #5Every IT Shop Must Embrace Application Automation<br />
    27. 27. Suggestion #5Every IT Shop Must Embrace Application Automation<br />SMB IT Pros are honestly the biggest problems here.<br />Automating application installation ensures consistent configuration management.<br />Automating script execution creates a single point of deployment, aids in determining “what happened”.<br />Locking down applications via policies ensures a consistent user experience.<br />
    28. 28. Suggestion #5Every IT Shop Must Embrace Application Automation<br />SMB IT Pros are honestly the biggest problems here.<br />Automating application installation ensures consistent configuration management.<br />Automating script execution creates a single point of deployment, aids in determining “what happened”.<br />Locking down applications via policies ensures a consistent user experience.<br />Before You Shoot Me: Admittedly, not all applications make sense for automation. Just most.<br />
    29. 29. Suggestion #6The Single-Solution Approach Best Fits the Need for Hack-Proof-Ed-Ness<br />
    30. 30. Suggestion #6The Single-Solution Approach Best Fits the Need for Hack-Proof-Ed-Ness<br /><ul><li>Unifying these activities beneath a single solution creates a unified database of “what happened”.
    31. 31. Update Management
    32. 32. Vulnerability Assessment
    33. 33. Network and Software Auditing / Inventory
    34. 34. Change Management
    35. 35. Risk Analysis and Compliance Verification
    36. 36. …because if you get hacked, figuring outwhat happened is exactly what you’ll need.</li></li></ul><li>How to (Not) Get HackedSix SMB Suggestions to Ensure your Network SecurityNever Gets Breached<br />Greg Shields, MVP, vExpert<br />Senior Partner and Principal Technologist<br />www.ConcentratedTech.com<br />
    37. 37. GFI LanGuard™by Gill LangstonManager, Sales Engineer Group<br />
    38. 38. Offices located around the globe: USA (North Carolina, California & Florida), UK (London & Dundee), Australia, Austria, Romania, and Malta<br />Hundreds of thousands of installations worldwide<br />Trusted by thousands of companies around the world<br />GFI products are sold by a global network of thousands of partners<br />Corporate overview<br />
    39. 39. Users with the average software portfolio installed on their PCs will need to master around 14 different update mechanisms from individual vendors to update their programs and keep their IT systems protected against vulnerabilities.<br />Secunia Yearly Report 2010 <br />Failure to keep machines patched can lead to security breaches and downtime.<br />Without an automated patching mechanism, manual patching is time-consuming. <br />Failure to comply with compliance regulations such as PCI can result in hefty fines<br />IT pain points<br />
    40. 40. The solution?<br />
    41. 41. How does GFI LanGuard work?<br />Deploy Agents<br />Scan<br />(agent-less)<br />Analyze<br />Install<br />Remediate<br />
    42. 42. Security<br />Have a complete network security overview<br />Remediate security issues<br />Reduce the risks of data theft and data loss<br />Productivity<br />Lower downtime<br />Improve IT department’s productivity<br />Compliance<br />Prove your network is secure<br />Reduce the risks of legal penalties<br />Key benefits<br />
    43. 43. Top features – Patch management<br />Fix vulnerabilities before they are exploited by malicious software or people<br />On demand or automated detection, download and deployment of missing security patches<br />Microsoft operating systems<br />Microsoft applications<br />Other third party applications (including Adobe,Mozilla, Apple, Google, Oracle, etc.)<br />Rollback patches<br />Network-wide deployment of custom software and scripts<br />
    44. 44. Vulnerability assessment<br />Software vulnerabilities are the main gates for malware and hackers to enter your network<br />Over 45,000 checks against operating system and installed applications for security flaws and misconfigurations<br />Scans Windows, Linux and Mac OSs<br />Create custom vulnerability checks<br />
    45. 45. Assets inventory<br />Unmanaged/forgotten machines are a security risk<br />Find the devices you were not aware of:<br />Servers and workstations<br />Virtual machines<br />IP-based devices such as routers, printers, switches, etc. <br />
    46. 46. Network and software audit<br />All the information you need to know about your network such as:<br />TCP and UDP port scanning<br />Automatically remove unauthorized applications<br />Check status of over 1,500 security applications (antivirus, antispyware, firewalls, disk encryption, data loss prevention, etc.)<br />Get notified of security sensitive changes from your network (e.g., a new application is installed, a service is started/stopped, etc.)<br />
    47. 47. Risk analysis and compliance<br />Assistance on what to fix first:<br />Security issues are rated by their severity level<br />Each computer has assigned a vulnerability level<br />Powerful interactive dashboard with security sensors that are triggered when problems are found<br />Full text search support<br />Executive, technical and statistical reports<br />
    48. 48. Product Screens<br />
    49. 49. Product kudos<br />Thousands of customers worldwide use GFI LanGuard<br />Numerous product awards, a few listed below:<br />
    50. 50. Patch management, network security and vulnerability scanner<br />Download GFI LANguard network vulnerability scannerand get a free 30-day trial!<br />You can also check out the GFI LanGuardSmartGuide, which provides helpful tips for successful deployment:<br />http://www.gfi.com/lannetscan/manual<br />

    ×