This document summarizes the results of a security audit conducted by Martinez Technology Consulting for COVERT Security Systems. The audit included assessing physical security, wireless networks, servers, workstations, and policies. Wireless networks were found to use outdated and insecure encryption methods. Servers had weak password policies and lacked patching. The network used an unsegmented flat design without central management. Several recommendations were provided to address issues, including implementing Active Directory, wireless encryption upgrades, firewalls, logging, backup solutions, and physical access controls. The findings highlighted the need for COVERT to continually evolve their security practices.
Zeronights 2015 - Big problems with big data - Hadoop interfaces securityJakub Kałużny
Did "cloud computing" and "big data" buzzwords bring new challenges for security testers?
Apart from complexity of Hadoop installations and number of interfaces, standard techniques can be applied to test for: web application vulnerabilities, SSL security and encryption at rest. We tested popular Hadoop environments and found a few critical vulnerabilities, which for sure cast a shadow on big data security.
Zeronights 2015 - Big problems with big data - Hadoop interfaces securityJakub Kałużny
Did "cloud computing" and "big data" buzzwords bring new challenges for security testers?
Apart from complexity of Hadoop installations and number of interfaces, standard techniques can be applied to test for: web application vulnerabilities, SSL security and encryption at rest. We tested popular Hadoop environments and found a few critical vulnerabilities, which for sure cast a shadow on big data security.
Bryan Owen of OSIsoft at S4x15 OTDay.
Bryan shows how to harden a Windows Services generically and then specifically to a service used by OSIsoft's PI Server
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
When it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices.
CIS Controls - Windows Built-In and Open Source Tools to The RescueBashar Shamma
No Budget? Missing Some of the 20 Critical Security Controls? Free Open Source Software and Windows Built-in Tools to the Rescue.
Most organizations do not have an unlimited budget to improve their security posture. Even with a fairly healthy budget, organizations might still not be able to cover all of the 20 Critical Security Controls and have to prioritize its budget based on the organization's threat model. So how can we close more security gaps when security is usually considered a cost center? We utilize what's already out there and available to us; Free Open Source Software (FOSS) and Windows Built-in tools.
In this talk, we will map various FOSS and Windows Built-in tools to the applicable Critical Security Control. Then, we will measure the overall coverage to determine the potential of this approach in satisfying the controls' requirements. Expect to leave this talk with ideas and resources to aid you in closing security gaps without the need to buy the NextGen product or the latest blinking box.
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
After successfully attacking an endpoint and gaining a foothold there, sophisticated attackers know that to get to the valuable data within an organization they must quietly pivot. From reconnaissance to escalation of privileges to stealing credentials, learn about the tactics and tools that attackers are using today.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all.
We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of ""security by obscurity"" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...Beau Bullock
Your vulnerability scanner reports that there are no issues on your network. A pentester has spent the last week trying to exploit every system your organization owns with no luck. The check box for this year's compliance audit has been checked. While it is good that these things occurred, they do not complete the picture in regards to true risk.
Real attackers do not solely rely on software exploits to compromise an environment. In almost every breach you hear about the root of the compromise came from a phishing attack. This is why additional tests, post-infection, should be performed to assess just how far an attacker can go after gaining a foothold into your environment.
What command and control channels are available for an attacker to utilize to communicate with your internal systems? How easy is it for an attacker to move laterally within your environment and gain access to other systems? What are your detection capabilities when it comes to sensitive data being exfiltrated out of your environment? How do you test these attacker techniques using open-source tools?
This lecture will address these questions and more, including a showcase of attacker methodologies.
Corey Thuen of Digital Bond Labs describes in technical detail how Havex/Dragonfly enumerated OPC servers.
Havex is the second ICS malware ever seen in the wild.
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesJason Trost
Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.
Despite billions spent on enterprise cyber security, breaches from advanced attacks, costing millions, are occurring on a daily basis.
Our Solution: Complete Near Real-time Network Security Visibility and Awareness: If security analysts could see everything occurring on their network in real-time, breaches would occur but there would never be catastrophic damage – breach reaction would be almost instantaneous. Novetta Cyber Analytics is a linchpin enterprise security solution that enables security analysts, for the first time, to see a complete, near real-time, uncorrupted picture of their entire network. Security analysts then ask and receive answers to subtle questions – at the speed of thought – to enable detection, triage and response to breaches as they occur.
The Benefits: Increase events-responded-to an estimated 30X over.
Substantially reduce or eliminate damage from breaches.
Create a dramatically more effective and efficient security team.
Maximize current security infrastructure investment.
Be far more confident that your network is actually secure.
OUR DIFFERENTIATORS:
Understands the truth of what is happening on your network.
Detects advanced attacks that have breached perimeter defenses.
Develops a complete, near real-time understanding of suspicious behaviour.
Develops a battleground understanding of your entire security situation.
Augments current security solutions.
Proven speed, scale and effectiveness on the largest, most attacked networks on earth.
Bryan Owen of OSIsoft at S4x15 OTDay.
Bryan shows how to harden a Windows Services generically and then specifically to a service used by OSIsoft's PI Server
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionSam Bowne
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Jakub Kałużny
When it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices.
CIS Controls - Windows Built-In and Open Source Tools to The RescueBashar Shamma
No Budget? Missing Some of the 20 Critical Security Controls? Free Open Source Software and Windows Built-in Tools to the Rescue.
Most organizations do not have an unlimited budget to improve their security posture. Even with a fairly healthy budget, organizations might still not be able to cover all of the 20 Critical Security Controls and have to prioritize its budget based on the organization's threat model. So how can we close more security gaps when security is usually considered a cost center? We utilize what's already out there and available to us; Free Open Source Software (FOSS) and Windows Built-in tools.
In this talk, we will map various FOSS and Windows Built-in tools to the applicable Critical Security Control. Then, we will measure the overall coverage to determine the potential of this approach in satisfying the controls' requirements. Expect to leave this talk with ideas and resources to aid you in closing security gaps without the need to buy the NextGen product or the latest blinking box.
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
After successfully attacking an endpoint and gaining a foothold there, sophisticated attackers know that to get to the valuable data within an organization they must quietly pivot. From reconnaissance to escalation of privileges to stealing credentials, learn about the tactics and tools that attackers are using today.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all.
We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of ""security by obscurity"" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...Beau Bullock
Your vulnerability scanner reports that there are no issues on your network. A pentester has spent the last week trying to exploit every system your organization owns with no luck. The check box for this year's compliance audit has been checked. While it is good that these things occurred, they do not complete the picture in regards to true risk.
Real attackers do not solely rely on software exploits to compromise an environment. In almost every breach you hear about the root of the compromise came from a phishing attack. This is why additional tests, post-infection, should be performed to assess just how far an attacker can go after gaining a foothold into your environment.
What command and control channels are available for an attacker to utilize to communicate with your internal systems? How easy is it for an attacker to move laterally within your environment and gain access to other systems? What are your detection capabilities when it comes to sensitive data being exfiltrated out of your environment? How do you test these attacker techniques using open-source tools?
This lecture will address these questions and more, including a showcase of attacker methodologies.
Corey Thuen of Digital Bond Labs describes in technical detail how Havex/Dragonfly enumerated OPC servers.
Havex is the second ICS malware ever seen in the wild.
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesJason Trost
Anyone attending this conference knows the usefulness of running malware in a sandbox to perform triage, speed security analysts' workflow, extract indicators of compromise (IOCs), and to gather useful information for detection and mitigation. When analysts do this, what are the OPSEC concerns regarding tipping the adversary off? Which sandbox providers are better than others in this regard? In this talk we will present some research on taking an adversarial view of the free and widely used SaaS malware sandboxes. When an adversary's malware is detonated in a sandbox, what network artifacts can they see? Can they determine which sandbox provider based on the network? How do malware and related IOCs submitted to these sandboxes propagate to security companies and ultimately threat intelligence feeds? In this talk, we will answer all these questions and more.
Despite billions spent on enterprise cyber security, breaches from advanced attacks, costing millions, are occurring on a daily basis.
Our Solution: Complete Near Real-time Network Security Visibility and Awareness: If security analysts could see everything occurring on their network in real-time, breaches would occur but there would never be catastrophic damage – breach reaction would be almost instantaneous. Novetta Cyber Analytics is a linchpin enterprise security solution that enables security analysts, for the first time, to see a complete, near real-time, uncorrupted picture of their entire network. Security analysts then ask and receive answers to subtle questions – at the speed of thought – to enable detection, triage and response to breaches as they occur.
The Benefits: Increase events-responded-to an estimated 30X over.
Substantially reduce or eliminate damage from breaches.
Create a dramatically more effective and efficient security team.
Maximize current security infrastructure investment.
Be far more confident that your network is actually secure.
OUR DIFFERENTIATORS:
Understands the truth of what is happening on your network.
Detects advanced attacks that have breached perimeter defenses.
Develops a complete, near real-time understanding of suspicious behaviour.
Develops a battleground understanding of your entire security situation.
Augments current security solutions.
Proven speed, scale and effectiveness on the largest, most attacked networks on earth.
Social success - the keys to engaging people on Twitter and Facebook 28 April...Bryony Taylor
The way we socialise, shop, learn and relax has changed beyond all recognition since the advent of the World Wide Web two-decades ago, and the pace of change only seems to quicken. The digital revolution has now entered an increasingly social and mobile phase, and as it does we face new opportunities and challenges as Christians and as churches.
The New Media Centre of Excellence was founded to help fully equip the Christian community to be ‘salt and light’ in the digital world. This presentation was part of the FREE training day held in Leeds on 28th April 2012.
The day was aimed at those in church leadership and individuals who want to harness the power of new and emerging media for the kingdom of God.
http://www.newmediacentreofexcellence.org.uk/regionaltraining
For their final project, second semester Northern Virginia Community College Composition students (ENG 112) work in groups to create presentations that introduce, analyze, and draw a conclusion about a significant American cultural artifact, (a trend, a celebrity, or anything that significantly impacts American culture). Students work together to build a persuasive argument using a combination of text, multimedia, and visual design. Students develop a claim about the negative or positive impact of the artifact on the demographic of American culture it affects. Alternatively, students may discuss what the artifact says about our culture.
These students are asked to explore a cultural artifact and determine its significance and/or role in our society. Students are encouraged to present their findings using any media they wish to implement.
Shepherding Your Team presented by Ps Chris Jarnegan. Presented at the 2016 IGNITE Conference @ First Bapt Church of College Hill, Tampa FL 2016 Oct 29
2014 church-and-social-media-issachar-conferenceJason Kyle Scott
In today's new ministries, the presentation answers whether or not the church should engage in social media, with whom it should engage and the basics of engagement. I also touch on potential pitfalls and the unintended consequences of social endorsement. There are businesses that will benefit from this presentation's section on "social endorsement" from a communications perspective, as well as, delineating the difference between organizational and leadership social accounts.
The Impact of the Internet on the Church - PowerPointJohn Brooks
As part of my Master's Class, "Contemporary Theological Issues" at the
Evangelical University and Seminary in Plant City, FL, I did a project on the impact of the Internet on the church. This is my PowerPoint presentation from that course (sorry, the videos don't work on SlideShare - see note at the bottom). You will also find my term paper and a copy of the survey that was completed by 66 friends, releatives, and associates.
Note: You should find three videos here that were part of the powerpoint.
- jim saylor with overlays.wmv
- Inteview with Jo Lang - Global Media Outreach online counselor.wmv
- Marks Testimony.wmv
Presentation on social media for church created for the Clergy Leadership Institute social media workshop on May 4th, 2013 in Austin, TX.
Translated title: L'Église et les réseaux sociaux. Kirche und soziale Medien.
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
Join the CASC Wednesday April 30 for a Google+ hangout on the Heartbleed Bug. We’ll cover everything from what the bug does to how to tell if your site is at risk and how certificate authorities are responding.
Panel of CASC members:
• Robin Alden- Comodo
• Jeremy Rowley- DigiCert
• Bruce Morton- Entrust
• Rick Andrews- Symantec
• Wayne Thayer- Go Daddy
Watch the recording: http://bit.ly/1jAQCtk
Attackers don’t just search for technology vulnerabilities, they take the easiest path and find the human vulnerabilities. Drive by web attacks, targeted spear phishing, and more are commonplace today with the goal of delivering custom malware. In a world where delivering custom advanced malware that handily evades signature and blacklisting approaches, and does not depend on application software vulnerabilities, how do we understand when are environments are compromised? What are the telltale signs that compromise activity has started, and how can we move to arrest a compromise in progress before the attacker laterally moves and reinforces their position? The penetration testing community knows these signs and artifacts of advanced malware presence, and it is up to us to help educate defenders on what to look for.
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform.
Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security.
For more signup(it's free): www.cisoplatform.com
In the ever-evolving, fast-paced Agile development world, application security has not scaled well. Incorporating application security and testing into the current development process is difficult, leading to incomplete tooling or unorthodox stoppages due to the required manual security assessments. Development teams are working with a backlog of stories—stories that are typically focused on features and functionality instead of security. Traditionally, security was viewed as a prevention of progress, but there are ways to incorporate security activities without hindering development. There are many types of security activities you can bake into your current development lifecycles—tooling, assessments, stories, scrums, iterative reviews, repo and bug tracking integrations—every organization has a unique solution and there are positives and negatives to each of them. In this slide deck, we go through the various solutions to help build security into the development process.
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
Stay safe, grab a drink and join us virtually for our upcoming "The Hacking Game - A Road to Post Exploitation" meetup
to learn how hackers can compromise the software supply chain, advanced data protection methods on WebLogic Server and
how to use AI in order to protect your software.
Agenda:
17:00 - 17:10 - 'Opening words' - by Gidi Farkash (CISO at Pipl Security)
17:10 - 17:40 - 'Tracking Attackers in Open Source Supply Chain - Lessons Learned' - by Jossef Harush Kadouri (Head of Software Supply Chain Security at Checkmarx)
17:40 - 18:20 - 'WebLogic - The Road to Post Exploitation' - by Amit German (Cyber Security Researcher at Pentera)
18:20 - 19:00 - 'AI In The Hands of Application Security' - by Brit Glazer (Head of Information Security at Unit)
Tune in for the Ultimate WAF Torture Test: Bots Attack!Distil Networks
Are WAFs the best approach for defending your website against malicious bots? How can you optimize your WAF for bot detection and mitigation? Watch this webinar and learn practical tips on how to defend your web infrastructure against the OWASP Top 10 as well as brute force attacks, web scraping, unauthorized vulnerability scans, fraud, spam and man-in-the-middle attacks.
World renowned expert and author of Web Application Firewalls: A Practical Approach, John Stauffacher, shares his expertise. He has over 17 years of experience in IT Security and is a certified Network Security and Engineering specialist.
Learn more : http://resources.distilnetworks.com/h/i/95930604-tune-in-for-the-ultimate-waf-torture-test-bots-attack/177622
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
Similar to ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security Audit (20)
2. Who Are We?
• IT Security Audit Firm
• Since June 2011
• Corporate Headquarters located in Milwaukee, WI
• Privately held and operated
• Specializing in logical and physical security audits
3. Mission Statement
Our mission is simple: We want to make your
company’s security an enhancement, not a
hindrance. Unlike other IT firms, COVERT will
only recommend solutions that are appropriate for
the specific client while keeping business
operations in mind. We work with our clients to
provide the best possible support, training,
documentation, policies and plans to ensure the
utmost security.
4. Security Audit Department Staff
Lane Salmon
Joseph Finn
Robert Conti
Ryan Urban
Jason Leitner
Matthew Wiza
Ronald Cox
Project Lead Project Manager Security Staff
7. Scope
Security Audit
Primary
• Audit security functions already in place
• Physical and virtual audit including penetration testing
• Of both MTC as well as the housing Church (Cedar Hills Church)
The Three - P’s Review
Secondary
• Review already in place:
• Policies, Processes and Procedures
Recommendations and Reports
Final
• Create final analysis reports
• Create updated polies, processes and procedures
10. Our Process
Data
Gathering
•Interviewed MCT Staff
•Internet and public record
searches
Verification •Verified data collected
Security Audit
•Physical,
Logical and
Social
Policy Review
and Creation
Information
Consolidation
and Review
• Review policies
currently in place,
expand upon or
create
14. Interview – Key Findings
Joe Cindy
• CEO of MTC
• Specialize in SAP cloud services and
training
• Recently terminated an employee
• Does not regularly check logs of any kind
• No Disaster Recovery Plan in place
• Time Warner is the ISP
• Rents a firewall from them
• Company web pages are not hosted
locally
• Remote access via RDP using open ports
and basic Windows authentication
21. Scanning and Enumeration
MTC Network
IP Schema
Ping Sweeps
Fingerprinting (Limited)
Cedar Hills Network
IP Schema
Ping Sweeps
Fingerprinting
Port Scanning
Enumeration
22. Tools Used for Scanning Process
• NMAP
• Hping
• Tracert
• Dsniff
• DFI LANguard
23. Fingerprint of Server
CCI-SAP14
• Server DataWin AuditCCI-SAP14CCI-
SAP14.html
• A few security flaws that were found.
Item Name Setting
Screen Saver Enabled Yes
Screen Saver Timeout 9999 Minutes
Screen Saver Password Protected No
All Accounts Minimum Password Length 0 Characters
All Accounts Maximum Password Age Forever
All Accounts Historical Passwords 0 remembered
All Accounts Lockout Threshold 0 Attempts
Automatic Updates Update Status Disabled
Automatic Updates Update Schedule Every day
Internet Explorer Download Files Allow
24. Fingerprint of Server
CCI-SAP17B
• Server DataWin AuditCCI-SAP17BCCI-
SAP17B.html
Item Name Setting
Screen Saver Enabled Yes
Screen Saver Timeout 10 Minutes
Screen Saver Password Protected Yes
All Accounts Minimum Password Length 0 Characters
All Accounts Maximum Password Age 42 Days
All Accounts Historical Passwords 0 remembered
All Accounts Lockout Threshold 0 Attempts
Automatic Updates Update Status Notify before installation
Automatic Updates Update Schedule Every day
Internet Explorer Download Files Not allowed
25. Fingerprint of Server
ECC6C2
• Server DataWin AuditECC6C2ECC6C2.html
Item Name Setting
AutoLogon Enabled No
Screen Saver Enabled Yes
Screen Saver Timeout 0 Seconds
Screen Saver Password Protected No
All Accounts Force Network Logoff Never
All Accounts All Accounts All
Accounts All Accounts
Automatic Updates Automatic
Updates Internet Explorer
Internet Explorer Internet
Explorer Internet Explorer
Internet Explorer Internet
Explorer
Minimum Password Length
0 Characters Maximum
Password Age Forever
Historical Passwords 0
remembered Lockout
Threshold 0 Attempts
Update Status Disabled
Update Schedule Every day
Run Script Allow Run
ActiveX Allow Run Java
Allow Download Files Allow
Install Desktop Items
Prompt user Launch
Applications Prompt user
26. Fingerprint of Server
SVCTAG-2KXKWC1
• Server DataWin AuditSVCTAG-
2KXKWC1SVCTAG-2KXKWC1.html
Item Name Setting
Screen Saver Enabled Yes
Screen Saver Timeout 10 Minutes
Screen Saver Password Protected Yes
All Accounts Minimum Password Length 0 Characters
All Accounts Maximum Password Age 42 Days
All Accounts Historical Passwords 0 remembered
All Accounts Lockout Threshold 0 Attempts
Automatic Updates Update Status NotConfigured
Automatic Updates Update Schedule Every day
Internet Explorer Download Files Allow
27. Fingerprint of Server
SVCTAG-5KXKWC1
• Server DataWin AuditSVCTAG-
5KXKWC1SVCTAG-5KXKWC1.html
Item Name Setting
Screen Saver Enabled Yes
Screen Saver Timeout 10 Minutes
Screen Saver Password Protected Yes
All Accounts Minimum Password Length 0 Characters
All Accounts Maximum Password Age 42 Days
All Accounts Historical Passwords 0 remembered
All Accounts Lockout Threshold 0 Attempts
Automatic Updates Update Status NotConfigured
Automatic Updates Update Schedule Every day
Internet Explorer Download Files Allow
28. Fingerprint of Server
SVCTAG-CJXKWC1
• Server DataWin AuditSVCTAG-
CJXKWC1SVCTAG-CJXKWC1.html
Item Name Setting
Screen Saver Enabled Yes
Screen Saver Timeout 10 Minutes
Screen Saver Password Protected Yes
All Accounts Minimum Password Length 0 Characters
All Accounts Maximum Password Age 42 Days
All Accounts Historical Passwords 0 remembered
All Accounts Lockout Threshold 0 Attempts
Automatic Updates Update Status Scheduled installation
Automatic Updates Update Schedule Every day
Internet Explorer Download Files Allow
29. Win Audit
• WinAudit is a software program that audits Windows
based personal computers. Just about every aspect of
computer inventory is examined. The report is displayed
as a web page, which can be saved in a number of
standard formats. You can e-mail it to your technical
support or even post the audit to a database for
archiving. When used in conjunction with its command
line functionality, you can automate inventory
administration at the network level.
http://www.pxserver.com/WinAudit.htm
30. System Information for Windows (SIW)
• SIW is an advanced System Information for
Windows tool that analyzes your computer
and gathers detailed information about
system properties and settings and displays it
in an extremely comprehensible manner.
http://www.gtopala.com/
31. SIW Continued
• The System Information is divided into few major categories:
• Software Information: Operating System, Software Licenses (Product Keys
/ Serial Numbers / CD Key), Installed Software and Hot fixes, Processes,
Services, Users, Open Files, System Uptime, Installed Codec's, Passwords
Recovery, Server Configuration.
• Hardware Information: Motherboard, CPU, Sensors, BIOS, chipset,
PCI/AGP, USB and ISA/PnP Devices, Memory, Video Card, Monitor, Disk
Drives, CD/DVD Devices, SCSI Devices, S.M.A.R.T., Ports, Printers.
• Network Information: Network Cards, Network Shares, currently active
Network Connections, Open Ports.
• Network Tools: MAC Address Changer, Neighborhood Scan, Ping, Trace,
Statistics, Broadband Speed Test
• Miscellaneous Tools: Eureka! (Reveal lost passwords hidden behind
asterisks), Monitor Test, Shutdown / Restart.
• Real-time monitors: CPU, Memory, Page File usage and Network Traffic.
32. Microsoft Baseline Security Analyzer
• Microsoft Baseline Security Analyzer (MBSA) is an easy-
to-use tool designed for the IT professional that helps
small- and medium-sized businesses determine their
security state in accordance with Microsoft security
recommendations and offers specific remediation
guidance. Improve your security management process
by using MBSA to detect common security
misconfigurations and missing security updates on your
computer systems.
http://technet.microsoft.com/en-us/security/cc184924
33. SIW Audit of Server
CCISAPECC6C2
• Server DataSIWECC6siwReport.html
SIW Audit of Server
CCI-SAP14
• Server DataSIWSIW_FREEWARE_CCI-
SAP14_20110718_192250.html
SIW Audit of Server
CCI-SAP17B
• Server DataSIWSIW_FREEWARE_CCI-
SAP17B_20110718_194229.html
Analyzer Audit of Server CCISAPECC6C2
• Server DataAnalyzerECC6.xps
Analyzer Audit of Server
WORKGROUPSVCTAG-2KXKWC1
• Server DataAnalyzerubuntu.mht
34. SIW Audit of Server
CCISAPECC6C2
• Server DataSIWSIW_FREEWARE_ECC6C2_20110718_192841.html
SIW Audit of Server
WORKGROUPSVCTAG-5KXKWC1
• Server DataSIWSIW_FREEWARE_SVCTAG-
5KXKWC1_20110718_192726.html
SIW Audit of Server
WORKGROUPSVCTAG-CJXKWC1
• Server DataSIWSIW_FREEWARE_SVCTAG-
CJXKWC1_20110718_184840.html
Analyzer Audit of Server WORKGROUPSVCTAG-CJXKWC1
• Server DataAnalyzerC4.xps
Analyzer Audit of Server
WORKGROUPSVCTAG-5KXKWC1
• Server DataAnalyzerc3ecc6.mht
35. Physical Site Security
Fire Suppressions
Power Issues
Access Control
Door & Window Reinforcement
Site Monitoring
41. Audit Findings Summery
Wireless
• Cedar Hills WEP -> WPA2
• Cedar Hills wireless and LAN same network
Network
• Flat Network
• Lack of central management (AD)
• Lack of enforced network security policy
• Windows Updates
Physical
• Social Engineering successful
• Power Issues
• High Availability and Redundancy
• Cooling
• Fire Suppression
• Battery backup
• Backup process
• Security Camera
42. Recommendations Specifics
• Implement AD system
• This will allow constant
server hardening and
polies to be pushed to
all machines
• IDS
• Logging
• Wireless change to WPA2
• Change password to
complex on all networking
devices
• Including church router
and printer
• Backup system
• High Availability
• Switches, routers, ISP,
Important servers
• Redundancy
• Switches, routers, ISP,
UPS, Cooling
• Possibly Hot or Cold site
• Inventory Control
43. Recommendations Specifics (Continued)
• Physical Security
• Camera and access controls
• Must include logging capabilities
• Reinforced doors and walls
• Glass into server room - remove
• Fire suppression
• Seal Server room for better cooling
• Power issues
• Extension cord
• Encryption on Laptops
• More Secure method of Remote
Access
I don’t think we should read this mission statement but just a quick summery of our key beliefs.
-don’t interrupt the normal business procedures.
-focus on security
-only recommend applicable and necessary upgrades/changes
-With our network infrastructures going into the cloud along follow our security. With all the benefits and increased functionality that the cloud can bring, it also offers many security related challenges.
-This new horizon has proven a challenge for many companies so far this year. Including Sony, RSA and wordpress
Add more specificis
http://mobile.eweek.com/c/a/Security/10-Biggest-Data-Breaches-of-2011-So-Far-175567/
http://www.informationweek.com/news/security/229401787
We put our best efforts into securing from the most common to the least to ensure your getting the most out of your investment.
Update with exact
I need the Gant chart in another form that PDF
Make sure this format is followed thought the PPT
Plan and organize
Implement
Operate and maintain
Monitor and evaluate
Make sure these diag.’s get updated before presentation for the larger text
Also make sure you say which floor plan is which.
Have to enlarge text and add diagram
Have to enlarge text and add diagram
Ron has the interview notes from Cindy
Exploiting human vulnerably.
The weakest link are untrained employees. We took advantage of this
Recommend the social eng. Toolkit
Outline our steps -> in the way outlined in slide
Include Diagrams/SSIDS list/WEP Cracking
The main purpose of this audit procedure was to show how many people were around. If we can see their wireless they can see MCT
Video inserted here. Will not show until presentation because it isn't embedded.
Explain what is going on along with it
Note that this is a list of discoverable network devices. Define discoverable.
Fingerprinting
Don’t go into detail about pen testing them
NOTE: that we were not allowed to attack the MTC Network
Enumeration occurs after scanning and is the process of gathering and comiling user names, machines names, network resources, shares and services
Note that this is a list of discoverable network devices. Define discoverable.
Don’t go into detail about pen testing them
Define fingerprinting
May want to take this out, duplicate as info before it
May want to take this out, duplicate as info before it
Create a section of all tools and resources used in this audit
Figure out where this should go. Before all audit finds or after (one of the last)
Make sure addition of server function is done
We may not want to use these in presentation
Make sure addition of server function is done
We may not want to use these in presentation
Explain what it is: How to stay in business in the even of a disaster
Why we need it.
Go over the steps and then go into the DR plan
This plan also has to include things like state of current Fire suppression, power issues, UPS and then suggestions to fix
We could do tour here
Ethics Policy
Defines the means to establish a culture of openness, trust and integrity in business practices.
Dial-in Access Policy
Defines appropriate dial-in access and its use by authorized personnel.
Explain what it is: How to stay in business in the even of a disaster
Why we need it.
Go over the steps and then go into the DR plan
This plan also has to include things like state of current Fire suppression, power issues, UPS and then suggestions to fix
We need to upgrade or DR plan to include HA and redundancy. Possibly the option of a hot/cold site
This plan also has to include things like state of current Fire suppression, power issues, UPS and then suggestions to fix
This has got to relate to $$ but from lost and cost of creation
Do not define solutions to these just identify the vulnerabilities
Define flat network
Create more slides here such as backups/compliance
Make sure we put together training materials for employees and clients who have access to system.
Create more slides here such as backups/compliance
Make sure we put together training materials for employees and clients who have access to system.
Have to enlarge text and add diagram
Break up into current cost monthly and one time costs including a total for one year
Explain the graph – businesses which reported incidents to law enforcement within the US
Sales pitch: As technology evolves so does the work places network infrastructure. This evolution unfortunately brings more security vulnerabilities into the work place to keep updated and tested. Network security audits should not be a one time test but ongoing process to be done at set intervals throughout the year. We hope you will think of us again next time that date pops onto your calendars.
Thanks you