Why are IT Forensic and System Hardening so important for your company? How can you significantly increase the level of your IT Security? This presentation gives you the answers.
Este documento define la seguridad como la característica de un sistema que lo mantiene libre de peligros, daños o riesgos. Explica que lo principal que hay que proteger son los datos, especialmente mediante copias de seguridad para evitar su pérdida. Identifica varias amenazas a la seguridad, incluyendo personas pasivas o activas, amenazas lógicas intencionadas como virus o malware, y amenazas físicas como fallos en dispositivos o desastres naturales.
Disaster Recovery & Data Backup StrategiesSpiceworks
This document discusses data backup strategies and planning. It emphasizes that backups are critical for businesses to protect their data and recover from data loss. The document outlines planning considerations like identifying critical systems and data, recovery objectives, and capacity needs. It then covers various backup methods and factors to consider when developing a backup plan such as repository type, media type, and testing procedures. Regularly monitoring and testing backups is key to ensuring the plan is effective.
In this lightning talk we will explore one approach to getting multi-stakeholder agreement on Enterprise Architecture decisions focused on a defence in depth security model. Corporate enterprise technology environments can be large and complicated. And when it comes to making changes to the internet facing security environment both rigorousness and resistance to change increase. These increased challenges can be overcome with good project / process management, solid end-to-end architecture, and a comprehensive decision making template. In a nutshell, this talk explores the enterprise architecture decision.
Seguridad Informatica y Gestión de Riesgosdaylisyfran
Este documento presenta información sobre seguridad informática. Explica conceptos como amenazas, virus, gestión de riesgos y técnicas para asegurar sistemas. También describe la importancia de políticas de seguridad, respaldos de información y consideraciones para redes. El objetivo es fomentar el cuidado de la información y la protección de activos digitales.
Top 10 it security architect interview questions and answersmikeforbush3
In this file, you can ref interview materials for it security architect such as types of interview questions, it security architect situational interview, it security architect behavioral interview…
Best Practices in Disaster Recovery Planning and TestingAxcient
Axcient and industry expert Paul Kirvan have put together this presentation on avoiding common disaster recovery mistakes and leveraging industry best practices to create a technology disaster recovery plan that works best for you.
This presentation gives you the many elements necessary of a well-executed disaster recovery plan, including:
- Guidelines for creating your own Disaster Recovery plan
- A checklist of key items to consider based on your business objectives
- The common mistakes and pitfalls to avoid
- Technology considerations for Disaster Recovery
- Tips for planning and executing a successful Disaster Recovery test
Whether you're in the process of creating a disaster recovery plan or you already have one in place, this presentation will guide you through the steps you need to follow to help ensure your plan is complete.
The Cyber Defense Matrix helps people organize and understand gaps in their overall security program. These slides describe several additional use cases of the Cyber Defense Matrix, including how to map the latest startup vendors and security trends, anticipate gaps, develop program roadmaps, capture metrics, reconcile inventories, improve situational awareness, and create a board-level view of their entire program.
See the 2016 version at: http://bit.ly/cyberdefensematrix
See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded
Este documento define la seguridad como la característica de un sistema que lo mantiene libre de peligros, daños o riesgos. Explica que lo principal que hay que proteger son los datos, especialmente mediante copias de seguridad para evitar su pérdida. Identifica varias amenazas a la seguridad, incluyendo personas pasivas o activas, amenazas lógicas intencionadas como virus o malware, y amenazas físicas como fallos en dispositivos o desastres naturales.
Disaster Recovery & Data Backup StrategiesSpiceworks
This document discusses data backup strategies and planning. It emphasizes that backups are critical for businesses to protect their data and recover from data loss. The document outlines planning considerations like identifying critical systems and data, recovery objectives, and capacity needs. It then covers various backup methods and factors to consider when developing a backup plan such as repository type, media type, and testing procedures. Regularly monitoring and testing backups is key to ensuring the plan is effective.
In this lightning talk we will explore one approach to getting multi-stakeholder agreement on Enterprise Architecture decisions focused on a defence in depth security model. Corporate enterprise technology environments can be large and complicated. And when it comes to making changes to the internet facing security environment both rigorousness and resistance to change increase. These increased challenges can be overcome with good project / process management, solid end-to-end architecture, and a comprehensive decision making template. In a nutshell, this talk explores the enterprise architecture decision.
Seguridad Informatica y Gestión de Riesgosdaylisyfran
Este documento presenta información sobre seguridad informática. Explica conceptos como amenazas, virus, gestión de riesgos y técnicas para asegurar sistemas. También describe la importancia de políticas de seguridad, respaldos de información y consideraciones para redes. El objetivo es fomentar el cuidado de la información y la protección de activos digitales.
Top 10 it security architect interview questions and answersmikeforbush3
In this file, you can ref interview materials for it security architect such as types of interview questions, it security architect situational interview, it security architect behavioral interview…
Best Practices in Disaster Recovery Planning and TestingAxcient
Axcient and industry expert Paul Kirvan have put together this presentation on avoiding common disaster recovery mistakes and leveraging industry best practices to create a technology disaster recovery plan that works best for you.
This presentation gives you the many elements necessary of a well-executed disaster recovery plan, including:
- Guidelines for creating your own Disaster Recovery plan
- A checklist of key items to consider based on your business objectives
- The common mistakes and pitfalls to avoid
- Technology considerations for Disaster Recovery
- Tips for planning and executing a successful Disaster Recovery test
Whether you're in the process of creating a disaster recovery plan or you already have one in place, this presentation will guide you through the steps you need to follow to help ensure your plan is complete.
The Cyber Defense Matrix helps people organize and understand gaps in their overall security program. These slides describe several additional use cases of the Cyber Defense Matrix, including how to map the latest startup vendors and security trends, anticipate gaps, develop program roadmaps, capture metrics, reconcile inventories, improve situational awareness, and create a board-level view of their entire program.
See the 2016 version at: http://bit.ly/cyberdefensematrix
See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded
El documento habla sobre las amenazas a la seguridad informática. Define amenazas como cualquier elemento o acción capaz de atentar contra la seguridad de la información. Las amenazas surgen de vulnerabilidades y pueden ser intencionales o no intencionales. Las amenazas intencionales han aumentado debido a técnicas de ingeniería social y falta de capacitación a usuarios. Las amenazas pueden clasificarse como internas o externas dependiendo de su origen, y por su efecto, medio utilizado u otros factores.
The Surprising Truth About Your Disaster Recovery Maturity LevelAxcient
Have you ever wondered if your organization's Disaster Recovery initiatives are in line with business objectives? How can you get business units, IT, and senior management on the same page when it comes to the company's resiliency?
Introducing the Disaster Recovery Maturity Framework, a new, vendor-agnostic tool for analyzing your organization's resiliency level.
Learn how to assess your company's DR maturityand discover:
- What resiliency really means
- The five different maturity levels for disaster recovery
- Key elements to assess your company's own maturity score
- How to use the DR Maturity Framework as a catalyst for change
Este documento describe cómo identificar, inventariar y valorar los activos de información de una organización según la norma ISO 27001. Explica que los activos incluyen datos, aplicaciones, personal, servicios, tecnología, instalaciones y equipamiento auxiliar. Detalla los pasos para crear un inventario de activos e identificar sus propietarios, y cómo valorar los activos considerando su disponibilidad, integridad y confidencialidad para determinar cuáles son los más importantes para la organización.
Citrix allows remote users to access applications installed on a remote server. It uses a protocol called ICA to encrypt and transmit the application's screen and user inputs between the client and server. Key components include XenApp servers, the ICA protocol for communication, and a centralized management console. XenApp 6 introduced features like simplified management, support for 100,000+ users, integration with Microsoft products, and support for accessing apps from Macs and smartphones.
Endpoint Detection and Response for DummiesLiberteks
This document provides an introduction to the concepts of endpoint detection and response (EDR). It defines an endpoint broadly as any connected device used to access an organization's network and data. As new types of devices connect, the definition of an endpoint is expanding beyond traditional computers and mobile devices to also include IoT devices, servers, and industrial systems. The document outlines how EDR can help organizations securely manage this growing variety of endpoints and detect and respond to security threats through automated monitoring and response capabilities. It provides an overview of the topics that will be covered in the book.
Diving into Common AWS MisconfigurationsNikhil Sahoo
The document provides an overview of common AWS misconfigurations and exploitation techniques. It begins with an introduction of the speaker and their background and expertise in AWS security. It then covers popular AWS services like S3, IAM, and EC2 and common misconfigurations like publicly accessible S3 buckets, excessive permissions in IAM policies, and using SSRF to access EC2 instance metadata. Tools demonstrated include Bucket-Flaws and IAM-Flaws for scanning AWS environments, and Pacu for post-exploitation of AWS accounts. The document emphasizes that while cloud providers secure infrastructure, misconfigurations of services within the cloud can still lead to breaches.
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
SOC and SIEM systems can help organizations detect and respond to security incidents and threats in a timely manner. A SOC acts as a security operations center to monitor, analyze, and respond to cybersecurity incidents. SIEM provides real-time analysis of security alerts and events to help identify potential threats. Implementing SOC and SIEM solutions can improve an organization's security posture through early threat detection, compliance with regulations, and reduced breach impact.
Despite the amazing technologies available today in cybersecurity, organizations still struggle with the most fundamental challenge that has been around for decades: understanding all the devices, users, and cloud services they’re responsible for, and whether those assets are secure.
These slides—based on the webinar hosted by leading IT research firm EMA and Axonius—explain why solving asset management for cybersecurity is becoming increasingly important, and why something so fundamental has quickly risen to the top of CISOs priority lists.
SIEM stands for Security Information and Event Management. It involves collecting, aggregating, normalizing and retaining logs and other security-related data from across an organization. SIEM performs analysis on this data through correlation, prioritization and notification/alerting. It also provides reporting and workflow capabilities for security teams. While SIEM promises improved security through these functions, it requires careful planning, scoping, requirements development and ongoing focus to avoid failures and ensure value.
When assessing backup software vendors, IT leaders must avoid being taken in by flashy new features. Backup software should really be called restore software as failure in backup is failure to meet recovery objectives. Always evaluate features in light of these objectives.
Use this research to:
•Understand new features and develop a strategy to meet new challenges to enterprise backup, such as ever-increasing backup sizes, backup of virtual infrastructures, and evolving backup architecture strategy.
•Evaluate eight different backup software vendors for best fit using Info-Tech’s Vendor Landscape.
•Use Info-Tech’s scenario analysis to shortlist vendors according to your current situation and submit an RFP to vendors, score their responses, and prepare a backup software demo script.
•Assess implementation pitfalls in light of overall data management, security, and compliance requirements.
Ensure that you make the best-fit backup software decisions for enterprise availability and restore requirements, from strategy to selection to implementation.
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
The webinar covers:
• An overview of Cybersecurity
• Explaining of Cybersecurity Relationship with other types of security
• Guidance for addressing common Cybersecurity issues.
• Convincing stakeholders to collaborate on resolving Cybersecurity issues.
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Fabrice DePaepe, who is Managing Director at Nitroxis Sprl and has more than 15 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/fQUSQEoLsYc
Oracle Hyperion Planning Best PracticesIssam Hejazin
This document discusses key considerations for a successful Hyperion Planning implementation. It covers important project phases like analyze/design, build, test, and rollout. It recommends building techniques such as application definition, delineating plan types, defining dimensionality, integrating metadata and data, building forms, developing calculations, and defining process flow and security. Critical success factors include clearly defined goals, stakeholder participation, finance and IT involvement, thorough testing, and consistent project management.
Critical Infrastructure Protection from Terrorist AttacksBGA Cyber Security
Candan Bölükbas presented information on critical infrastructure protection from terrorist attacks. The document discussed supervisory control and data acquisition (SCADA) systems and industrial control systems (ICS), noting key differences from traditional IT security including more severe impacts of failures, difficulty patching old systems, and additional threat vectors. It also outlined ICS security requirements, common threat agents targeting ICS like organized crime and nation-states, and the need for continuous security assessments given frequent vulnerabilities.
This document discusses disaster recovery. It describes different types of disasters including natural disasters like tsunamis and earthquakes that are difficult to recover from, and man-made disasters like theft that are easier to recover from. It emphasizes the importance of data backup and restoration, and outlines disaster recovery measures organizations can take including identifying critical systems, backing up data daily including transaction logs, and having system redundancy. It also recommends technologies for disaster recovery planning like regular backups to off-site locations and data replication using SAN storage.
Threat Modeling workshop by Robert HurlbutDevSecCon
This document summarizes a presentation on threat modeling concepts and processes. It began with defining key threat modeling terms like assets, threats, vulnerabilities, and risk. It described threat modeling as understanding potential threats to a system. The presentation covered approaches like STRIDE and asking questions. It emphasized decomposing systems and identifying threats through data flows. Determining mitigations and risk ratings for threats was also discussed. The goal of threat modeling is to have an ongoing, living understanding of security risks to a system.
Business continuity and disaster recoveryAdeel Javaid
The document discusses business continuity and disaster recovery plans. It describes how to conduct a business impact analysis to determine critical business processes and their recovery time objectives. It then discusses various disaster recovery strategies like hot sites, warm sites, and cold sites. The document also covers topics like defining recovery point objectives, classifying services, testing plans, and auditing business continuity plans.
Disaster recovery plans aim to restore critical network functionality after a disaster. Key aspects include planning for worst case scenarios, documenting recovery procedures, and considering data, systems, and personnel. Redundancy of data, servers, and hardware at multiple locations guards against single points of failure. While backups are important, more sophisticated techniques like disk mirroring ensure near real-time data availability. Testing and updating plans is also essential as networks change.
IT-Centric Disaster Recovery & Business ContinuitySteve Susina
IT-centric business continuity planning aims to align IT recovery with business needs. It recognizes that while disaster recovery focuses on restoring IT systems, business continuity prioritizes maintaining business processes. The approach involves business leaders and IT leaders collaboratively assessing risks, mapping processes, developing strategies to restore critical systems based on business priorities, and creating plans to guide response and recovery. Regular testing and updates are needed to ensure plans remain effective over time.
Präsentation: Wie Energieversorger ihre IT-Systeme durch Systemhärtung absich...NoCodeHardening
Diese Slides sind eine Präsentation, die im Rahmen eines kostenlose Webinars gezeigt wurden. Das Webinar wie auch die Folien richteten sich an IT-Verantwortliche bei Energieversorgern, die ihre IT-Systemlandschaft "härten" möchten.
IT-Security "Must Have": Hardening as Part of a holistic Security StrategyNoCodeHardening
The document discusses system hardening and outlines several challenges and approaches to implementing hardening. It begins with examples of real-world cyberattacks to illustrate the importance of hardening. It then discusses common hardening techniques like reducing attack surfaces and managing user rights assignments. The document also provides recommendations for how to plan and roll out hardening projects through a phased approach and highlights some potential pitfalls to avoid.
El documento habla sobre las amenazas a la seguridad informática. Define amenazas como cualquier elemento o acción capaz de atentar contra la seguridad de la información. Las amenazas surgen de vulnerabilidades y pueden ser intencionales o no intencionales. Las amenazas intencionales han aumentado debido a técnicas de ingeniería social y falta de capacitación a usuarios. Las amenazas pueden clasificarse como internas o externas dependiendo de su origen, y por su efecto, medio utilizado u otros factores.
The Surprising Truth About Your Disaster Recovery Maturity LevelAxcient
Have you ever wondered if your organization's Disaster Recovery initiatives are in line with business objectives? How can you get business units, IT, and senior management on the same page when it comes to the company's resiliency?
Introducing the Disaster Recovery Maturity Framework, a new, vendor-agnostic tool for analyzing your organization's resiliency level.
Learn how to assess your company's DR maturityand discover:
- What resiliency really means
- The five different maturity levels for disaster recovery
- Key elements to assess your company's own maturity score
- How to use the DR Maturity Framework as a catalyst for change
Este documento describe cómo identificar, inventariar y valorar los activos de información de una organización según la norma ISO 27001. Explica que los activos incluyen datos, aplicaciones, personal, servicios, tecnología, instalaciones y equipamiento auxiliar. Detalla los pasos para crear un inventario de activos e identificar sus propietarios, y cómo valorar los activos considerando su disponibilidad, integridad y confidencialidad para determinar cuáles son los más importantes para la organización.
Citrix allows remote users to access applications installed on a remote server. It uses a protocol called ICA to encrypt and transmit the application's screen and user inputs between the client and server. Key components include XenApp servers, the ICA protocol for communication, and a centralized management console. XenApp 6 introduced features like simplified management, support for 100,000+ users, integration with Microsoft products, and support for accessing apps from Macs and smartphones.
Endpoint Detection and Response for DummiesLiberteks
This document provides an introduction to the concepts of endpoint detection and response (EDR). It defines an endpoint broadly as any connected device used to access an organization's network and data. As new types of devices connect, the definition of an endpoint is expanding beyond traditional computers and mobile devices to also include IoT devices, servers, and industrial systems. The document outlines how EDR can help organizations securely manage this growing variety of endpoints and detect and respond to security threats through automated monitoring and response capabilities. It provides an overview of the topics that will be covered in the book.
Diving into Common AWS MisconfigurationsNikhil Sahoo
The document provides an overview of common AWS misconfigurations and exploitation techniques. It begins with an introduction of the speaker and their background and expertise in AWS security. It then covers popular AWS services like S3, IAM, and EC2 and common misconfigurations like publicly accessible S3 buckets, excessive permissions in IAM policies, and using SSRF to access EC2 instance metadata. Tools demonstrated include Bucket-Flaws and IAM-Flaws for scanning AWS environments, and Pacu for post-exploitation of AWS accounts. The document emphasizes that while cloud providers secure infrastructure, misconfigurations of services within the cloud can still lead to breaches.
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
SOC and SIEM systems can help organizations detect and respond to security incidents and threats in a timely manner. A SOC acts as a security operations center to monitor, analyze, and respond to cybersecurity incidents. SIEM provides real-time analysis of security alerts and events to help identify potential threats. Implementing SOC and SIEM solutions can improve an organization's security posture through early threat detection, compliance with regulations, and reduced breach impact.
Despite the amazing technologies available today in cybersecurity, organizations still struggle with the most fundamental challenge that has been around for decades: understanding all the devices, users, and cloud services they’re responsible for, and whether those assets are secure.
These slides—based on the webinar hosted by leading IT research firm EMA and Axonius—explain why solving asset management for cybersecurity is becoming increasingly important, and why something so fundamental has quickly risen to the top of CISOs priority lists.
SIEM stands for Security Information and Event Management. It involves collecting, aggregating, normalizing and retaining logs and other security-related data from across an organization. SIEM performs analysis on this data through correlation, prioritization and notification/alerting. It also provides reporting and workflow capabilities for security teams. While SIEM promises improved security through these functions, it requires careful planning, scoping, requirements development and ongoing focus to avoid failures and ensure value.
When assessing backup software vendors, IT leaders must avoid being taken in by flashy new features. Backup software should really be called restore software as failure in backup is failure to meet recovery objectives. Always evaluate features in light of these objectives.
Use this research to:
•Understand new features and develop a strategy to meet new challenges to enterprise backup, such as ever-increasing backup sizes, backup of virtual infrastructures, and evolving backup architecture strategy.
•Evaluate eight different backup software vendors for best fit using Info-Tech’s Vendor Landscape.
•Use Info-Tech’s scenario analysis to shortlist vendors according to your current situation and submit an RFP to vendors, score their responses, and prepare a backup software demo script.
•Assess implementation pitfalls in light of overall data management, security, and compliance requirements.
Ensure that you make the best-fit backup software decisions for enterprise availability and restore requirements, from strategy to selection to implementation.
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
The webinar covers:
• An overview of Cybersecurity
• Explaining of Cybersecurity Relationship with other types of security
• Guidance for addressing common Cybersecurity issues.
• Convincing stakeholders to collaborate on resolving Cybersecurity issues.
Presenter:
This webinar was presented by PECB Partner and Trainer Mr. Fabrice DePaepe, who is Managing Director at Nitroxis Sprl and has more than 15 years of experience in IT and Information Security.
Link of the recorded session published on YouTube: https://youtu.be/fQUSQEoLsYc
Oracle Hyperion Planning Best PracticesIssam Hejazin
This document discusses key considerations for a successful Hyperion Planning implementation. It covers important project phases like analyze/design, build, test, and rollout. It recommends building techniques such as application definition, delineating plan types, defining dimensionality, integrating metadata and data, building forms, developing calculations, and defining process flow and security. Critical success factors include clearly defined goals, stakeholder participation, finance and IT involvement, thorough testing, and consistent project management.
Critical Infrastructure Protection from Terrorist AttacksBGA Cyber Security
Candan Bölükbas presented information on critical infrastructure protection from terrorist attacks. The document discussed supervisory control and data acquisition (SCADA) systems and industrial control systems (ICS), noting key differences from traditional IT security including more severe impacts of failures, difficulty patching old systems, and additional threat vectors. It also outlined ICS security requirements, common threat agents targeting ICS like organized crime and nation-states, and the need for continuous security assessments given frequent vulnerabilities.
This document discusses disaster recovery. It describes different types of disasters including natural disasters like tsunamis and earthquakes that are difficult to recover from, and man-made disasters like theft that are easier to recover from. It emphasizes the importance of data backup and restoration, and outlines disaster recovery measures organizations can take including identifying critical systems, backing up data daily including transaction logs, and having system redundancy. It also recommends technologies for disaster recovery planning like regular backups to off-site locations and data replication using SAN storage.
Threat Modeling workshop by Robert HurlbutDevSecCon
This document summarizes a presentation on threat modeling concepts and processes. It began with defining key threat modeling terms like assets, threats, vulnerabilities, and risk. It described threat modeling as understanding potential threats to a system. The presentation covered approaches like STRIDE and asking questions. It emphasized decomposing systems and identifying threats through data flows. Determining mitigations and risk ratings for threats was also discussed. The goal of threat modeling is to have an ongoing, living understanding of security risks to a system.
Business continuity and disaster recoveryAdeel Javaid
The document discusses business continuity and disaster recovery plans. It describes how to conduct a business impact analysis to determine critical business processes and their recovery time objectives. It then discusses various disaster recovery strategies like hot sites, warm sites, and cold sites. The document also covers topics like defining recovery point objectives, classifying services, testing plans, and auditing business continuity plans.
Disaster recovery plans aim to restore critical network functionality after a disaster. Key aspects include planning for worst case scenarios, documenting recovery procedures, and considering data, systems, and personnel. Redundancy of data, servers, and hardware at multiple locations guards against single points of failure. While backups are important, more sophisticated techniques like disk mirroring ensure near real-time data availability. Testing and updating plans is also essential as networks change.
IT-Centric Disaster Recovery & Business ContinuitySteve Susina
IT-centric business continuity planning aims to align IT recovery with business needs. It recognizes that while disaster recovery focuses on restoring IT systems, business continuity prioritizes maintaining business processes. The approach involves business leaders and IT leaders collaboratively assessing risks, mapping processes, developing strategies to restore critical systems based on business priorities, and creating plans to guide response and recovery. Regular testing and updates are needed to ensure plans remain effective over time.
Präsentation: Wie Energieversorger ihre IT-Systeme durch Systemhärtung absich...NoCodeHardening
Diese Slides sind eine Präsentation, die im Rahmen eines kostenlose Webinars gezeigt wurden. Das Webinar wie auch die Folien richteten sich an IT-Verantwortliche bei Energieversorgern, die ihre IT-Systemlandschaft "härten" möchten.
IT-Security "Must Have": Hardening as Part of a holistic Security StrategyNoCodeHardening
The document discusses system hardening and outlines several challenges and approaches to implementing hardening. It begins with examples of real-world cyberattacks to illustrate the importance of hardening. It then discusses common hardening techniques like reducing attack surfaces and managing user rights assignments. The document also provides recommendations for how to plan and roll out hardening projects through a phased approach and highlights some potential pitfalls to avoid.
The document discusses the risks IT infrastructure can pose to businesses and provides recommendations to improve security. It covers:
1) There are three elements of security - overall security, hacking, and privacy of data within IT systems.
2) Recent high-profile security failures show how breaches can damage reputation and business. Proper encryption, storage, and access rules for different types of data are critical to reduce risks.
3) Organizations need clear ownership and accountability for IT security and should regularly review security processes, access, and compliance with best practices. Outsourced IT providers also require oversight to ensure security standards are met.
Product security by Blockchain, AI and Security CertsLabSharegroup
Three themes You need to think about Product Security — and some tips for How to Do It
I have been working with software security laboratories and IT security firms for years. I have talked with clients, read and watched dozens of articles/videos and talked with several experts about product security themes, future, technologies.
The three themes are:
Is the blockchain the new technology of trust?
Blockchain has the potential to transform industries. However, some security experts raised questions: If blockchain is broadly used in technology solutions will security standards be adopted? How to protect the cryptographic keys that allow access to the blockchain applications? Although it is true that the potential is huge such as securing IoT nodes, edge devices with authentication, improved confidentiality and data integrity, disrupting current PKI systems, reducing DDoS attacks etc.
AI (Machine Learning, Deep Learning, Reinforcement Learning algorithm) potential in Product Security
Machine learning can help in creating products that analyse threats and respond to attacks and security incidents. There are several repositories on GitHub or open-source codes by IBM available for developers. Deep learning networks are rapidly growing due to cheap cloud GPU services and after Reinforcement learning algorithm’s last success nobody knows the upper limit.
Product Security by International security standards and practices
The present, future, and developmental orientations of independent third party certificates Industry. How can the international standards answer the rapid growth of new technologies and maintain secure applications in IoT, Blockchain or AI-driven industries?
Are IT products reliable, secure and will they stay that way?
I would like to explain Product Security in a simple way. My goal is the introduction of product security for Tech startups, fast-growing Tech firms. Furthermore, I would like to emphasize the benefits of product security certification.
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
This document provides an overview of Gartner's methodologies for evaluating technology products and vendors, including the Gartner IT Market Clock, Hype Cycle, MarketScope, Magic Quadrant, and Critical Capabilities research. It recommends specific Gartner research reports on topics like information security program structure, security processes, risk management techniques, and risk governance forums to help with information security planning and risk oversight. The document emphasizes speaking with a Gartner analyst in addition to reviewing reports.
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
1. The access control policy outlines how access control methodologies will secure information systems through authorization and access restriction. A reference monitor will enforce access controls based on authorizations in an administrator-managed database.
2. Discretionary access control allows flexible user-defined access permissions but increases security risks if data is made too accessible. Mandatory access control uses a hierarchy approach where the system administrator centrally controls all resource access settings.
3. The policy will employ both discretionary and mandatory access control. Discretionary control allows flexibility while mandatory control provides centralized administration of access to increase security overall. Together these methods balance usability with strict
The document discusses adopting a Zero Trust approach to IT security. It outlines some of the key principles of Zero Trust, including explicitly verifying identities rather than assuming trust, treating identities as the new perimeter, and basing access decisions on attributes like user, device, app, location, and risk. The document provides an overview of Microsoft's Zero Trust framework and reference architecture. It also shares a maturity model to help organizations assess their Zero Trust progress and prioritize next steps.
Medtec - Cyber-security Challenges on the Horizonteam-WIBU
MEDTEC is the largest pure medical design and manufacturing event. The health industry is being deeply transformed by a wave of technological innovation. Machines greatly improve the quality standards of service from surgery rooms to analytical laboratories. Just as humans have their fallibilities, machines show their points of vulnerabilities too. Medical device companies as well as advanced technology providers need to extend their expertise to the security measures they should already implement during the design phase of their projects.
Wibu-Systems’ technology delivers award-winning solutions that protect software from piracy and reverse-engineering, and secure code integrity from tampering while monetizing business to a new level through a highly flexible licensing system.
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
This document discusses privacy and security considerations for financial institutions using cloud services. It begins with an introduction of the speaker, Ulf Mattsson, and his background working with standards bodies. The rest of the document discusses opportunities and challenges around analytics, machine learning, and complying with privacy laws in the cloud. It provides examples of how techniques like homomorphic encryption, differential privacy, and secure multi-party computation can be applied to use cases in areas like payments, risk assessment, and secondary data usage. The document concludes with a discussion of hybrid cloud environments and maintaining consistent security policies across on-premises and cloud platforms.
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
How to design secure software products for IoT, embedded application, smart metering, smart lighting, medical application with the help of Common Criteria
The document discusses information security management systems (ISMS) and provides guidance on building an ISMS within an organization. It addresses that an ISMS requires participation from all employee levels and commitments to establish and implement the system. An ISMS should combine necessary elements according to business needs and be guided by ISO security standards and compliance regulations. The document then illustrates a practical approach for building an ISMS as a reference for organizations.
This article discusses cybersecurity issues relevant to corporate treasurers. While cybersecurity is not typically part of a treasurer's job description, many treasury functions are now digitized, raising risks of compromised information. The article describes practices and tools that can help secure modern financial systems, with a focus on small and mid-sized organizations that may lack dedicated cybersecurity resources. It emphasizes the importance of preventing data breaches, eliminating data loss, and complying with relevant laws and regulations. Examples of basic security steps and third-party providers are provided.
Automation alley day in the cloud presentation - formattedMatthew Moldvan
The document discusses securing a network by utilizing secure cloud strategies. It notes that only 25% of cloud providers consider security a top responsibility. It then introduces Security Inspection Inc. and an individual, detailing their experience. The document outlines cloud computing architectures and the benefits and potential security issues of cloud adoption. It stresses that security features like authentication, authorization, encryption, and segmentation are needed to mitigate risks. Security Inspection Inc. offers cloud security solutions like security as a service and virtualized firewalls. The conclusion emphasizes the importance of maintaining good security practices.
CMMC for Contractors and Manufacturers – What to Know for 2023Withum
Manufacturers, contractors, and suppliers who are members of (and/or affiliated with) the U.S. Defense Industrial Base (DIB) must prepare now to ensure assessment readiness. Fears of a near-term enormous bureaucratic traffic jam are arising as tens of thousands of SMBs scramble to become CMMC compliant to avoid administrative exclusion from the DOD bidding process.
The Secure Path to Value in the Cloud by Denny HeaberlinCloud Expo
Even as cloud and managed services grow increasingly central to business strategy and performance, challenges remain. The biggest sticking point for companies seeking to capitalize on the cloud is data security. Keeping data safe is an issue in any computing environment, and it has been a focus since the earliest days of the cloud revolution. Understandably so: a lot can go wrong when you allow valuable information to live outside the firewall. Recent revelations about government snooping, along with a steady stream of well-publicized data breaches, only add to the uncertainty.
In his session at 16th Cloud Expo, Denny Heaberlin, Security Product Manager with Windstream's Cloud and Data Center Marketing team, discussed how to manage these concerns and how choose the right cloud vendor, an essential part of any cloud strategy.
MIEL Endpoint Diagnostic Service (MEDSTM) is an agentless solution that allows organizations to remotely scan their endpoints across different locations to assess security compliance. It checks over 200 parameters related to antivirus, firewalls, passwords, encryption and more. Customers receive comprehensive reports on the security gaps between their actual endpoint security state and prescribed policies. The service aims to help customers efficiently and cost-effectively evaluate desktop and server security compliance on a continuous basis without installing software.
Major Cloud Security Challenges concerning the Enterprises | SysforeSysfore Technologies
With the increasing breach of sensitive data held in Cloud, many enterprises, medium and large, are now worried about Cloud Security. In this article, we will discuss some of the major Cloud Security Challenges facing the enterprises and whether they can be overcome.
Security solutions for a smarter planetVincent Kwon
This document summarizes IBM's security strategy and solutions for enabling a smarter planet. It discusses how security must be built into new technologies from the start to enable innovation while managing risks. IBM's approach focuses on foundational security controls, compliance, and helping customers securely adopt new models like cloud computing and virtualization.
Similar to Hardening as a Part of a holistic Security Strategy (UPDATE) (20)
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
Malibou Pitch Deck For Its €3M Seed Roundsjcobrien
French start-up Malibou raised a €3 million Seed Round to develop its payroll and human resources
management platform for VSEs and SMEs. The financing round was led by investors Breega, Y Combinator, and FCVC.
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid
IBM watsonx Code Assistant for Z, our latest Generative AI-assisted mainframe application modernization solution. Mainframe (IBM Z) application modernization is a topic that every mainframe client is addressing to various degrees today, driven largely from digital transformation. With generative AI comes the opportunity to reimagine the mainframe application modernization experience. Infusing generative AI will enable speed and trust, help de-risk, and lower total costs associated with heavy-lifting application modernization initiatives. This document provides an overview of the IBM watsonx Code Assistant for Z which uses the power of generative AI to make it easier for developers to selectively modernize COBOL business services while maintaining mainframe qualities of service.
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...kalichargn70th171
In today's business landscape, digital integration is ubiquitous, demanding swift innovation as a necessity rather than a luxury. In a fiercely competitive market with heightened customer expectations, the timely launch of flawless digital products is crucial for both acquisition and retention—any delay risks ceding market share to competitors.
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
A neural network is a machine learning program, or model, that makes decisions in a manner similar to the human brain, by using processes that mimic the way biological neurons work together to identify phenomena, weigh options and arrive at conclusions.
Odoo releases a new update every year. The latest version, Odoo 17, came out in October 2023. It brought many improvements to the user interface and user experience, along with new features in modules like accounting, marketing, manufacturing, websites, and more.
The Odoo 17 update has been a hot topic among startups, mid-sized businesses, large enterprises, and Odoo developers aiming to grow their businesses. Since it is now already the first quarter of 2024, you must have a clear idea of what Odoo 17 entails and what it can offer your business if you are still not aware of it.
This blog covers the features and functionalities. Explore the entire blog and get in touch with expert Odoo ERP consultants to leverage Odoo 17 and its features for your business too.
An Overview of Odoo ERP
Odoo ERP was first released as OpenERP software in February 2005. It is a suite of business applications used for ERP, CRM, eCommerce, websites, and project management. Ten years ago, the Odoo Enterprise edition was launched to help fund the Odoo Community version.
When you compare Odoo Community and Enterprise, the Enterprise edition offers exclusive features like mobile app access, Odoo Studio customisation, Odoo hosting, and unlimited functional support.
Today, Odoo is a well-known name used by companies of all sizes across various industries, including manufacturing, retail, accounting, marketing, healthcare, IT consulting, and R&D.
The latest version, Odoo 17, has been available since October 2023. Key highlights of this update include:
Enhanced user experience with improvements to the command bar, faster backend page loading, and multiple dashboard views.
Instant report generation, credit limit alerts for sales and invoices, separate OCR settings for invoice creation, and an auto-complete feature for forms in the accounting module.
Improved image handling and global attribute changes for mailing lists in email marketing.
A default auto-signature option and a refuse-to-sign option in HR modules.
Options to divide and merge manufacturing orders, track the status of manufacturing orders, and more in the MRP module.
Dark mode in Odoo 17.
Now that the Odoo 17 announcement is official, let’s look at what’s new in Odoo 17!
What is Odoo ERP 17?
Odoo 17 is the latest version of one of the world’s leading open-source enterprise ERPs. This version has come up with significant improvements explained here in this blog. Also, this new version aims to introduce features that enhance time-saving, efficiency, and productivity for users across various organisations.
Odoo 17, released at the Odoo Experience 2023, brought notable improvements to the user interface and added new functionalities with enhancements in performance, accessibility, data analysis, and management, further expanding its reach in the market.
INTRODUCTION TO AI CLASSICAL THEORY TARGETED EXAMPLESanfaltahir1010
Image: Include an image that represents the concept of precision, such as a AI helix or a futuristic healthcare
setting.
Objective: Provide a foundational understanding of precision medicine and its departure from traditional
approaches
Role of theory: Discuss how genomics, the study of an organism's complete set of AI ,
plays a crucial role in precision medicine.
Customizing treatment plans: Highlight how genetic information is used to customize
treatment plans based on an individual's genetic makeup.
Examples: Provide real-world examples of successful application of AI such as genetic
therapies or targeted treatments.
Importance of molecular diagnostics: Explain the role of molecular diagnostics in identifying
molecular and genetic markers associated with diseases.
Biomarker testing: Showcase how biomarker testing aids in creating personalized treatment plans.
Content:
• Ethical issues: Examine ethical concerns related to precision medicine, such as privacy, consent, and
potential misuse of genetic information.
• Regulations and guidelines: Present examples of ethical guidelines and regulations in place to safeguard
patient rights.
• Visuals: Include images or icons representing ethical considerations.
Content:
• Ethical issues: Examine ethical concerns related to precision medicine, such as privacy, consent, and
potential misuse of genetic information.
• Regulations and guidelines: Present examples of ethical guidelines and regulations in place to safeguard
patient rights.
• Visuals: Include images or icons representing ethical considerations.
Content:
• Ethical issues: Examine ethical concerns related to precision medicine, such as privacy, consent, and
potential misuse of genetic information.
• Regulations and guidelines: Present examples of ethical guidelines and regulations in place to safeguard
patient rights.
• Visuals: Include images or icons representing ethical considerations.
Real-world case study: Present a detailed case study showcasing the success of precision
medicine in a specific medical scenario.
Patient's journey: Discuss the patient's journey, treatment plan, and outcomes.
Impact: Emphasize the transformative effect of precision medicine on the individual's
health.
Objective: Ground the presentation in a real-world example, highlighting the practical
application and success of precision medicine.
Data challenges: Address the challenges associated with managing large sets of patient data in precision
medicine.
Technological solutions: Discuss technological innovations and solutions for handling and analyzing vast
datasets.
Visuals: Include graphics representing data management challenges and technological solutions.
Objective: Acknowledge the data-related challenges in precision medicine and highlight innovative solutions.
Data challenges: Address the challenges associated with managing large sets of patient data in precision
medicine.
Technological solutions: Discuss technological innovations and solutions
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
The Rising Future of CPaaS in the Middle East 2024Yara Milbes
Explore "The Rising Future of CPaaS in the Middle East in 2024" with this comprehensive PPT presentation. Discover how Communication Platforms as a Service (CPaaS) is transforming communication across various sectors in the Middle East.
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfVALiNTRY360
Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems.
For more info visit us https://valintry360.com/solutions/health-life-sciences
UI5con 2024 - Bring Your Own Design SystemPeter Muessig
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
2. Who is talking to you?
Fabian Böhm
CEO & Founder @ TEAL
Florian Bröder
CEO & Founder @ FB Pro GmbH
https://www.fb-pro.com/
LinkedIn
https://www.teal-consulting.de/
LinkedIn
Volker Wassermann
CEO & Founder @ bridge4IT®
https://www.bridge4it.de/
LinkedIn
3. Agenda
••• networker.NRW
••• IT Forensics
••• Hardening – the why
••• Hardening – the what
••• Hardening – tool based
••• Hardening – how hard can it be?
••• Q&A
4. Networker NRW – short facts
Your advantages
••• Expand competencies
••• Promote cooperation potential
••• free initial telephone consultation
••• by lawyers specializing in IT law
Other competencies
••• Vocational training in the industrial-technical field
••• Graphic design
••• IT Consulting
••• IT Marketing
••• IT Legal Advice
••• Knowledge Management
••• Qualification and Training
••• Quality Management Systems
••• Environmental Management Systems
••• Advertising and advertising design
Key areas of expertise
••• Cloud Computing/Internet
••• Information Security
••• IT Infrastructure
••• Software
Contact for media, companies and individuals seeking advice
5. System hardening and IT forensics?
••• Attackers leave more traces, as they can only attack via detours, e. g. private escalation
••• Investigation / preservation of evidence requires less effort / time and money
••• Hardening makes it possible to trace whether the incident occurred before or after the attack
••• What is switched off no longer needs to be checked in the incident
••• Backdoors are closed before attacks will find them to be used
••• No cross-effects from running services or software during analysis
••• Data outflow is condensed to only a few services
••• Number of log entries is reduced, what is not logged does not need to be analyzed
••• Operating system updates do not reopen the gap if security configuration is controlled and monitored
7. Real life examples
Fritzmeier Group: Hacker legen deutschen Fahrzeugzulieferer lahm - cio.de Fahrradbauer Prophete: Erste Details zum Cyber-Angriff | heise online
8. Real life examples
Bericht des "Handelsblatt": Gehackte Daten von Continental im Darknet
| tagesschau.de
Nach Cyberangriff auf Continental: Hacker veröffentlichen Liste mit erbeuteten Daten
(handelsblatt.com)
Medibank hack: Email reveals staff details compromised by
data breach | news.com.au — Australia’s leading news site
10. Real life examples
Top 5 AWS Misconfigurations That Led to Data Leaks in 2021 | Spiceworks It Security
Clear statement
99% of cloud breaches can be traced to
“misconfigurations”
Missing secure configuration
Missing “hardening”
No control
No process / no checks
Clear statement
80% percent of ransomware can be traced to common
configuration errors
Missing secure configuration
Missing “hardening”
No control
No process / no checks
Extortion Economics | Security Insider (microsoft.com)
13. Real life demonstrates the inadequacy of the classic
"detect and respond" pattern. It seems that this
pattern is no longer sufficient!
14. Shifting the responsibility for IT security and asset
protection to back-office, accounting, and "non-IT"
people seems like a very strange approach.
15. Definition
In computing, hardening is usually the process of securing a system by reducing its surface area of vulnerability,
which is greater as a system performs more functions.
Hardening
…considers information security as well as
data protection
…is one of several technical measures' organizations
may adopt
Legal requirements are in place
…GDPR enforce “state of technology” (Art. 32
“security of processing”)
“State of the art” is defined (see Teletrust e.V.)
Several industry specific requirements enforce more
detailed configuration (e. g. VAIT for insurances, IT-
Sicherheitsgesetz for KRITIS relevant organizations, ISO
27001:2022, B3S "Medizinische Versorgung", e.g.)
16. It is necessary
Product law in America
Designed to make “everything” work to avoid legal
impacts
“Dry the guinea in a microwave oven”
…other stories
Vendors recommend hardening
Microsoft: “We recommend that you implement an
industry-standard configuration that is broadly known
and well-tested, such as Microsoft security baselines,
as opposed to creating a baseline yourself. This helps
increase flexibility and reduce costs.”
How critical is secure configuration?
A running print spooler service was considered
uncritical until printer nightmare end of 2021.
Using SMBv1 was uncritical until WannaCry
Ransomware used EternalBlue exploit in 2017
Using Kerberos tickets based on RC4 encryption is
outdated since 2015 – why is it still activated?
A “non configured” Office installation is again target
of an attack - so is “non configuration” of Office
uncritical?
…an open door in your house is uncritical until
somebody walks in who is not allowed to do so?
Security baselines guide - Windows security | Microsoft Docs
17. It is necessary
The NIST Cyber Security Framework covers five critical
functions where the marked ones are most relevant for
securing (known) endpoints.
PROTECT
DETECT
RESPOND
RECOVER
IDENTIFY
Technology PROTECT DETECT RESPOND
Anti-Malware solutions X X
Threat-Intel solutions X X
EDR/XDR solutions X X
MDR solutions X X
Vulnerability scanner X
SIEM solutions X
X
(SOC, IM
process)
Compromise Assessment X X
Hardening X
Enforce Administrator X X IM process
What does make more sense? Have a 24/7 team monitoring the door or just close the door and lock it?
18. Frameworks and legal:
System hardening is widely mentioned (some examples)
https://www.cisecurity.org/controls/
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kom
pendium/IT_Grundschutz_Kompendium_Edition2020.pdf?__blob=publication
File&v=6
https://www.teletrust.de/publikationen/broschueren/stand-der-
technik/?tx_reintdownloadmanager_reintdlm%5Bdownloaduid%5D=10505&
cHash=f39d74868a8b38e98e6cc09b0ab16f6f
19. Frameworks and legal
Extract from SWIFT questionnaire (end 2021)
BAFIN for banking and insurance sector (03/2022)
Cyber risk insurance questionaire (2022)
Questions for companies starting with 50.000.000 €
revenue up to 150.000.000 €. “Hardening” is first
questions in sector “basic”.
20. Frameworks and legal:
System hardening (“secure configuration”) in ISO 27001(2):2022
ISO 27001:2022
is updated and published!
21. System hardening - strategical part
NIST defines it as…
“The management and control of
configurations for an information system to
enable security and facilitate the
management of risk.”
NIST also published a…
Guide for Security-Focused Configuration
Management of Information Systems | NIST
SecCM consists of four phases:
Security Configuration Management (SecCM) - Glossary | CSRC (nist.gov)
Guide for Security-Focused Configuration Management of Information Systems (nist.gov)
Planning
Identifying and
Implementing
Configurations
Controlling
Configuration
Changes
Monitoring
Figure 2-1 – Security-focused Configuration Management Phases
22. Hardening in context of a security landscape
Infrastructure Security Endpoint Security Application Security
Managed Security Service Provider Messaging Security Web Security
IoT Security Security Operations & Incident Response Threat Intelligence Mobile Security Data Security
Cloud Security
Identity & Access Management
Risk & Compliance
Specialized Threat Analysis &
Protection
Transaction Security
23. Hardening in context of a security landscape
Infrastructure Security Endpoint Security Application Security
Messaging Security Web Security
IoT Security Security Operations & Incident Response Threat Intelligence
Risk & Compliance
Specialized Threat Analysis &
Protection
Transaction Security
Mobile Security Data Security
Cloud Security
Identity & Access Management
Managed Security Service Provider
25. Enforce Administrator as „hardening tool“
Enforce Administrator
With Enforce Suite, we offer you a comprehensive enterprise
security solution for continuous monitoring of your clients
and servers. With the central management tool Enforce Suite,
you configure hardening policies according to common
industry standards and monitor their compliance. We at TEAL
Technology Consulting support you in the implementation of
the Enforce Suite and optionally manage your Enforce
solution professionally with our Managed Service offering.
Your advantages
Automated optimization of your system configuration
Continuous monitoring of your security
Comprehensive and up-to-date system curing packages
Reduced operating costs through auto-optimization
Professional operation via the Teal Managed Service
27. System hardening – the benefits
Security
Configuration
Management
Raise efficiency and save
(internal) resources
Raise protection level
Be compliant and
transparent
Security of investment
A new insight?
Detected mistakes fixed early in a chain reduce
overhead and save money in the end.
Conclusion: Hardening is cost effective!
§
€
28. Examples of rollout approaches
Rollout approach depends on customers infrastructure and could controlled via several dimensions, for example:
Role oriented
Technology oriented (operating system, e.g.)
Location oriented
Rollout approach based, for example process integrated only targeting newly deployed systems
Wave 1
• Domain
Controllers
Wave 2
• Member Servers
(file, application)
Wave 3
• Web, DB Servers
Wave 4
• Clients of IT
team
• Clients org
oriented Wave 1
• (NEW) Windows
Server 2022
systems
Wave 2
• Installed systems
risk oriented
Wave 3
• Client world
starting with
Windows 10 (not
7,8)
29. Why not via “Group Policy objects”?
1) How quickly are several hundred hardening settings implemented? We are ready to use after installation.
2) How is it controlled that all settings arrive on the target systems?
3) How is a "restore" of settings performed when an application is no longer functional due to hardening
configurations?
4) How is the IT team notified if IT systems are suddenly no longer "compliant" with the specified settings?
5) How does meaningful process integration (incident management, ConfigMgmt) take place?
32. SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
CHALLENGE
SMB v1 is outdated - still being used in customer environments
Example: A board member used an unmanaged tablet to access an
old NAS to view presentations stored there.
33. SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
KNOWN ATTACKS
https://www.golem.de/news/wannacry-nsa-exploits-legen-
weltweit-windows-rechner-lahm-1705-127801.html
34. SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
HOW TO VERIFY
whether SMB v1 is still in use.
enable auditing in smaller environments via PowerShell (Set-
SmbServerConfiguration -AuditSmb1Access $true)
or distribute the following registry key via GPO in larger
environments.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanm
anServerParameters- “AuditSmb1Access”=dword:00000001
Auditing should be performed at least on all domain controllers and
file servers. The logs can either be collected via PowerShell or
forwarded to a log collector via event log forwarding.
35. SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
HOW TO SOLVE
Either the systems can be configured for SMB v2 or v3, or
they need to be replaced.
36. SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
CHALLENGE
SMB v1 is outdated - still being used in customer environments example: A board member used an unmanaged tablet
to access an old NAS to view presentations stored there.
KNOWN ATTACKS
https://www.golem.de/news/wannacry-nsa-exploits-legen-weltweit-windows-rechner-lahm-1705-127801.html
HOW TO SOLVE
Either the systems can be configured for SMB v2 or v3, or they need to be replaced.
HOW TO VERIFY
whether SMB v1 is still in use. To do this, you can enable auditing in smaller environments via PowerShell (Set-
SmbServerConfiguration -AuditSmb1Access $true) or distribute the following registry key via GPO in larger
environments.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameter s
“AuditSmb1Access”=dword:00000001
Auditing should be performed at least on all domain controllers and file servers. The logs can either be collected via
PowerShell or forwarded to a log collector via event log forwarding.
37. CHALLENGE
ntlm v1 is outdated - still being used in customer environments
SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
38. SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
KNOWN ATTACKS
ProxyLogon (CVE-2021-28655 , CVE-2021-27065) and
ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207)
Orange Tsai, PetitPotam (VDB-179650) from topotam,
Active Directory Certificate Services (ADCS) from Will Schroeder
and Lee Christensen
39. SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
HOW TO VERIFY
Audit ntlm v1 usage via a gpo setting
Collect event:
$Events = Get-WinEvent -Logname Security -FilterXPath
“Event[System[(EventID=4624)]]and
Event[EventData[Data[@Name=’LmPackageName’]=’NTLM V1′]]” |
Select-Object `
@{Label=’Time’;Expression={$_.TimeCreated.ToString(‘g’)}},
@{Label=’UserName’;Expression={$_.Properties[5].Value}},
@{Label=’WorkstationName’;Expression={$_.Properties[11].Value}},
@{Label=’LogonType’;Expression={$_.properties[8].value}},
@{Label=’ImpersonationLevel’;Expression={$_.properties[20].value}}
40. SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
HOW TO SOLVE
Turn NTLM authentication off or enforce ntlm v2 only.
If a system needs to be reconfigured anyway, this is a good time
to move directly to Kerberos if the application supports it.
41. SMBv1 NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
CHALLENGE
ntlm v1 is outdated - still being used in customer environments
KNOWN ATTACKS
ProxyLogon (CVE-2021-28655 , CVE-2021-27065) and ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-
31207) from Orange Tsai, PetitPotam (VDB-179650), topotam,
Active Directory Certificate Services (ADCS) from Will Schroeder and Lee Christensen
HOW TO SOLVE
Turn NTLM authentication off or enforce ntlm v2 only. If a system needs to be reconfigured anyway,
this is a good time to move directly to Kerberos if the application supports it.
HOW TO VERIFY
Audit ntlm v1 usage via a gpo setting
Collect event:
$Events = Get-WinEvent -Logname Security -FilterXPath “Event[System[(EventID=4624)]]and
Event[EventData[Data[@Name=’LmPackageName’]=’NTLM V1′]]” | Select-Object `
@{Label=’Time’;Expression={$_.TimeCreated.ToString(‘g’)}}, @{Label=’UserName’;Expression={$_.Properties[5].Value}},
@{Label=’WorkstationName’;Expression={$_.Properties[11].Value}},
@{Label=’LogonType’;Expression={$_.properties[8].value}},
@{Label=’ImpersonationLevel’;Expression={$_.properties[20].value}}
42. SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
CHALLENGE
Microsoft already tried 3 years ago to force LDAP signing
(ADV190023).
This is essentially a universal no-fix local privilege escalation in
windows domain environments where LDAP signing is not enforced
(the default settings).
44. SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
HOW TO VERIFY
Enable logging via registry key on the DCs:
Reg Add
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDS
Diagnostics /v “16 LDAP Interface Events” /t REG_DWORD /d 2
In addition, the Channel Binding Token (CBT) signing event 3041
should be generated. For this, the setting Domain controller: LDAP
server channel binding token requirements must also be configured
to “When Supported” on the domain controllers. Otherwise, only
the general events 3040 and 3041 are generated, which indicate
whether there were unsaved binds, but no details of which system
triggered this.
45. SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
HOW TO SOLVE
Armed with the list of systems, you can now talk to the people
responsible for the server and together find out which application
establishes an LDAP connection. There is usually little you can do
about the fact that the application does this without signing, but in
our experience (almost) every application supports LDAPS. Thus it
is usually done with a change of the configuration in the software.
However, we have also had the case where the operating system
(Linux, domain-joined) communicated via LDAP and it was not
possible to change the configuration. Unfortunately, no OpenSSL
package that supports signing was available in the manufacturer’s
repository for the version of the operating system used. Thus, the
server had to be reinstalled with a newer version of the operating
system.
46. SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
User rights
assignment
LDAP signing /
channel binding
CHALLENGE
Microsoft already tried 3 years ago to force LDAP signing (ADV190023).
This is essentially a universal no-fix local privilege escalation in windows domain environments where
LDAP signing is not enforced (the default settings).
KNOWN ATTACKS
https://github.com/Dec0ne/KrbRelayUp
HOW TO SOLVE
After the list of servers which establishes an LDAP connection is generated, configure the application to use LDAPS. We
had cases where the OpenSSL package used in the OS didn’t support LDAPS. Thus, the server had to be reinstalled with a
newer version of the operating system.
HOW TO VERIFY
Enable logging via registry key on the DCs:
Reg Add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSDiagnostics /v “16 LDAP
Interface Events” /t REG_DWORD /d 2
Log CBT signing event 3041 by configuring “Domain controller: LDAP server channel binding token
requirements” to “When supported”
47. SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
LDAP signing /
channel binding
User rights
assignment
CHALLENGE
Sometimes there are problems with the User Right Assignments.
For example, both CIS and MS Baseline configure “Ensure ‘Access
this computer from the network’ is set to ‘Administrators,
Authenticated Users'”. However, when using Defender for Identity,
it is necessary that the service account used has just this right.
48. SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
LDAP signing /
channel binding
User rights
assignment
HOW TO VERIFY
User Rights Assignments can be configured via GPO as well as
locally, making it difficult to conclusively check the issue up front. If
one uses the Enforce Administrator for hardening, then one can
match the settings with GPOs when creating the hardening and at
least check this way conclusively. To check locally configured
settings, one could run a script like this on all systems and check the
output.
49. SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
LDAP signing /
channel binding
User rights
assignment
HOW TO SOLVE
You need to verify the user rights assignments with the respective
application owner and, if not documented properly, test it in a test
environment upfront rolling it out completely.
50. SMBv1
NTLM v1
Client
challenges
Attack surface
reduction rules
LDAP signing /
channel binding
User rights
assignment
CHALLENGE
Sometimes there are problems with the User Right Assignments.
For example, both CIS and MS Baseline configure “Ensure ‘Access this computer from the network’ is set to
‘Administrators, Authenticated Users'”. However, when using Defender for Identity, it is necessary that the service
account used has just this right.
HOW TO SOLVE
You need to verify the user rights assignments with the respective application owner and, if not not documented
properly, test it in a test environment upfront rolling it out completely.
HOW TO VERIFY
User Rights Assignments can be configured via GPO as well as locally, making it difficult to conclusively
check the issue up front. If one uses the Enforce Administrator for hardening, then one can match the
settings with GPOs when creating the hardening and at least check this way conclusively. To check locally
configured settings, one could run a script like this on all systems and check the output.
51. SMBv1
NTLM v1
Client
challenges
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
CHALLENGE
Attack Surface Reduction is a fairly new feature of Windows
Defender. It is supposed to help prevent cyber attacks.
52. SMBv1
NTLM v1
Client
challenges
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
HOW TO SOLVE
To be on the safe side, it is advisable to first configure the rules in
audit mode, check the messages in the event viewer and only when
all problems have been solved, switch the rules to block mode.
The common curing standards do not call for all ASR Rules to be
turned on, however, we think it is a good idea, even if it is a little
more work.
53. SMBv1
NTLM v1
Client
challenges
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
CHALLENGE
Attack Surface Reduction is a fairly new feature of Windows Defender. It is supposed to help prevent cyber attacks.
HOW TO SOLVE
To be on the safe side, it is advisable to first configure the rules in audit mode, check the messages in the event
viewer and only when all problems have been solved, switch the rules to block mode.
The common curing standards do not call for all ASR Rules to be turned on, however, we think it is a good idea,
even if it is a little more work.
54. SMBv1 NTLM v1
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
Client
challenges
CHALLENGE 1 - APPLICATIONS AND UNC PATHS
Applications are often placed on network shares and launched from
there via a UNC path to simplify application updates. After applying
the Security Baseline for Windows in such cases, you may receive a
popup with the security warning: “The publisher could not be
verified. Are you sure you want to run the software”. By clicking
Run, the user can still launch the application.
55. SMBv1 NTLM v1
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
Client
challenges
HOW TO SOLVE
This error message is annoying for the user, but can be disabled by adding the
UNC path to the Intranet Zone file. For this purpose there is a so-called Site to
Zone Mapping which is stored in the registry (the mapping can be set for the
whole system or for the user):
• HKLMSOFTWAREPoliciesMicrosoftWindowsCurrentVersionIntern
et SettingsZoneMap
• HKCUSOFTWAREPoliciesMicrosoftWindowsCurrentVersionIntern
et SettingsZoneMapKey
Both settings can also be configured via Group Policy configure:
• Computer Configuration > Administrative Templates > Windows
Components > Internet Explorer > Internet Control Panel > Security
Page
• User Configuration > Administrative Templates > Windows
Components > Internet Explorer > Internet Control Panel > Security
Page
The name of the server is entered there, e.g. file://myserver1 with a value of 2,
which stands for the intranet zone.
56. SMBv1 NTLM v1
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
Client
challenges
CHALLENGE 2 - HTTP AUTHENTICATION SCHEMES
The baseline for Microsoft Edge and the CIS Microsoft Edge
benchmark disable Basic Authentication among the supported
authentication schemes. Basic Authentication is an outdated and
insecure authentication method and the clear recommendation
here is to switch applications that require it to a more modern login
method.
57. SMBv1 NTLM v1
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
Client
challenges
HOW TO SOLVE
For troubleshooting, Basic Authentication can be re-enabled using
the following Group Policy setting:
Computer Configuration > Administrative Templates > Microsoft
Edge > HTTP authentication > Supported authentication schemes
Append the value ‘basic’ to the comma-separated list (all values
must be lowercase).
58. SMBv1 NTLM v1
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
Client
challenges
CHALLENGE 3 – OFFICE FILE FORMAT
A recurring theme in client hardening is the handling of older Office
formats. The Microsoft 365 Apps for Enterprise Baseline and the CIS
Microsoft Office Excel Benchmark are quite restrictive and disable
all older Office formats. This affects all old binary formats of the
Office version older than 2007, before Office had introduced
modern file formats based on XML. Most companies still use older
Office formats at least in some areas and therefore have to soften
the Microsoft baseline again in this area.
59. SMBv1 NTLM v1
LDAP signing /
channel binding
User rights
assignment
Attack surface
reduction rules
Client
challenges
HOW TO SOLVE
Verify which old office templates exists which cannot be renewed….
Unblock excel version via GPO
User Configuration > Administrative Templates > Microsoft Excel 2016 > Excel Options >
Security > Trust Center > File Block Settings > Excel 97-2003 workbooks and templates.
We provide here a small script that searches a certain directory incl. subdirectories for
files with the extension . xls and determines the exact version. However, the script must
open the file, so it must only be applied to trusted files, because macro code may be
executed when the file is opened, and macros that start automatically and display a
dialog box, for example, must be clicked away manually.
After knowing which file formats are available, it should first be checked to what extent
the older file formats can be converted into the current XML-based file formats of
Office.
61. Contact us for more information
INFO PAGE
https://aktionen.teal-consulting.de/
enforce-suite/
CONTACT US
E-Mail: info@teal-consulting.de
Phone: 0211/93675225