This document outlines simple steps to prevent ransomware attacks like WannaCry and Petya. It recommends implementing device control, credential control, application control, and access control. Specifically for device control it recommends updating Windows regularly, enabling modern authentication, using modern hardware security, monitoring devices, and encrypting hard disks. For credential control it recommends multi-factor authentication, restricting administrative privileges, using strong unique passwords, and credential guard. For application control it recommends application whitelisting tools like AppLocker. And for access control it recommends implementing least privilege access and using firewalls.
This document provides tips for safe computing. It recommends 6 steps to take, with the top 3 being to keep your operating system updated, install and update anti-virus software, and use strong passwords. It then provides more detailed explanations and recommendations for each of these steps. It also strongly recommends enabling firewall protection, installing spyware removal tools, and backing up important files regularly. The document gives specific guidance on how to implement each of these recommendations to help keep computers and data secure.
What Does the End of Windows XP Mean For Businesses?SecurityMetrics
According to NetMarketShare, nearly one in three computers are supported by Windows XP operating system. Now that Microsoft has stopped providing support for Windows XP, security updates and patches will no longer be available. View this presentation to learn what this could mean for your business security and compliance.
For more information:
https://www.pcisecuritystandards.org/docs/PCI-WindowsXPV4_(1).pdf
https://www.microsoft.com/en-us/windows/enterprise/end-of-support.aspx
The document discusses the four layers of defense for securing a computer:
Layer 1 is the user - they must develop secure habits.
Layer 2 is antivirus and firewall software to block external threats.
Layer 3 refers to operating system security settings like disabling unnecessary features.
Layer 4 is using secure passwords on all accounts.
It also explains that group policy in Windows domains allows centralized management and configuration of user and computer settings across the network. The administrator can use group policy to apply policies to all users and devices with one action.
[PDF] Penetration Testing: A Hands-On Introduction to Hackingubew4tg34
Penetration testers simulate cyber attacks to find security weaknesses. The book Penetration Testing: A Hands-On Introduction to Hacking introduces the core skills and techniques used in penetration testing. Using a virtual lab with tools like Kali Linux, readers can launch attacks and experience the key stages of an assessment, including information gathering, vulnerability analysis, gaining access, and post-exploitation.
Patch, patch and patch !
This has been the go-to mantra of security professionals and the recent WannaCry ransomware attack has highlighted its importance once again.
Seqrite EPS with Centralized Patch Management -
Proven Security Approach for Ransomware Protection
Security Presenatation for Onforce Pro Town HallBev Robb
This document provides an overview of network and internet security presented by Bev Robb of Teksquisite Consulting. It discusses various types of malicious software such as viruses, worms, spyware and ransomware. It also covers different types of security measures like firewalls, antivirus software, and antispyware. Additionally, the presentation outlines some portable security tools that can be used for scanning and cleaning infected devices without installation, and provides additional online resources for further information.
This document provides 10 free security enhancements that can help protect against common threats:
1. Check for Windows and Office updates regularly and configure automatic updates.
2. Install a personal firewall like SyGate or ZoneAlarm.
3. Install a free spyware blocker like SpyBot Search & Destroy.
4. Disable the Windows Messenger service to block pop-up spam messages.
This document provides tips for safe computing. It recommends 6 steps to take, with the top 3 being to keep your operating system updated, install and update anti-virus software, and use strong passwords. It then provides more detailed explanations and recommendations for each of these steps. It also strongly recommends enabling firewall protection, installing spyware removal tools, and backing up important files regularly. The document gives specific guidance on how to implement each of these recommendations to help keep computers and data secure.
What Does the End of Windows XP Mean For Businesses?SecurityMetrics
According to NetMarketShare, nearly one in three computers are supported by Windows XP operating system. Now that Microsoft has stopped providing support for Windows XP, security updates and patches will no longer be available. View this presentation to learn what this could mean for your business security and compliance.
For more information:
https://www.pcisecuritystandards.org/docs/PCI-WindowsXPV4_(1).pdf
https://www.microsoft.com/en-us/windows/enterprise/end-of-support.aspx
The document discusses the four layers of defense for securing a computer:
Layer 1 is the user - they must develop secure habits.
Layer 2 is antivirus and firewall software to block external threats.
Layer 3 refers to operating system security settings like disabling unnecessary features.
Layer 4 is using secure passwords on all accounts.
It also explains that group policy in Windows domains allows centralized management and configuration of user and computer settings across the network. The administrator can use group policy to apply policies to all users and devices with one action.
[PDF] Penetration Testing: A Hands-On Introduction to Hackingubew4tg34
Penetration testers simulate cyber attacks to find security weaknesses. The book Penetration Testing: A Hands-On Introduction to Hacking introduces the core skills and techniques used in penetration testing. Using a virtual lab with tools like Kali Linux, readers can launch attacks and experience the key stages of an assessment, including information gathering, vulnerability analysis, gaining access, and post-exploitation.
Patch, patch and patch !
This has been the go-to mantra of security professionals and the recent WannaCry ransomware attack has highlighted its importance once again.
Seqrite EPS with Centralized Patch Management -
Proven Security Approach for Ransomware Protection
Security Presenatation for Onforce Pro Town HallBev Robb
This document provides an overview of network and internet security presented by Bev Robb of Teksquisite Consulting. It discusses various types of malicious software such as viruses, worms, spyware and ransomware. It also covers different types of security measures like firewalls, antivirus software, and antispyware. Additionally, the presentation outlines some portable security tools that can be used for scanning and cleaning infected devices without installation, and provides additional online resources for further information.
This document provides 10 free security enhancements that can help protect against common threats:
1. Check for Windows and Office updates regularly and configure automatic updates.
2. Install a personal firewall like SyGate or ZoneAlarm.
3. Install a free spyware blocker like SpyBot Search & Destroy.
4. Disable the Windows Messenger service to block pop-up spam messages.
Technical guidance to prevent wanna cry ransomware attackAvanzo net
Along with the rise of Ransomware attacks around the world named WannaCry or WannaCrypt, a
new variant malware that is believed to be developed using NSA's exploit tools to attack computers with
Microsoft Windows operating system, ISACA ID tries to help provide preventive guidance to avoid those
malware attacks.
Trojans (aka Trojan horses) are programs or software, designed for breaching the security system of any computer in which it is installed. To get more information try this link :
https://how-to-remove.org/malware/trojan/
Follow US:-
https://www.facebook.com/Jerry-Bloom-221341418294552/
https://plus.google.com/113253237810596528164
https://twitter.com/jerrybloom11
https://groups.google.com/forum/#!forum/jerry-bloom
https://in.pinterest.com/jerrybloom11/
Trojans (aka Trojan horses) are programs or software, designed for breaching the security system of any computer in which it is installed. To get more information try this link :
https://how-to-remove.org/malware/trojan/
Follow US:-
https://www.facebook.com/Jerry-Bloom-221341418294552/
https://plus.google.com/113253237810596528164
https://twitter.com/jerrybloom11
https://groups.google.com/forum/#!forum/jerry-bloom
https://in.pinterest.com/jerrybloom11/
Trojans (aka Trojan horses) are programs or software, designed for breaching the security system of any computer in which it is installed. To get more information try this link :
https://how-to-remove.org/malware/trojan/
Follow US:-
https://www.facebook.com/Jerry-Bloom-221341418294552/
https://plus.google.com/113253237810596528164
https://twitter.com/jerrybloom11
https://groups.google.com/forum/#!forum/jerry-bloom
https://in.pinterest.com/jerrybloom11/
Metasploit is penetration testing software that can be used to:
1) Safely simulate attacks on a network to uncover security issues and verify defenses.
2) Validate security risks as part of a vulnerability management program.
3) Measure the effectiveness of a security awareness program by testing password security, social engineering, and sending phishing emails.
This document discusses penetration testing and the Metasploit framework. It defines penetration testing as evaluating a system's security using malicious techniques to identify vulnerabilities. Metasploit is an open-source framework for penetration testing that contains exploits, payloads, and modules. It can be used to test applications, operating systems, and web applications for vulnerabilities. The document provides examples of commands in msfconsole like 'use exploit' and 'set payload' to launch attacks using Metasploit.
September 2012 Security Vulnerability SessionKaseya
This document summarizes a security vulnerability presentation given by Jason Dettbarn of Kaseya. Jason has a background in computer science and network security. He discusses the prevalence and persistence of software vulnerabilities, how quickly exploits emerge after announcements, and the need to rapidly patch third-party software like Java, Flash and Office applications. Jason promotes Kaseya's software deployment and update tool for efficiently deploying patches across an organization's systems.
The document discusses computer viruses and antivirus software. It defines computer viruses as malicious software that can infiltrate or damage systems without consent. It notes that viruses need a host program to spread, while worms do not. The document recommends using antivirus software and lists criteria for choosing software, including ability to detect viruses, usability, performance impact, and price. It suggests popular commercial options like KAV, Bit, and Norton but also promotes the free Vietnamese-made BKAV software as a suitable low-cost option.
Linux is an operating system that enables applications and users to access devices on a computer. There are five basic principles of Linux system security: know your system and its intended role; give each process or package the least amount of privilege needed; use defense in depth with multiple security layers; focus on protection but also enable detection of breaches; and understand potential security threats. The Linux philosophy is based on developing small yet capable software by combining tools to accomplish larger tasks, with an emphasis on modularity, clarity, simplicity, and transparency.
This document discusses how to secure a Windows XP PC by installing Service Pack 2. It explains that hackers have become more sophisticated and attacks are increasing. Service Pack 2 helps secure Windows XP by including a firewall, safer email and web browsing features, and memory protection. It also discusses how Service Pack 2 makes security easier to manage through tools like Windows Security Center and Windows Update. The document recommends installing Service Pack 2 and other basic security practices like using antivirus software and updating applications to help secure a Windows XP PC.
Cyber security career guide for beginners to start their career in the field where the demand is high and the skills are low. Join any training program in SIEM tools to get an industry recognized certificate in cyber security. Become a professional as a security analyst at SIEM XPERT'S training with certification courses. visit: https://www.siemxpert.com/
This document discusses computer viruses and how to protect against them. It defines a computer virus as a program that replicates by copying itself to other programs or devices. It then lists common types of viruses like worms, ransomware, spyware, and botnets. To protect devices, it recommends not connecting to unknown USB drives or opening email attachments, and using antivirus software and online scanning services. It provides examples of an Eicar test file and the VirusTotal scanning site to demonstrate online scanning.
This document provides defensive measures to protect against computer viruses. It recommends installing antivirus software and keeping it updated, not opening attachments from unknown senders, using a pop-up blocker, keeping your operating system updated, performing daily scans, enabling privacy settings, using a firewall, being cautious with removable media, disabling autorun, and installing anti-keylogger software.
1. The document discusses computer viruses and antivirus software. It defines a computer virus as a malicious program that can damage or corrupt data without the user's knowledge.
2. It describes different types of viruses and malicious software like worms and trojans. It also explains that antivirus software identifies and removes viruses and other malware from infected computers to protect the system.
3. The document outlines how antivirus software works using a virus dictionary to examine files and detect any matches to known virus code. It provides symptoms of an infected system and precautions users should take like regularly scanning removable media and keeping software updated.
Corporate Endpoint Security Training [Kaspersky]Desmond Israel
Information Security Architects developed training manual for endpoint security training with reference to kaspersky lab solution. This file can be adopted to fit other endpoint security solution brands.
How to protect your Mac from Malware Attacks?Simone Crete
Ransomware is a type of malware that encrypts files and demands payment, usually in cryptocurrency, to regain access. It can spread through malicious email attachments, infected applications, or external devices. While Macs are generally more secure than Windows PCs, it's still important to take precautions like backing up files to multiple locations, keeping macOS updated, using antivirus software, and avoiding suspicious email attachments. Following basic security practices can help protect Macs from potential ransomware attacks on the network.
Microsoft will end support for the Windows XP operating system on April 8, 2014, after which the system will no longer receive security updates or technical support, leaving the estimated 45 million computers still running Windows XP vulnerable to security exploits and viruses. The document discusses the security risks of continuing to use an unsupported operating system and provides options for users, including upgrading to a newer version of Windows or purchasing a new computer capable of running a supported operating system.
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
The document provides a step-by-step guide for securing a company's IT architecture. It outlines creating a network and system administration policy, mapping out the company's IT elements, and then securing each element. Key steps include applying security through obscurity, hardening operating systems and services, updating software, and implementing monitoring, backups, and disaster recovery policies. Specific recommendations are given for securing SSH, Postfix, NFS, Apache, and PHP.
The document outlines 12 crucial Windows security skills for 2018 according to security experts at CQURE. The skills are organized into 12 groups: 1) Platform Security & Internals, 2) Attacks On Credentials & Prevention Solutions, 3) PowerShell As A Hacking Tool, 4) Office 365 Security, 5) Raising the bar for malware, 6) Microsoft SQL Server Security, 7) Improving security with Azure, 8) Virtualization based security, 9) Machine Learning for Security, 10) Windows 2016 security and infrastructure improvements, 11) Practical Public Key Infrastructure, and 12) Advanced Monitoring and Auditing. The document provides brief descriptions of the types of skills covered in each group.
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
This webinar looks at Isolation from different viewpoints. Learn from a Menlo Security customer, along with John Pescatore, Director of Emerging Technologies at SANS Institute, and Kowsik Guruswamy, Menlo Security CTO, as they explore why organizations around the globe are looking at isolation as the means to protect their users from ever-present web and email dangers.
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
Organizations today are facing unprecedented and sophisticated attacks to their internal Information Technology infrastructure. These evolving attacks include spear phishing, ransomware, credential hijacking, and more and can result in significant data loss and/or theft of confidential and valuable intellectual property. In response to these threats, Microsoft has released an array of tools such as Azure Sentinel, Cloud App Security, Microsoft Defender for Identity, and more which can help to secure and protect against these threats. These tools work with both on-premises and cloud-based infrastructure to provide for comprehensive protection of hybrid environments.
This session breaks down each of these Microsoft tools and provides for an understanding of their value for specific security scenarios. A simple, no-marketing approach is taken to evaluating each individual tool, and a simple breakdown of what is provided with each Microsoft licensing model is outlined. Attendees will gain a better appreciation to which tools to utilize and how to better protect their Information Technology investments from the type of career-ending attacks which are unfortunately common today.
• Understand how modern threats such as spear phishing, ransomware, credential hijacking, and more are commonly faced in today’s IT environments and what tools and techniques can be used to mitigate the risk faced by these modern threats
• Examine Microsoft security tools such as Azure Sentinel, Microsoft Defender for Identity, Azure Security Center, Cloud App Security, Azure AD Privileged Identity Management, Azure AD Identity Protection, Azure Information Protection, and more
• Understand which tools are available for each licensing model in the Microsoft world and when it may make sense to ‘upgrade’ existing licenses to support specific toolsets as opposed to investment in third-party tools
Technical guidance to prevent wanna cry ransomware attackAvanzo net
Along with the rise of Ransomware attacks around the world named WannaCry or WannaCrypt, a
new variant malware that is believed to be developed using NSA's exploit tools to attack computers with
Microsoft Windows operating system, ISACA ID tries to help provide preventive guidance to avoid those
malware attacks.
Trojans (aka Trojan horses) are programs or software, designed for breaching the security system of any computer in which it is installed. To get more information try this link :
https://how-to-remove.org/malware/trojan/
Follow US:-
https://www.facebook.com/Jerry-Bloom-221341418294552/
https://plus.google.com/113253237810596528164
https://twitter.com/jerrybloom11
https://groups.google.com/forum/#!forum/jerry-bloom
https://in.pinterest.com/jerrybloom11/
Trojans (aka Trojan horses) are programs or software, designed for breaching the security system of any computer in which it is installed. To get more information try this link :
https://how-to-remove.org/malware/trojan/
Follow US:-
https://www.facebook.com/Jerry-Bloom-221341418294552/
https://plus.google.com/113253237810596528164
https://twitter.com/jerrybloom11
https://groups.google.com/forum/#!forum/jerry-bloom
https://in.pinterest.com/jerrybloom11/
Trojans (aka Trojan horses) are programs or software, designed for breaching the security system of any computer in which it is installed. To get more information try this link :
https://how-to-remove.org/malware/trojan/
Follow US:-
https://www.facebook.com/Jerry-Bloom-221341418294552/
https://plus.google.com/113253237810596528164
https://twitter.com/jerrybloom11
https://groups.google.com/forum/#!forum/jerry-bloom
https://in.pinterest.com/jerrybloom11/
Metasploit is penetration testing software that can be used to:
1) Safely simulate attacks on a network to uncover security issues and verify defenses.
2) Validate security risks as part of a vulnerability management program.
3) Measure the effectiveness of a security awareness program by testing password security, social engineering, and sending phishing emails.
This document discusses penetration testing and the Metasploit framework. It defines penetration testing as evaluating a system's security using malicious techniques to identify vulnerabilities. Metasploit is an open-source framework for penetration testing that contains exploits, payloads, and modules. It can be used to test applications, operating systems, and web applications for vulnerabilities. The document provides examples of commands in msfconsole like 'use exploit' and 'set payload' to launch attacks using Metasploit.
September 2012 Security Vulnerability SessionKaseya
This document summarizes a security vulnerability presentation given by Jason Dettbarn of Kaseya. Jason has a background in computer science and network security. He discusses the prevalence and persistence of software vulnerabilities, how quickly exploits emerge after announcements, and the need to rapidly patch third-party software like Java, Flash and Office applications. Jason promotes Kaseya's software deployment and update tool for efficiently deploying patches across an organization's systems.
The document discusses computer viruses and antivirus software. It defines computer viruses as malicious software that can infiltrate or damage systems without consent. It notes that viruses need a host program to spread, while worms do not. The document recommends using antivirus software and lists criteria for choosing software, including ability to detect viruses, usability, performance impact, and price. It suggests popular commercial options like KAV, Bit, and Norton but also promotes the free Vietnamese-made BKAV software as a suitable low-cost option.
Linux is an operating system that enables applications and users to access devices on a computer. There are five basic principles of Linux system security: know your system and its intended role; give each process or package the least amount of privilege needed; use defense in depth with multiple security layers; focus on protection but also enable detection of breaches; and understand potential security threats. The Linux philosophy is based on developing small yet capable software by combining tools to accomplish larger tasks, with an emphasis on modularity, clarity, simplicity, and transparency.
This document discusses how to secure a Windows XP PC by installing Service Pack 2. It explains that hackers have become more sophisticated and attacks are increasing. Service Pack 2 helps secure Windows XP by including a firewall, safer email and web browsing features, and memory protection. It also discusses how Service Pack 2 makes security easier to manage through tools like Windows Security Center and Windows Update. The document recommends installing Service Pack 2 and other basic security practices like using antivirus software and updating applications to help secure a Windows XP PC.
Cyber security career guide for beginners to start their career in the field where the demand is high and the skills are low. Join any training program in SIEM tools to get an industry recognized certificate in cyber security. Become a professional as a security analyst at SIEM XPERT'S training with certification courses. visit: https://www.siemxpert.com/
This document discusses computer viruses and how to protect against them. It defines a computer virus as a program that replicates by copying itself to other programs or devices. It then lists common types of viruses like worms, ransomware, spyware, and botnets. To protect devices, it recommends not connecting to unknown USB drives or opening email attachments, and using antivirus software and online scanning services. It provides examples of an Eicar test file and the VirusTotal scanning site to demonstrate online scanning.
This document provides defensive measures to protect against computer viruses. It recommends installing antivirus software and keeping it updated, not opening attachments from unknown senders, using a pop-up blocker, keeping your operating system updated, performing daily scans, enabling privacy settings, using a firewall, being cautious with removable media, disabling autorun, and installing anti-keylogger software.
1. The document discusses computer viruses and antivirus software. It defines a computer virus as a malicious program that can damage or corrupt data without the user's knowledge.
2. It describes different types of viruses and malicious software like worms and trojans. It also explains that antivirus software identifies and removes viruses and other malware from infected computers to protect the system.
3. The document outlines how antivirus software works using a virus dictionary to examine files and detect any matches to known virus code. It provides symptoms of an infected system and precautions users should take like regularly scanning removable media and keeping software updated.
Corporate Endpoint Security Training [Kaspersky]Desmond Israel
Information Security Architects developed training manual for endpoint security training with reference to kaspersky lab solution. This file can be adopted to fit other endpoint security solution brands.
How to protect your Mac from Malware Attacks?Simone Crete
Ransomware is a type of malware that encrypts files and demands payment, usually in cryptocurrency, to regain access. It can spread through malicious email attachments, infected applications, or external devices. While Macs are generally more secure than Windows PCs, it's still important to take precautions like backing up files to multiple locations, keeping macOS updated, using antivirus software, and avoiding suspicious email attachments. Following basic security practices can help protect Macs from potential ransomware attacks on the network.
Microsoft will end support for the Windows XP operating system on April 8, 2014, after which the system will no longer receive security updates or technical support, leaving the estimated 45 million computers still running Windows XP vulnerable to security exploits and viruses. The document discusses the security risks of continuing to use an unsupported operating system and provides options for users, including upgrading to a newer version of Windows or purchasing a new computer capable of running a supported operating system.
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
The document provides a step-by-step guide for securing a company's IT architecture. It outlines creating a network and system administration policy, mapping out the company's IT elements, and then securing each element. Key steps include applying security through obscurity, hardening operating systems and services, updating software, and implementing monitoring, backups, and disaster recovery policies. Specific recommendations are given for securing SSH, Postfix, NFS, Apache, and PHP.
The document outlines 12 crucial Windows security skills for 2018 according to security experts at CQURE. The skills are organized into 12 groups: 1) Platform Security & Internals, 2) Attacks On Credentials & Prevention Solutions, 3) PowerShell As A Hacking Tool, 4) Office 365 Security, 5) Raising the bar for malware, 6) Microsoft SQL Server Security, 7) Improving security with Azure, 8) Virtualization based security, 9) Machine Learning for Security, 10) Windows 2016 security and infrastructure improvements, 11) Practical Public Key Infrastructure, and 12) Advanced Monitoring and Auditing. The document provides brief descriptions of the types of skills covered in each group.
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
This webinar looks at Isolation from different viewpoints. Learn from a Menlo Security customer, along with John Pescatore, Director of Emerging Technologies at SANS Institute, and Kowsik Guruswamy, Menlo Security CTO, as they explore why organizations around the globe are looking at isolation as the means to protect their users from ever-present web and email dangers.
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
Organizations today are facing unprecedented and sophisticated attacks to their internal Information Technology infrastructure. These evolving attacks include spear phishing, ransomware, credential hijacking, and more and can result in significant data loss and/or theft of confidential and valuable intellectual property. In response to these threats, Microsoft has released an array of tools such as Azure Sentinel, Cloud App Security, Microsoft Defender for Identity, and more which can help to secure and protect against these threats. These tools work with both on-premises and cloud-based infrastructure to provide for comprehensive protection of hybrid environments.
This session breaks down each of these Microsoft tools and provides for an understanding of their value for specific security scenarios. A simple, no-marketing approach is taken to evaluating each individual tool, and a simple breakdown of what is provided with each Microsoft licensing model is outlined. Attendees will gain a better appreciation to which tools to utilize and how to better protect their Information Technology investments from the type of career-ending attacks which are unfortunately common today.
• Understand how modern threats such as spear phishing, ransomware, credential hijacking, and more are commonly faced in today’s IT environments and what tools and techniques can be used to mitigate the risk faced by these modern threats
• Examine Microsoft security tools such as Azure Sentinel, Microsoft Defender for Identity, Azure Security Center, Cloud App Security, Azure AD Privileged Identity Management, Azure AD Identity Protection, Azure Information Protection, and more
• Understand which tools are available for each licensing model in the Microsoft world and when it may make sense to ‘upgrade’ existing licenses to support specific toolsets as opposed to investment in third-party tools
You are Doing IT Security Wrong - Understanding the Threat of Modern Cyber-at...Michael Noel
Organizations today are vastly unprepared for the threat of modern cyber-attacks. At the same time, the attackers are becoming more sophisticated and the amount of resources at their disposal is increasing. It has become a lucrative business to hack, disrupt, and steal intellectual property from organizations of all sizes and in all business sectors.
While the attackers are becoming more sophisticated, organizations have their IT security positioned for threats from the past century, with poor password management techniques, simple ACL based file permissions, and basic firewall and zone-based containment techniques. This makes it easier for attackers to obtain access to critical intellectual property and makes career-ruining disruptions all the more common.
This session focuses on understanding what is currently wrong with IT security practices and how your organization can change processes, techniques, and tools to provide for a significantly higher level of IT security without necessarily having to implement expensive tools or obtrusive processes.
• Understand the pitfalls of current IT Security practices, including myths around password change policies, allowing logins without providing multiple factors, and the proliferation of ‘always-on’ admin rights.
• Examine how simple changes in IT strategy can greatly improve your overall IT posture, including providing for up to a 99% improvement in the likelihood of a data credential theft.
• Determine which easy to deploy tools and features which you may already be licensed for can be used to tighten up IT security within an environment, including solutions such as Microsoft Defender for Identity, Azure Sentinel, Microsoft Cloud App Security, next-generation firewalls, and more.
This document discusses recommendations to improve defenses against rapid cyberattacks. It begins with a review of how rapid attacks work, then provides specific recommendations in four areas: attack surface reduction, lateral traversal/securing privileged access, business continuity/disaster recovery, and exploit mitigation. Potential blockers to implementing the recommendations are also identified relating to technology, processes, and stakeholder buy-in. Next steps include assigning action items identified in the meeting.
The document provides definitions and concepts related to application security including assets, threats, vulnerabilities, attacks, and security controls. It discusses how application security aims to secure the confidentiality, integrity, and availability of data by protecting against vulnerabilities like SQL injection and cross-site scripting. The document demonstrates how attackers can exploit vulnerabilities in multiple phases, from information gathering to maintaining access. It recommends best practices for developers like following security standards, conducting audits, implementing logging, and keeping software updated. Finally, it discusses Facebook's response to the Cambridge Analytica data privacy scandal.
As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet, protecting all your users within minutes.
Cisco Advanced Malware Protection offers global threat intelligence, advanced sandboxing and real-time malware blocking to prevent breaches while it continuously analyzes file activity across your network, so that you can quickly detect, contain and remove advanced malware.
Presentation of Cisco Security Architecture and Solutions such as Cisco Advanced Malware Protection (AMP) and Cisco Umbrella during Simplex-Cisco Technology Session that took place at the Londa Hotel in Limassol on 14 March 2018.
Defending the Endpoint with Next-Gen SecuritySophos Benelux
This document discusses next-generation endpoint security. It defines next-gen endpoint security as providing multi-vector protection through signatureless, predictive techniques like behavioral analysis and machine learning. It also emphasizes the importance of synchronized management across endpoints, networks, and the cloud for improved visibility, response and remediation. The document provides examples of next-gen techniques like download reputation, web security and exploit prevention and explains how they improve security at different stages of an attack lifecycle from exposure to code execution to incident response.
The document summarizes security advice for securing Windows networks. It discusses revealing hacker personas including automated attacks, targeted attacks, and the different skill levels of hackers from lame to sophisticated. It then discusses top security mistakes made and demonstrates how to secure Windows networks using features in Windows Server 2003 like group policy templates. Security improvements in Windows XP Service Pack 2 are also summarized, including network protection technologies like Windows Firewall and memory protection with Data Execution Prevention.
Metasploit is an open source penetration testing framework that contains tools for scanning systems to identify vulnerabilities, exploits to take advantage of vulnerabilities, and payloads to control systems after exploitation. It provides a simple interface for security professionals to simulate attacks while testing systems and identifying weaknesses. The document discusses Metasploit's history and versions, how it can be used to conduct penetration testing, and key concepts like vulnerabilities, exploits, and payloads.
12 Critical Cyber Controls for Insurance.pptxMike Mihm
This document outlines 12 critical cybersecurity controls needed for insurance companies, including multi-factor authentication, secured backups, vulnerability management, patched systems, email/web filtering, privileged access management, network protection, endpoint security, logging/monitoring, security awareness training, device hardening, and incident response planning. It provides examples of solutions for each control and how Marsh can help with implementation and policy development.
Threat Modeling workshop by Robert HurlbutDevSecCon
This document summarizes a presentation on threat modeling concepts and processes. It began with defining key threat modeling terms like assets, threats, vulnerabilities, and risk. It described threat modeling as understanding potential threats to a system. The presentation covered approaches like STRIDE and asking questions. It emphasized decomposing systems and identifying threats through data flows. Determining mitigations and risk ratings for threats was also discussed. The goal of threat modeling is to have an ongoing, living understanding of security risks to a system.
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
The document discusses the CryptoLocker ransomware threat and strategies to defend against it. CryptoLocker infects systems by tricking users into executing malicious files, then encrypts files using a randomly generated key. It threatens to delete the encryption key unless a ransom is paid. The best defenses include application whitelisting, limiting administrator privileges, firewalls, intrusion detection systems and keeping systems patched and backed up. In the event of infection, the affected machine should be isolated while restoring data from backups. Ongoing user education and security policies are also important to mitigate the ransomware risk.
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
This document discusses the CryptoLocker ransomware threat and strategies to defend against it. CryptoLocker infects systems by tricking users into executing malicious files. Once installed, it encrypts files using a randomly generated key that is sent back to the infected machine. The best defenses include application whitelisting, limiting administrator privileges, firewalls, intrusion detection systems and keeping systems patched and backed up. In the event of infection, the infected machine should be isolated and restored from backup. Ongoing user awareness training and security policies are also important non-technical strategies to mitigate the CryptoLocker threat.
The document provides an introduction to PHP security basics. It discusses identifying principals (the targets of attackers like private data), understanding common attack vectors like SQL injection and cross-site scripting, and employing defense in depth with overlapping security tactics to protect against multiple attack vectors. The presentation emphasizes understanding what information an attacker could derive from an application in order to better protect principal data and functions.
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]Websec México, S.C.
http://www.guadalajaracon.org/conferencias/echidna-sistema-de-respuesta-incidentes-open-source/
El proyecto Echidna es un sistema de respuesta incidentes dirigido a analistas de seguridad siguiendo los principios de Network Security Monitoring. Se trata de un proyecto totalmente Open Source donde comparto crédito con autores de populares herramientas como Ian Firns (Barnyard2, SecurityOnion NSM Scripts) y Edward Bjarte (cxtracker, passivedns, prads, etc.).
Echidna consiste en agentes, servidor e interfaz de usuario. Los agentes y los servidores estan programados en perl, las aplicaciones especializadas (sesion, eventos…) estan hechos en C/C++. La interfaz de usuario funciona del lado del cliente usando AngularJS. El servidor provee una API REST para uso de la UI o cualquier otro tipo de interfaz alternativa.
El proposito de Echidna es integrar diferentes herramientas de análisis en red para las diferentes capas de NSM. Desde Suricata/Snort hasta HTTPRY. Lo interesante es que la mayoría del stack por default son nuestras propias herramientas ej. Cxtracker – sesiones, barnyard2 – spooler de eventos para snort/suricata, prads -deteccion de assets, passivedns – analisis de dns pasivo, etc.
Ian aka firnsy es core dev y Edward aka ebf0 dirije desde la perspectiva de analista. Cada uno ha creado uno o mas herramientas expertas que Echidna integra en el stack.
Similar to ATEA IT EXPO: Hit by ransomware - again (20)
This presentation by OECD, OECD Secretariat, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
This presentation by Juraj Čorba, Chair of OECD Working Party on Artificial Intelligence Governance (AIGO), was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
This presentation by Professor Alex Robson, Deputy Chair of Australia’s Productivity Commission, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...Suzanne Lagerweij
This is a workshop about communication and collaboration. We will experience how we can analyze the reasons for resistance to change (exercise 1) and practice how to improve our conversation style and be more in control and effective in the way we communicate (exercise 2).
This session will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
Abstract:
Let’s talk about powerful conversations! We all know how to lead a constructive conversation, right? Then why is it so difficult to have those conversations with people at work, especially those in powerful positions that show resistance to change?
Learning to control and direct conversations takes understanding and practice.
We can combine our innate empathy with our analytical skills to gain a deeper understanding of complex situations at work. Join this session to learn how to prepare for difficult conversations and how to improve our agile conversations in order to be more influential without power. We will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
In the session you will experience how preparing and reflecting on your conversation can help you be more influential at work. You will learn how to communicate more effectively with the people needed to achieve positive change. You will leave with a self-revised version of a difficult conversation and a practical model to use when you get back to work.
Come learn more on how to become a real influencer!
Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...SkillCertProExams
• For a full set of 760+ questions. Go to
https://skillcertpro.com/product/databricks-certified-data-engineer-associate-exam-questions/
• SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
• It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
• SkillCertPro updates exam questions every 2 weeks.
• You will get life time access and life time free updates
• SkillCertPro assures 100% pass guarantee in first attempt.
This presentation by Nathaniel Lane, Associate Professor in Economics at Oxford University, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
Carrer goals.pptx and their importance in real lifeartemacademy2
Career goals serve as a roadmap for individuals, guiding them toward achieving long-term professional aspirations and personal fulfillment. Establishing clear career goals enables professionals to focus their efforts on developing specific skills, gaining relevant experience, and making strategic decisions that align with their desired career trajectory. By setting both short-term and long-term objectives, individuals can systematically track their progress, make necessary adjustments, and stay motivated. Short-term goals often include acquiring new qualifications, mastering particular competencies, or securing a specific role, while long-term goals might encompass reaching executive positions, becoming industry experts, or launching entrepreneurial ventures.
Moreover, having well-defined career goals fosters a sense of purpose and direction, enhancing job satisfaction and overall productivity. It encourages continuous learning and adaptation, as professionals remain attuned to industry trends and evolving job market demands. Career goals also facilitate better time management and resource allocation, as individuals prioritize tasks and opportunities that advance their professional growth. In addition, articulating career goals can aid in networking and mentorship, as it allows individuals to communicate their aspirations clearly to potential mentors, colleagues, and employers, thereby opening doors to valuable guidance and support. Ultimately, career goals are integral to personal and professional development, driving individuals toward sustained success and fulfillment in their chosen fields.
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie WellsRosie Wells
Insight: In a landscape where traditional narrative structures are giving way to fragmented and non-linear forms of storytelling, there lies immense potential for creativity and exploration.
'Collapsing Narratives: Exploring Non-Linearity' is a micro report from Rosie Wells.
Rosie Wells is an Arts & Cultural Strategist uniquely positioned at the intersection of grassroots and mainstream storytelling.
Their work is focused on developing meaningful and lasting connections that can drive social change.
Please download this presentation to enjoy the hyperlinks!
XP 2024 presentation: A New Look to Leadershipsamililja
Presentation slides from XP2024 conference, Bolzano IT. The slides describe a new view to leadership and combines it with anthro-complexity (aka cynefin).
This presentation by Thibault Schrepel, Associate Professor of Law at Vrije Universiteit Amsterdam University, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
3. Once upon a time, not that long time ago…
Microsoft patches SMB 1 exploit
(They even patched Windows
XP)
March 2017
Shadow Brokers dump Eternal
Blue
April 2017
WannaCry hits
May 12th 2017
People *still* haven't patched,
and NotPetya hits
June 27th 2017
Emotet Trojan emerge using
network sniffing and password
harvesting techniques
July 2017
Another attack on a computer
near you – we are open 24/7…
August 2017
4. Petya type malware Threat Research
SeShutdownPrivilege
SeDebugPrivilege
SeTcbPrivilege
User Rights checking
As local admin
As non-local admin
(Smoke and mirrors – when weaponized)
Data Encryption
Mimikatz technics
Credentials harvesting
EternalBlue
Admin$ share
SMB propagation
Network sniffer
8. Windows as a service
April JuneMay
New security updates New non security updates Exiting fixes from previous cumulative updates
KB4015583 KB4016240 New KB#1 New KB#2 New KB#3 New KB#4
9. How Microsoft Stays Up to Date
80% of patching and reboots are handled with natural
reboots, no user interruption or notifications
DAY 1 – 6 DAY 7
User can choose to install update and
reboot now or schedule for a later time
The user receives final restart notification with a
60 minute countdown timer
DAY 7+ZERO DAY
Move deadline forward and update 75% within 24 hours,
25% additional 24-36 hours
Patch Tuesday (+ 1)
10:00 PST
Monday
10:00 PST
Tuesday
23:59 PST
12. Device Control
1. Windows 10 is part of the solution (… and Windows Server 2016)
2. Ensure to update regular - Follow Best Practice, validate and then add your own
requirements
3. Enable Modern authentication
4. Start using Modern hardware security
5. Start Monitoring your devices
6. Ensure Hard disk encryption on all devices – OFFCAUSE!
7. Follow Best Practice, validate and then add your own requirements
13. Credential Control
1. Multi Factor Authentication (MFA) for all users and administrators
2. No High Risk login on any devices
3. Consider Local Administrative Privileges – DO NOT add domain groups to give
Local Administrative Privileges to users!
4. Password Randomization (LAPS etc.)
5. Ensure Strong Password(s) Policies – Follow Best Practice, validate and then add
your own requirements
6. Ensure to use Credential Guard or similar
14. Application Control
1. Implement Microsoft AppLocker or similar
2. Implement Software Restriction Policies as a minimum
3. Enforce Windows Defender SmartScreen
4. Enforce User account Control (UAC)
5. Microsoft Edge and Enterprise Mode for Internet Explorer 11 Whitelisting
15. Access Control
1. Implement Just Enough Rights Philosophy -Follow Best Practice, validate and then
add your own requirements
2. Limit Remote Access to mobile devices (… and servers)
3. Limit Remote Access to mobile devices to named Jump Station only (… and
servers)
4. Use Windows Firewall Actively – Disabled is not an option (… on servers to)
5. Prepare to upgrade to Latest Windows 10 version and start using Application- and
Exploit Guard (Windows 10 1709+)
Slide 1 [:00:00]
Hit by malware [again]
Simple steps to tackle and cripple WannaCry and Petya type ransomware
//
Slide 2 [HIDDEN SLIDE]
Deck information
//
Slide 3 [HIDDEN SLIDE]
Abstract
//
Slide 4 [00:00]
Hit by ransomware [again]
Ransomware is a type of malicious software from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called crypto viral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented crypto viral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash and Bitcoin are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", traveled automatically between computers without user interaction.
Source: https://en.wikipedia.org/wiki/Ransomware
//
Slide 5 [00:00]
Once upon a time…
Over the summer, companies all over the globe has been hit by some really nasty attacks – not all was due to missing patches
Time-line (spring-summer 2017)
A widespread ransomware attack targets Windows systems that do not have the latest updates. Microsoft announce: Given the severity of this threat, update your Windows systems as soon as possible.
The WannaCry ransomware attack was a May 2017 worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
The attack began on Friday, 12 May 2017, and within a day was reported to have infected more than 230,000 computers in over 150 countries. Parts of the United Kingdom's National Health Service (NHS) were infected, causing it to run some services on an emergency-only basis during the attack, Spain's Telefónica, FedEx and Deutsche Bahn were hit, along with many other countries and companies worldwide.
Shortly after the attack began, Marcus Hutchins, a 22-year-old web security researcher from North Devon in England then known as MalwareTech discovered an effective kill switch by registering a domain name he found in the code of the ransomware. This greatly slowed the spread of the infection, effectively halting the initial outbreak on Monday, 15 May 2017, but new versions have since been detected that lack the kill switch – These tools are now being weaponized!
The Equifax hack
In May, hackers broke into Equifax’s computer systems, stealing personal information of over 140 million Americans. While the details of what was pilfered is still forthcoming, it appears Social Security numbers, addresses, account information, and personal details were taken.
In terms of hacks, this is by far one of the largest in history, and to date has been underreported, most likely due to competition from the recent hurricanes and North Korea stories dominating the news headlines.
In terms of financial hacks, this is possibly the worst in history. Millions of American consumers are affected. And, unless there are major structural changes made to the way credit is handled, the hacked information could permanently impact victims. In other words, if your information is available for criminals to use, you could be subject to identity theft at any point in the future. It appears, at this point, thieves may have virtually everything they need to steal your identity going forward if you are one of the people listed in the attack.
Equifax did not disclose the hacks until several months after they happened, effectively potentially giving hackers more time to disseminate consumer information. Although Equifax has followed legal guidelines in regards to disclosure, the issue still remains: Millions of consumers now have their sensitive personal information exposed, putting them at risk for identity theft.
Source: http://rapidcityjournal.com/news/local/communities/chadron/opinion/guest-commentary/equifax-hack-steps-to-protect-yourself/article_fa5e649c-a2e2-11e7-8524-73264d03a5d6.html
The CCleaner hack
he attack took place by piggy-backing onto CCleaner by infiltrating the servers that distribute the software, infecting version 5.33 of the Windows utility and version 1.07 of its cloud-based sister application. Those servers belonged to Piriform, the London company that created CCleaner. In July of this year, Piriform was acquired by the Prague-based antivirus maker Avast.
If you've updated CCleaner since Aug. 15 and you're running 32-bit Windows, you may be infected. You should roll back to a pre-Aug. 15 snapshot of your system, or run a malware scan. Following either (or both) of those steps, visit Piriform's site to download and install the latest, clean version of CCleaner.
Source: https://www.tomsguide.com/us/ccleaner-utility-malware-infected,news-25851.html
NotPetya: Timeline of a Ransom worm
https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/notpetya-timeline-of-a-ransomworm/
Other hacks
The sophisticated NotPetya cyberattack, which Ukraine blamed on Russia, targeted Ukrainian tax software in June, but infected companies around the globe. FedEx said the attack cost the company $300 million.
Sophisticated attacks are a threat, but the biggest hacks can be the result of known vulnerabilities that don't get fixed in time.
//
Slide 6 [00:00]
Petya type malware Threat Research
On June 27, public announcements were made about a large-scale campaign of ransomware attacks across Europe. The ransomware impacted notable industries such as Maersk, the world’s largest container shipping company. The initial infection vector appears to be the exploitation of a Ukrainian tax software called MEDoc. Spreading on the internal network via exploitation of the EternalBlue SMB vulnerability, PsExec, WMI, and Admin$ shares.
User Rights Checking (Different Effect on Malware Logic)
Looks for three different types of privileges to perform its actions:
SeShutdownPrivilege. Required to shutdown the system
SeDebugPrivilege. A token field that allows the owning process to adjust the memory of other processes on the computer. This is a very powerful privilege that allows the malware to perform near system level tasks.
SeTcbPrivilege. This is another very powerful privilege that allows the owning process to act as part of the operating system.
Based upon the overall values constructed from these checks, the malware will perform varying sets of routines.
Data Encryption
If the running user has the SeDebugPrivilege permission, the malware will assume it has administrative privileges, it will then attempt to encrypt the drive using the known Petya code.
Alternatively, if the user is not running with administrative privileges, as determined by a lack of SeDebugPrivilege, the malware will use a user-space encryption routine.
Credential Harvesting
If the variant detects that its process is running with SeDebugPrivilege privileges, it will call a function to harvest credentials
SMB propagation
Like other recent malware the ransomware utilizes the highly effective EternalBlue exploit for Windows SMB vulnerabilities to copy itself to other systems and execute.
In addition to the SMB exploit propagation method, the malware also attempts to establish default administrative network shares (Admin$) with a call to WNetAddConnection2() using a null username and password. By using null for these two values, the network connection is made using the current user’s credentials, which directly affect organizations with shared local administrator accounts
Source: https://www.carbonblack.com/2017/06/28/carbon-black-threat-research-technical-analysis-petya-notpetya-ransomware/
Network sniffer
There seem to be new malware coming out, with network sniffing capabilities, whatever Petya type malware have/will have these functionality is properly just a mater of time as it has been seen in e.g. the Emotet Trojan.
//
Slide 7 [00:00]
So, consider this…
//
Slide 8 [00:00]
Safe harbor
Imagine one of these boats had four small holes, not anything notable, it will require a needle to get through, it is a hole though – would you patch these small holes before going out?
//
Slide 9 [00:00]
Real life
This is the environment a boat is build to withstand.
Imagine this boat have four small holes, not anything notable, it will require a needle to get through, it is holes though – would you patch these now?
The principles same can be applied to a modern device these days, with a few exceptions;
Safe harbor used to be “in the office” – today it is more of a kind if the device is turned off and stowed away in a bag.
The weather conditions are hardly mild these days – prepare for stormy weather!
//
Slide 10 [00:00]
Windows as a service
Predictable and clear timeframes
Releases are aligned with Microsoft Office products twice a year (Spring and fall)
Microsoft System Center Configuration Manager will be aligned as well, but with an additional update.
//
Slide 11 [00:00]
Windows as a service
New update options for Windows 10, version 1703 and above
With the release of Windows 10, we simplified the servicing process by moving to cumulative updates, where each update released contains all the new fixes for that month, as well as all the older fixes from previous months. Today, most organizations deploy these cumulative updates when they are released on the second Tuesday of every month, also called “Update Tuesday.” Because these updates contain new security fixes, they are considered “Security Updates” in Windows Server Update Services (WSUS) and System Center Configuration Manager.
Based on feedback from customers, we are making some adjustments to the updates that we are releasing for Windows 10, version 1703 (also known as the “Creators Update”). With these changes, we will routinely offer one (or sometimes more than one) additional update each month. These additional cumulative updates will contain only new non-security updates, so they will be considered “Updates” in WSUS and Configuration Manager.
https://blogs.technet.microsoft.com/windowsitpro/2017/04/24/new-update-options-for-windows-10-1703/
//
Slide 12 [00:00]
How Microsoft Stays Up to Date
Microsoft 365: Modern management and deployment
https://techcommunity.microsoft.com/t5/Microsoft-Ignite-Content-2017/Microsoft-365-Modern-management-and-deployment/m-p/106056
//
Slide 13 [00:00]
Preparing the tackle
Let´s get into the tackle and cripple some attacks
Tackle (Rugby move). Most forms of football have a move known as a tackle. The primary and important purposes of tackling are to dispossess an opponent of the ball, to stop the player from gaining ground towards goal or to stop them from carrying out what they intend. https://en.wikipedia.org/wiki/Tackle_(football_move)
//
Slide 14 [00:00]
Preparing the tackle
Device Control
Windows 10 is part of the solution (… and Windows Server 2016)
Ensure to update regular - Follow Best Practice, validate and then add your own requirements
Enable Modern authentication
Start using Modern hardware security
Start Monitoring your devices
Ensure Hard disk encryption on all devices – OFFCAUSE!
Follow Best Practice, validate and then add your own requirements
Credential Control
MFA for all users and administrators
No High Risk login on mobile devices
Consider Local Administrative Privileges
Password Randomization (LAPS etc.)
Ensure Strong Password(s) Policies – Follow Best Practice, validate and then add your own requirements
Ensure to use Credential Guard or similar
Application Control
Implement Microsoft AppLocker or similar
Implement Software Restriction Policies as a minimum
Consider Enterprise Mode for Internet Explorer 11 Whitelisting
Access Control
Implement Just Enough Rights Philosophy -Follow Best Practice, validate and then add your own requirements
Limit Remote Access to mobile devices (… and servers)
Limit Remote Access to mobile devices to named Jump Station only (… and servers)
Use Windows Firewall Actively – Disabled is not an option (… on servers to)
Upgrade to Latest Windows 10 version and start using Application- and Exploit Guard
//
Slide 15 [00:00]
Preparing the tackle
Device Control
Windows 10 is part of the solution (… and Windows Server 2016)
Ensure to update regular - Follow Best Practice, validate and then add your own requirements
Enable Modern authentication
Start using Modern hardware security
Start Monitoring your devices
Ensure Hard disk encryption on all devices – OFFCAUSE!
Follow Best Practice, validate and then add your own requirements
//
Slide 16 [00:00]
Preparing the tackle
Credential Control
Multi Factor Authentication (MFA) for all users and administrators
No High Risk login on mobile devices
Consider Local Administrative Privileges
Password Randomization (LAPS etc.)
Ensure Strong Password(s) Policies – Follow Best Practice, validate and then add your own requirements
Ensure to use Credential Guard or similar
//
Slide 17 [00:00]
Preparing the tackle
Application Control
Implement Microsoft AppLocker or similar
Implement Software Restriction Policies as a minimum
Enforce Windows Defender SmartScreen
Enforce User account Control (UAC)
Microsoft Edge and Enterprise Mode for Internet Explorer 11 Whitelisting
//
Slide 18 [00:00]
Preparing the tackle
Access Control
Implement Just Enough Rights Philosophy -Follow Best Practice, validate and then add your own requirements
Limit Remote Access to mobile devices (… and servers)
Limit Remote Access to mobile devices to named Jump Station only (… and servers)
Use Windows Firewall Actively – Disabled is not an option (… on servers to)
Upgrade to Latest Windows 10 version and start using Application- and Exploit Guard
//
Slide 19 [00:00]
Preparing the tackle (DEMO)
//
Slide 20 [00:00]
Summary
//
Slide 21 [00:00]
Imagine you were the one…
//
Slide 22 [00:00]
Preparing the tackle
Device Control
Windows 10 is part of the solution (… and Windows Server 2016)
Ensure to update regular - Follow Best Practice, validate and then add your own requirements
Enable Modern authentication
Start using Modern hardware security
Start Monitoring your devices
Ensure Hard disk encryption on all devices – OFFCAUSE!
Follow Best Practice, validate and then add your own requirements
Credential Control
MFA for all users and administrators
No High Risk login on mobile devices
Consider Local Administrative Privileges
Password Randomization (LAPS etc.)
Ensure Strong Password(s) Policies – Follow Best Practice, validate and then add your own requirements
Ensure to use Credential Guard or similar
Application Control
Implement Microsoft AppLocker or similar
Implement Software Restriction Policies as a minimum
Consider Enterprise Mode for Internet Explorer 11 Whitelisting
Access Control
Implement Just Enough Rights Philosophy -Follow Best Practice, validate and then add your own requirements
Limit Remote Access to mobile devices (… and servers)
Limit Remote Access to mobile devices to named Jump Station only (… and servers)
Use Windows Firewall Actively – Disabled is not an option (… on servers to)
Upgrade to Latest Windows 10 version and start using Application- and Exploit Guard
//
Slide 23 [00:00]
Thank you
//
Slide 24 [00:00]
About :: Biography
Who he is and what he do:
Jesper Nielsen is a Solutions Architect and Technology Evangelist, Microsoft Most Valuable Professional (MVP) and is part of the Microsoft Partner Technology Solutions Professional (P-TSP) program. He has been working hands-on with small and large scale IT-Infrastructure in many different industries for more than 20 years.
With a long background in supporting Windows technologies, Jesper Nielsen have designed and implemented several generations of Windows and is always happy to share his knowledge around this subject and related technologies.
Jesper Nielsen is the founder of the Everything Windows User Group, Denmark and is active in the community and can often be found at user group events as both speaker and attendee. He has been facilitating numerous seminars and events and has made several speaker appearances over the years were his passionate style of delivery, combined with his sense of humor, has made him a recognize speaker.
He does the work he does, because he is loving it, he likes the people he meets and is always embracing the inner nerd and good presentation skills.
He finished a marathon around the four hours’ mark, have been a gymnastics instructor for more than 30 years, he enjoying exploring technology and guide his kids into new technologies and is currently teaching himself C# for Windows app development.
He was awarded the MVP Status for Windows and Devices for IT for the first time, July 2016.
Find him:
E-mail: j.nielsen@atea.dk
Phone: +45 3078 1393
Follow him:
Twitter: https://twitter.com/dotjesper/
LinkedIn: https://www.linkedin.com/in/dotjesper/
Join him:
Everything User Group Denmark: http://ewug.dk
//
Slide 25 [00:00]
References :: Links
Emotet Banking Malware Steals Data Via Network Sniffing
www.securityweek.com/emotet-banking-malware-steals-data-network-sniffing
Network Spreading Capabilities Added to Emotet Trojan
http://www.securityweek.com/network-spreading-capabilities-added-emotet-trojan
Privileged Access Workstations (PAW)
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations
Software Restriction Policies
https://docs.microsoft.com/en-us/windows-server/identity/software-restriction-policies/software-restriction-policies
Windows 10 User Account Control (UAC)
https://docs.microsoft.com/en-us/windows/access-protection/user-account-control/user-account-control-overview
Local Administrator Password Solution (LAPS)
https://technet.microsoft.com/en-us/mt227395.aspx
Microsoft AppLocker
https://docs.microsoft.com/en-us/windows/device-security/applocker/applocker-overview
Windows Defender Application Guard
https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview
Windows Defender Exploit Guard
https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard
Windows Defender SmartScreen
https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview
';--have i been pwned?
https://haveibeenpwned.com/
Mimikatz
https://github.com/gentilkiwi/mimikatz
//