SlideShare a Scribd company logo

ITrust Whitepaper: Top 10 vulnerabilities

ITrust - Cybersecurity as a Service
ITrust - Cybersecurity as a Service

This article gives an overview of the 10 most commonly encountered vulnerabilities during our audits, with case studies attached. It is therefore an accurate feedback from the ITrust’s technical teams over the last 5 years. During our aduits or incident interventions, we observed that 99% of information systems had been compromised by at least one of these 10 breaches. Correcting these 10 main vulnerabilities would heighten the security level of an organization.

Software
1 of 12
Download to read offline
ITrust experts found that 10 security breaches represent Written by ITrust November 2013, based on the audits conducted over the past 5 years by our penetration testing team. of the total security breaches companies are faced with 99% « ITRUST » WHITE PAPER
2 WHITE PAPER Top 10 vulnerabilities by ITrust It doesn’t come as a big surprise that last year’s headlines still talked about cybercrime. This issue is now one of the major challenges governments are dealing with. We all still remember how mediatized the Elysée hacking was [1]. 75% of companies were hacked within the last two years, according to a Cenzic study [2]. That number rose to 90% according to our calculations. This statementis based on what theITrustteam has dilligently observed These tests are realized both internally and externally (to test DMZ customer services or even on websites). You can find below our test distribution. Introduction AUDITS DISTRIBUTION PER YEAR : Total: 104 audits Distribution by type of audit conducted web 12 % internal 50 % external 38 % The year 2013 is only based on number of audits Over the past 5 year, our consultants intervened over a hundred times to perform penetration tests for our customers. during its pentest missions.
3 WHITE PAPER Top 10 vulnerabilities by ITrust The stats in this white paper are recovered from the data sample we are dealing with to provide an objective view. This article gives an overview of the 10 most commonly encountered vulnerabilities during our audits, with case studies attached. It is therefore an accurate feedback from the ITrust’s technical teams over the last 5 years. During our aduits or incident interventions, we observed that 99% of information systems had been compromised by at least one of these 10 breaches. Correcting these 10 main vulnerabilities would heighten the security level of an organization. Distribution of our customers by number of employees Thus, we provide information concerning the business structure: over 500 (38%) Service (19%) Bank (19%) less 500 (12%) Industry (15%) Host (6%) less 100 (15%) Public (4%) Hotel (4%) less 20 (35%) health/agro (25%) Aerospace (8%) Distribution of our customers by field of activity And the field of activity of our customers:
10 4 WHITE PAPER Top 10 vulnerabilities by ITrust DNS Servers DNS is an essential useful service, which insures the smooth functioning of application services such as browsing and messaging. Most of the time, doors are opened in the whole network. Then, hackers use the DNS zone transfer to list all the assets within the domain. department (R&D, Accounts). Wordy domain controllers Domains that are too wordy give attackers critical information to organize their attacks. Through LDAP or Samba connections, they often get relevant information such as for them, the domain users list. It is possible to obtain in the same way, for each machine, the connected users. Feedback: Top 10 vulnerabilities encountered Fixing these vulnerabilities would raise the level of security of an organization LOGGING TOO VERBOSE « the network tea room » Case study: enumerating user accounts on a domain Using rpcclient command under windows : # > rpcclient 192.168.1.1 -p 139 -U% -c enumdomusers session request to 192.168.0.4 failed (Called name not present) user:[Admin] rid:[0x1f4] user:[Guest] rid:[0x1f5] user:[Accounting] rid:[0x476] user:[Commercial] rid:[0x4c3] Using rpcclient to enumerate domain administrator # > rpcclient 192.168.0.4 -p 139 -U% -c ‘querygroupmem 0x200’ session request to 192.168.0.4 failed (Called name not present) rid:[0x1f4] attr:[0x7] This vulnerability is not exactly a real one, but is often the first step during penetration tests. Even though this flaw cannot directly compromise a system, it allows useful information to be collected – especially finding out relevant targets. In the talkative group, we find the 2 main servers: Thus, they can quickly find out the interesting targets – by responsibility or the domain name, the operating system version (fingerprint) and even more useful
5 WHITE PAPER Top 10 vulnerabilities by ITrust Within a UNIX environment, remote login programs (rlogin et rsh) use a poor authentication system which also allows them to set up a trust based relationship compromised, the hacker has easy access to the whole system of trusted machines. In most cases, these applications are forbidden with the security policy requirements in favour of more secured tools as SSH. But experience reveals that a bounce back is possible because of the lack of private key protection. The related public key can often be used on a wide range of servers. That allows the attacker to connect onto them. Active Directory domains. In that situation, the user directory is replicated between the trusted domains. If an attacker can obtain an account on a « weaker » domain, then he will have the entire access to all the domains within the account. Need-to-know is one of the most important security concepts used to ensure the Case study: trusted insider test - trainee example In the most active directory architectures, users are assigned to several groups and shared contents are opened to some groups. in most cases, it also points to information about user accounts that can be used to become a server administrator. Employees are the weakest link for IT security. They represent 50% of security risks. « Insiders are the biggest threat » 9 betweenthemachines(via.rhostsorhosts.equivfile).Thisway,ifamachineis 8 protectionofconfidentialdata.Accessrightsandpermissionsmanagementoften hasitsweaknesses:accessrestrictionsthataretooweakorevennon-existentallow therecoveryofstrategicandconfidentialinformation. A trainee is added to the group of his supervisor(s). The test consists in finding what information can be obtained. At the end of the test, the experience highlights that the person has at least obtained confidential data. Moreover, Within a Windows environment, it is possible to define trust relationships between TRUST-BASED RELATIONSHIP: spreading compromise ACCESS RIGHT MANAGEMENT: need-to-know
6 WHITE PAPER Top 10 vulnerabilities by ITrust Case study: ERP - a perfect target For this case, the company used to let salespersons have an ERP instance on their computer in order to use it when they are on-site contact with customers. As the database could get the company clients list and its associated offers. This would be a real treasure for Even in companies where security is considered on users’ posts and servers, some kinds of equipment are regularly forgotten, whether it’s active network elements such as switches, routers or printers, security - these are often overlooked. Thus, default administration passwords are rarely changed and if they are, default enabled administration protocols remain on that kind of device. The presence of insecure protocols used to pass unencrypted passwords is a very important source of attacks. For instance: FTP, Telnet… Databases are chosen targets because of the important information they detain. When default passwords are changed, database webmasters (who manage lots of servers) often use weak passwords depending on the name of the server. More than the you can easily crack the password. Then, these accounts can be used to carry on the network attack. Nowadays, database hacking is 14% of security threats. http://buff.ly/11umuYS Gamigo’s database was pirated in 2012. Although production equipment and the printer represent only 1% of security threats, they often are too neglected. Case study: SNMP on a router agency This happened during one of our audits. A VPN router of one of our client agencies has a SNMP service activated listening on the Internet. The setup by default allows us to read and write MIB’s information. The setup scenario consisted in redirecting DNS requests to Then, we can collect all the forwarded messages. Case study: Production stopped SNMP is not the only one open ad- ministration protocol. Let’s take the example of an inverter on a client’s production lines. This inverter is on just have to log on to the admin web server with the default accounts in order to turn off all the production services. 25 % 20 % 15 % 10 % 5 % 0 % 21% 20% 13% 12% 10% 4% 3% 1% 1% laptopsw orkstations netw ork m obile data tablets,com putersdatacenters production equipm ents standardsofguidlines printers 7 one of our servers and to review the statistics. After this convincing first step, the 6 confidential information they contain, these databases include users lists on which attackers to find and re-sell. ADMINISTRATION PROTOCOLS: the devil is in details DATABASES
7 WHITE PAPER Top 10 vulnerabilities by ITrust communication protocols (FTP, NFS, SMB…). Generally, restrictions about these shares are weak or non-existent. Whether it is an anonymous FTP access allowed or an access restriction to the company network for the network shares (SMB or NFS), During our audits, we found that a hardware or software inventory is almost never done within information systems. During an audit, when we discover not maintained and highly vulnerable test servers or abandoned servers, administrators are surprised as they were not even aware of these items on the network. These servers are easy to exploit and can still detain valid and usable information. Moreover, they are used as relay to attack more relevant targets. Case study: management’s printer By default, the latest printers have some shares activated to receipt scans or fax received. management’s photocopies, scans and fax. http://buff.ly/ZWQ2Mv Some researchers from the Univertsity of Columbia claim that could impact millions of companies, consumers and governmental organisms. Printers can be remotely controlled online by computer criminals. Many systems have file sharing. Shares may be managed via various an attacker has the possibility to obtain a lot of confidential information. When an attacker chooses to use the scorched earth tactic and to delete all the files (backup, financial data…), the damage caused is extremely high. 4 5 FILE SHARING ABANDONED SERVERS
8 WHITE PAPER Top 10 vulnerabilities by ITrust This category could be a whole article as it is a very wide subject. In our case and according to our sample, Web vulnerabilities do not represent the majority of encountered vulnerabilities. However, very often, especially during the auditing of a website, it is possible to monitor some applications’ vulnerabilities. If we confront the 10 top web vulnerabilities given by OWASP, this is what we can We can place the vulnerabilities we’re faced with into 2 categories: Phase 1: Entry points • Not updated systems This vulnerability category is a whole top 10 paragraph: • SQL injections • XSS attacks • Sessions management Phase 2: Operation This vulnerabilities category allows on the second hand to operate the information • Sensitive data exposure • Lack of restricted privileges rightly managed, it is possible to access the server and obtain all rights. According to the hacker’s nuisance potential, the operation can go to a website break down, to some data loss (potentially sensible like banking data), to the creation of a zombie and, worst case, scenario to a data deletion. Case study: working session Hijacked / Video surveillance systems an online access. Session cookies are not protected and allow repla ys. Thus, all users can guess the cookies format and access another company’s video surveillance system. The issue could be limited to a clients’ disclosure issue if passwords were not that weak. But robbery. Case study: Unprotected PHP functions Websites offer the possibility to update some contents (like images for instance) and use PHP upload functionalities. If strict controls of these functio- nalities are not in place, it is possible to upload a web shell and to obtain information such as condensed passwords. This allows to access the conclude given our field experience: These vulnerabilities allow a first system assessment and give information. By frequency order, we find: collected in phase 1. In this category we find: • Lack of secure configuration As soon as an operating vulnerability is identified on the website, if privileges are not 3 WEBVULNERABILITY
9 WHITE PAPER Top 10 vulnerabilities by ITrust 96% of our customers’ audits. A trainee would be able to reach it. ThIS is an issue for users in a company whose awareness is the most high – and it is still one of the attack vectors the most used and the easiest to do so. FEEDBACK: Top 3 of the most weaknesses passwords encountered: - Account without password - Same login and password - Generic password from created accounts And let us not forget the user name password, name of the user’s kids or a word from dictionary… This should be the most occasional problem and is paradoxically the easiest and the most automated to exploit. Common security vulnerabilities are known and, once issued, the editors give patches. To be protected against risks, systems just need to be updated. However, these vulnerabilities are the biggest attacks vector for information systems. We remember the hacking of the Sony’s PlayStation network. This hacking was possible through a known vulnerability with an available update. 3 others vulnerabilities can be added to the top 10, increasing the total to 13 vulnerabilities. This top 13 shows us all exploitable vulnerabilities of an information system. PASSWORDS COMMON SECURITY RISKS > Human Vulnerabilities For instance: An employee gives his password to a fake system administrator- via phone or mail. Case study: Blackberry server To illustrate this issue, we return to the case of a Windows server with the administrator’s password of the database left by default. With this access we can create a new user within the system and we can see that the BlackBerry obtained. A default or common password gives access to confidential resources, observed in ; The latest news involved systems not updated for many years. > Application Flaws > Unknown Vulnerabilities 1010 In addition to the vulnerabilities 2 1
10 WHITE PAPER Top 10 vulnerabilities by ITrust Conclusion During an audit, we penetrate an information system more than 9 out of ten times. We do so starting with the common security breaches (in the top 10), through a simple internet connection. If we can make it, so can the hackers or malwares. Then, what do we do? We often meet customers who pile up on security tools instead of eliminating the 10 main breaches that would increase their security level exponentially . This is the reason why it is necessary to set up permanent controls to check these points. This year, a Verizon report showed that 97% of the data violations could have been avoided through basic controls. [4]. I am a security expert for 15 years. I have been the BNP’s trading room security director. I am an ISS cloud expert in the National Assembly. I am the CEO of ITrust founded 7 years ago. incalculable number of tools, viruses, methods, schools which use their own process or protocols. It is a young activity, (practised for) only 20 years. With the new threats arising, especially APTs and the cloud, our clients remain expectant. Few of them understand why, still after 20 years, we have to keep them. They realise that many of us lied to them promising the end of their troubles with new tools. We are currently at a turning point in our activity. Attacking technologies prevail over defencing ones. The gap between the hackers and engineers is widening. The technology, for instance), we wanted to explain to our clients and to our CISOs, that there is another complementary way to classic medicine - through ITrust. An alternative, but a complementary one, based on better practices and good hygiene. A kind of “Chinese medicine” that prevents rather than cures. Even though all problems could be avoided with very simple controls, each year For example, did you know that 98% of the companies we checked use default passwords? attacks or intrusions and they don’t even know it. attacks. We have been told for years that we must protect ourselves, but the security principles are not respected. We remain as vulnerable as before and it is your infrastructure. Our activity is complex. You can find a lot of standards and methods. You can find an improving systems with new methods and new tools. They find with surprise and incredulity that firewalls and antiviruses are no longer efficient enough to protect systemsareextraordinarilyvulnerableandtheefficienttechnologiesarerare. Similarlytomedicine,currentantibioticsarenotthatefficient. Byfillingthegapbetweentheswordandtheshield(withabehavioralanalysis more companies are suffering serious incidents related to cyber security. Youthinkyouarenotfacingsecurityproblems?Ofcourse:8companiesoutof10sufferfrom Youhavefirewallsandprotectionsystemsbutyouarestillsufferingfrommalicious analysis remains terrible. Despite all the tools and significant security budgets, basic easy even for an intern to get confidential information off the networks. Or even for a Korean student to get your ERP rate base or to launch a significant DDOS attack on
11 WHITE PAPER Top 10 vulnerabilities by ITrust To convince you, a story that deserves a conference: Simple solutions and controlled procedures have mostly avoided major disasters: • BP oilrig: Valve security system was disabled due to the generation of a large amount of false positives. • Société Générale - Kerviel case: The trader was also the designer of the trading tool. • Fukushima: Engineers were convinced that the cooling pump was open. • Stuxnet virus: Using the default password of Siemens devices. • Hesel disaster: Due to a lack of controls, too many spectators without tickets, attend the match. Most security incidents could have been easily avoided. Did you know that the largest cyber attack (Stuxnet) could have been avoided by changing the default password of Siemens devices? Respecting what is known as common-sense security practices: simple and smart controls. Security is something simple. To avoid being sick, you wash your hands, you have good hygiene and eat healthy... That is similar for the information system security; but thisspeech is hard to take in given that for the last 20 years we kept on hearing that drugs were the only solution to solve our problems. BEST PRACTICES « . Maintain a good security policy in real time by avoiding default best practice for SMEs.» Hervé Schauer, security consultant expert Leadingexpertsandstudiesconfirmwhatwesay. The antivirus is not more effective in responding to new threats. passwords and overseeing the flaws of security remains the current Youaregratefulnottobestuffedwithdrugseverymorning.
55 avenue l’Occitane BP 67303 31 670 Labège Cedex, France Tél : +33 (0)567.346.781 Email : sales@itrust.fr www.itrust.fr/en www.ikare-monitoring.com WRITE PAPER Le Top 10 des vulnérabilités par ITrust Propriété exclusive © ITrust Over the last years, other experts went along with us: 10 security vulnerabilities are 99% of encountered vulnerabilities in any kind of company. TOP 10 FLAWS IN ALL ENTERPRISES Systems that are too verbose Weak passwords Rights to know Trust between domains Database default password DNS servers too wordy for internal domains Bad shares Development servers, abandoned servers Historical and common vulnerabilities exponentially, better than any expensive technology. ITrust has developed its own solution, IKare, based on these ideas. IKare continuously checks security vulnerabilities of the information system and suggest the appropriate corrections. What does the police do? Often, salvation comes from regulation. The moment when these controls become mandatory, they will also be systematically implemented. So? This is a strong trend, more and more recommendations or compliance standards take this step. These include: • The Health safety guide from ANSSI (link...) • New constraints related to health data, more and more recommendations • The top 20 SANS Bibliography [1] http://lexpansion.lexpress.fr/high-tech/ cyberguerre-comment-les-americains-ont- pirate-l-elysee_361225.html [2] http://www.cenzic.com/resources/reg-re - quired/whitePapers/Ponemon2011/ [3] https://www.owasp.org/index.php/ Top_10_2013-T10 [4] http://www.wired.com/images_blogs/threat- level/2012/03/Verizon-Data-Breach-Re - port-2012.pdf Writers Julien Lavesqueis ITrust’s CTO. He is a security consultant, acting as an auditor, expert and trainer for sixty clients. Telecom and security engineer. Jean-Nicolas Piotrowski , Itrust’s CEO. Security Arbitrage trading room. He is general secretary and co-founder of Digital Place cluster. Based on a case study by Denis Ducamp, security consultant. ITrust (www.itrust.fr) is a security company since 2007, providing its expertise and product to more than 100 customers in Europe. It develops IKare, a vulneralibity management solution. ITrust is prizewinner of Future investment, «SVC» project, and developed a breakthrough technology for behavioural analysis. ITrust was awarded in 2013 for the price of international digital, given by IEClub and Ubifrance. Let’s fix these vulnerabilities first and companies security level will increase expert since fifteen years, former CISO at BNP

Recommended

Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
A security strategy against steal and pass
A security strategy against steal and passA security strategy against steal and pass
A security strategy against steal and passIJNSA Journal
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
IRJET- Data Security using Honeypot System
IRJET- Data Security using Honeypot SystemIRJET- Data Security using Honeypot System
IRJET- Data Security using Honeypot SystemIRJET Journal
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guideMatt Ford
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?ObserveIT
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET Journal
 

Recommended

Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
Insider Threat Detection Recommendations
Insider Threat Detection RecommendationsInsider Threat Detection Recommendations
Insider Threat Detection RecommendationsAlienVault
 
A security strategy against steal and pass
A security strategy against steal and passA security strategy against steal and pass
A security strategy against steal and passIJNSA Journal
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
IRJET- Data Security using Honeypot System
IRJET- Data Security using Honeypot SystemIRJET- Data Security using Honeypot System
IRJET- Data Security using Honeypot SystemIRJET Journal
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guideMatt Ford
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?ObserveIT
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET Journal
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecurityMetrics
 
Ransomware Prevention Guide
Ransomware Prevention GuideRansomware Prevention Guide
Ransomware Prevention GuideBrian Honan
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityDavid Mai, MBA
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackMountain States Engineering and Controls
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data BreachKunal Sharma
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityChristopher Daza
 
Need for security
Need for securityNeed for security
Need for securityUniversity of Central Punjab
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Eileen Presentation
Eileen PresentationEileen Presentation
Eileen Presentationjc06442n
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeCaleb Jenkins
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3Education
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Tim Wright
 
The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemEnterprise Technology Management (ETM)
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacksijdmtaiir
 
Cloud Partnership Strategies -by M Mudassar
Cloud Partnership Strategies -by M MudassarCloud Partnership Strategies -by M Mudassar
Cloud Partnership Strategies -by M MudassarMuhammad Mudassar
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 
SmartCitiesCouncil-READINESSGUIDEV1.5-7.17.14
SmartCitiesCouncil-READINESSGUIDEV1.5-7.17.14SmartCitiesCouncil-READINESSGUIDEV1.5-7.17.14
SmartCitiesCouncil-READINESSGUIDEV1.5-7.17.14Muhammad Mudassar
 
Why so many SIEM Implmentations Fail
Why so many SIEM Implmentations FailWhy so many SIEM Implmentations Fail
Why so many SIEM Implmentations FailRita Barry
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet ENITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet ENITrust - Cybersecurity as a Service
 

More Related Content

What's hot

Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecurityMetrics
 
Ransomware Prevention Guide
Ransomware Prevention GuideRansomware Prevention Guide
Ransomware Prevention GuideBrian Honan
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityDavid Mai, MBA
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data BreachKunal Sharma
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Eileen Presentation
Eileen PresentationEileen Presentation
Eileen Presentationjc06442n
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeCaleb Jenkins
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3Education
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Tim Wright
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacksijdmtaiir
 

What's hot (16)

Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
 
Ransomware Prevention Guide
Ransomware Prevention GuideRansomware Prevention Guide
Ransomware Prevention Guide
 
Why Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level PriorityWhy Insider Threat is a C-Level Priority
Why Insider Threat is a C-Level Priority
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data Breach
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Need for security
Need for securityNeed for security
Need for security
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Eileen Presentation
Eileen PresentationEileen Presentation
Eileen Presentation
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure Code
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3
 
Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)Finding the needle in the hardware haystack - HRES (1)
Finding the needle in the hardware haystack - HRES (1)
 
The Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent ThemThe Top Ten Insider Threats And How To Prevent Them
The Top Ten Insider Threats And How To Prevent Them
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacks
 

Viewers also liked

Cloud Partnership Strategies -by M Mudassar
Cloud Partnership Strategies -by M MudassarCloud Partnership Strategies -by M Mudassar
Cloud Partnership Strategies -by M MudassarMuhammad Mudassar
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesMuhammad Mudassar
 
SmartCitiesCouncil-READINESSGUIDEV1.5-7.17.14
SmartCitiesCouncil-READINESSGUIDEV1.5-7.17.14SmartCitiesCouncil-READINESSGUIDEV1.5-7.17.14
SmartCitiesCouncil-READINESSGUIDEV1.5-7.17.14Muhammad Mudassar
 
Why so many SIEM Implmentations Fail
Why so many SIEM Implmentations FailWhy so many SIEM Implmentations Fail
Why so many SIEM Implmentations FailRita Barry
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
3 Ways To Raise Your Emotional Quotient
3 Ways To Raise Your Emotional Quotient3 Ways To Raise Your Emotional Quotient
3 Ways To Raise Your Emotional QuotientPaul McGillicuddy
 

Viewers also liked (12)

Cloud Partnership Strategies -by M Mudassar
Cloud Partnership Strategies -by M MudassarCloud Partnership Strategies -by M Mudassar
Cloud Partnership Strategies -by M Mudassar
 
Ooredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20ServicesOoredoo%20Security%20Managed%20Services
Ooredoo%20Security%20Managed%20Services
 
SmartCitiesCouncil-READINESSGUIDEV1.5-7.17.14
SmartCitiesCouncil-READINESSGUIDEV1.5-7.17.14SmartCitiesCouncil-READINESSGUIDEV1.5-7.17.14
SmartCitiesCouncil-READINESSGUIDEV1.5-7.17.14
 
Why so many SIEM Implmentations Fail
Why so many SIEM Implmentations FailWhy so many SIEM Implmentations Fail
Why so many SIEM Implmentations Fail
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
ITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet ENITrust Security Operating Center (SOC) - Datasheet EN
ITrust Security Operating Center (SOC) - Datasheet EN
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Cybersecurity - NSA Style
Cybersecurity - NSA StyleCybersecurity - NSA Style
Cybersecurity - NSA Style
 
3 Ways To Raise Your Emotional Quotient
3 Ways To Raise Your Emotional Quotient3 Ways To Raise Your Emotional Quotient
3 Ways To Raise Your Emotional Quotient
 

Similar to ITrust Whitepaper: Top 10 vulnerabilities

System Z Mainframe Security For An Enterprise
System Z Mainframe Security For An EnterpriseSystem Z Mainframe Security For An Enterprise
System Z Mainframe Security For An EnterpriseJim Porell
 
The 2016 Guide to IT Identity Management
The 2016 Guide to IT Identity ManagementThe 2016 Guide to IT Identity Management
The 2016 Guide to IT Identity ManagementJumpCloud
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...MohamedOmerMusa
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxInfosectrain3
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watchJim Porell
 
Top 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdfTop 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdfinfosec train
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vmazfayel
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxcuddietheresa
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxsalmonpybus
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 

Similar to ITrust Whitepaper: Top 10 vulnerabilities (20)

System Z Mainframe Security For An Enterprise
System Z Mainframe Security For An EnterpriseSystem Z Mainframe Security For An Enterprise
System Z Mainframe Security For An Enterprise
 
The 2016 Guide to IT Identity Management
The 2016 Guide to IT Identity ManagementThe 2016 Guide to IT Identity Management
The 2016 Guide to IT Identity Management
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptx
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
 
Top 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdfTop 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdf
 
Information Security
Information SecurityInformation Security
Information Security
 
2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.final
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Discuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docxDiscuss how a successful organization should have the followin.docx
Discuss how a successful organization should have the followin.docx
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security Seminar
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
 

More from ITrust - Cybersecurity as a Service

L’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
L’Intelligence Artificielle : un ‘booster’ pour la cybersécuritéL’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
L’Intelligence Artificielle : un ‘booster’ pour la cybersécuritéITrust - Cybersecurity as a Service
 
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécuritéQuand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécuritéITrust - Cybersecurity as a Service
 
Artificial intelligence and machine learning: ultimate game changers
Artificial intelligence and machine learning: ultimate game changersArtificial intelligence and machine learning: ultimate game changers
Artificial intelligence and machine learning: ultimate game changersITrust - Cybersecurity as a Service
 
Passer de la détection d’anomalies à la détection de menaces
Passer de la détection d’anomalies à la détection de menacesPasser de la détection d’anomalies à la détection de menaces
Passer de la détection d’anomalies à la détection de menacesITrust - Cybersecurity as a Service
 
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...ITrust - Cybersecurity as a Service
 

More from ITrust - Cybersecurity as a Service (20)

IT security : a five-legged sheep
IT security : a five-legged sheepIT security : a five-legged sheep
IT security : a five-legged sheep
 
Petya, pire que WannaCry ?
Petya, pire que WannaCry ?Petya, pire que WannaCry ?
Petya, pire que WannaCry ?
 
L’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
L’Intelligence Artificielle : un ‘booster’ pour la cybersécuritéL’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
L’Intelligence Artificielle : un ‘booster’ pour la cybersécurité
 
Manifeste ResistanceCYBER 29.05.17
Manifeste ResistanceCYBER 29.05.17Manifeste ResistanceCYBER 29.05.17
Manifeste ResistanceCYBER 29.05.17
 
Advanced persistent threats, entre mythe et réalité
Advanced persistent threats, entre mythe et réalitéAdvanced persistent threats, entre mythe et réalité
Advanced persistent threats, entre mythe et réalité
 
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécuritéQuand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
Quand les cybercriminels n’ont plus besoin de fuir les logiciels de sécurité
 
Artificial intelligence and machine learning: ultimate game changers
Artificial intelligence and machine learning: ultimate game changersArtificial intelligence and machine learning: ultimate game changers
Artificial intelligence and machine learning: ultimate game changers
 
Manifeste ResistanceCYBER 19.05.17
Manifeste ResistanceCYBER 19.05.17Manifeste ResistanceCYBER 19.05.17
Manifeste ResistanceCYBER 19.05.17
 
Manifeste ResistanceCYBER 18.05.17
Manifeste ResistanceCYBER 18.05.17Manifeste ResistanceCYBER 18.05.17
Manifeste ResistanceCYBER 18.05.17
 
Manifeste ResistanceCYBER 17.05.17
Manifeste ResistanceCYBER 17.05.17Manifeste ResistanceCYBER 17.05.17
Manifeste ResistanceCYBER 17.05.17
 
Manifeste ResistanceCYBER 15.05.17
Manifeste ResistanceCYBER 15.05.17Manifeste ResistanceCYBER 15.05.17
Manifeste ResistanceCYBER 15.05.17
 
Passer de la détection d’anomalies à la détection de menaces
Passer de la détection d’anomalies à la détection de menacesPasser de la détection d’anomalies à la détection de menaces
Passer de la détection d’anomalies à la détection de menaces
 
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
Meet anomaly detection: a powerful cybersecurity defense mechanism when its w...
 
L’étrange histoire d’un piratage en Angleterre
L’étrange histoire d’un piratage en AngleterreL’étrange histoire d’un piratage en Angleterre
L’étrange histoire d’un piratage en Angleterre
 
Ignorance is bliss, but not for MongoDB
Ignorance is bliss, but not for MongoDBIgnorance is bliss, but not for MongoDB
Ignorance is bliss, but not for MongoDB
 
Cisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magicCisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magic
 
ITrust Company Overview FR
ITrust Company Overview FRITrust Company Overview FR
ITrust Company Overview FR
 
ITrust Company Overview EN
ITrust Company Overview ENITrust Company Overview EN
ITrust Company Overview EN
 
SOC OEM - Datasheet FR
SOC OEM - Datasheet FRSOC OEM - Datasheet FR
SOC OEM - Datasheet FR
 
SOC OEM - Datasheet EN
SOC OEM - Datasheet ENSOC OEM - Datasheet EN
SOC OEM - Datasheet EN
 

Recently uploaded

Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 

Recently uploaded (20)

Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 

ITrust Whitepaper: Top 10 vulnerabilities

  • 1. ITrust experts found that 10 security breaches represent Written by ITrust November 2013, based on the audits conducted over the past 5 years by our penetration testing team. of the total security breaches companies are faced with 99% « ITRUST » WHITE PAPER
  • 2. 2 WHITE PAPER Top 10 vulnerabilities by ITrust It doesn’t come as a big surprise that last year’s headlines still talked about cybercrime. This issue is now one of the major challenges governments are dealing with. We all still remember how mediatized the Elysée hacking was [1]. 75% of companies were hacked within the last two years, according to a Cenzic study [2]. That number rose to 90% according to our calculations. This statementis based on what theITrustteam has dilligently observed These tests are realized both internally and externally (to test DMZ customer services or even on websites). You can find below our test distribution. Introduction AUDITS DISTRIBUTION PER YEAR : Total: 104 audits Distribution by type of audit conducted web 12 % internal 50 % external 38 % The year 2013 is only based on number of audits Over the past 5 year, our consultants intervened over a hundred times to perform penetration tests for our customers. during its pentest missions.
  • 3. 3 WHITE PAPER Top 10 vulnerabilities by ITrust The stats in this white paper are recovered from the data sample we are dealing with to provide an objective view. This article gives an overview of the 10 most commonly encountered vulnerabilities during our audits, with case studies attached. It is therefore an accurate feedback from the ITrust’s technical teams over the last 5 years. During our aduits or incident interventions, we observed that 99% of information systems had been compromised by at least one of these 10 breaches. Correcting these 10 main vulnerabilities would heighten the security level of an organization. Distribution of our customers by number of employees Thus, we provide information concerning the business structure: over 500 (38%) Service (19%) Bank (19%) less 500 (12%) Industry (15%) Host (6%) less 100 (15%) Public (4%) Hotel (4%) less 20 (35%) health/agro (25%) Aerospace (8%) Distribution of our customers by field of activity And the field of activity of our customers:
  • 4. 10 4 WHITE PAPER Top 10 vulnerabilities by ITrust DNS Servers DNS is an essential useful service, which insures the smooth functioning of application services such as browsing and messaging. Most of the time, doors are opened in the whole network. Then, hackers use the DNS zone transfer to list all the assets within the domain. department (R&D, Accounts). Wordy domain controllers Domains that are too wordy give attackers critical information to organize their attacks. Through LDAP or Samba connections, they often get relevant information such as for them, the domain users list. It is possible to obtain in the same way, for each machine, the connected users. Feedback: Top 10 vulnerabilities encountered Fixing these vulnerabilities would raise the level of security of an organization LOGGING TOO VERBOSE « the network tea room » Case study: enumerating user accounts on a domain Using rpcclient command under windows : # > rpcclient 192.168.1.1 -p 139 -U% -c enumdomusers session request to 192.168.0.4 failed (Called name not present) user:[Admin] rid:[0x1f4] user:[Guest] rid:[0x1f5] user:[Accounting] rid:[0x476] user:[Commercial] rid:[0x4c3] Using rpcclient to enumerate domain administrator # > rpcclient 192.168.0.4 -p 139 -U% -c ‘querygroupmem 0x200’ session request to 192.168.0.4 failed (Called name not present) rid:[0x1f4] attr:[0x7] This vulnerability is not exactly a real one, but is often the first step during penetration tests. Even though this flaw cannot directly compromise a system, it allows useful information to be collected – especially finding out relevant targets. In the talkative group, we find the 2 main servers: Thus, they can quickly find out the interesting targets – by responsibility or the domain name, the operating system version (fingerprint) and even more useful
  • 5. 5 WHITE PAPER Top 10 vulnerabilities by ITrust Within a UNIX environment, remote login programs (rlogin et rsh) use a poor authentication system which also allows them to set up a trust based relationship compromised, the hacker has easy access to the whole system of trusted machines. In most cases, these applications are forbidden with the security policy requirements in favour of more secured tools as SSH. But experience reveals that a bounce back is possible because of the lack of private key protection. The related public key can often be used on a wide range of servers. That allows the attacker to connect onto them. Active Directory domains. In that situation, the user directory is replicated between the trusted domains. If an attacker can obtain an account on a « weaker » domain, then he will have the entire access to all the domains within the account. Need-to-know is one of the most important security concepts used to ensure the Case study: trusted insider test - trainee example In the most active directory architectures, users are assigned to several groups and shared contents are opened to some groups. in most cases, it also points to information about user accounts that can be used to become a server administrator. Employees are the weakest link for IT security. They represent 50% of security risks. « Insiders are the biggest threat » 9 betweenthemachines(via.rhostsorhosts.equivfile).Thisway,ifamachineis 8 protectionofconfidentialdata.Accessrightsandpermissionsmanagementoften hasitsweaknesses:accessrestrictionsthataretooweakorevennon-existentallow therecoveryofstrategicandconfidentialinformation. A trainee is added to the group of his supervisor(s). The test consists in finding what information can be obtained. At the end of the test, the experience highlights that the person has at least obtained confidential data. Moreover, Within a Windows environment, it is possible to define trust relationships between TRUST-BASED RELATIONSHIP: spreading compromise ACCESS RIGHT MANAGEMENT: need-to-know
  • 6. 6 WHITE PAPER Top 10 vulnerabilities by ITrust Case study: ERP - a perfect target For this case, the company used to let salespersons have an ERP instance on their computer in order to use it when they are on-site contact with customers. As the database could get the company clients list and its associated offers. This would be a real treasure for Even in companies where security is considered on users’ posts and servers, some kinds of equipment are regularly forgotten, whether it’s active network elements such as switches, routers or printers, security - these are often overlooked. Thus, default administration passwords are rarely changed and if they are, default enabled administration protocols remain on that kind of device. The presence of insecure protocols used to pass unencrypted passwords is a very important source of attacks. For instance: FTP, Telnet… Databases are chosen targets because of the important information they detain. When default passwords are changed, database webmasters (who manage lots of servers) often use weak passwords depending on the name of the server. More than the you can easily crack the password. Then, these accounts can be used to carry on the network attack. Nowadays, database hacking is 14% of security threats. http://buff.ly/11umuYS Gamigo’s database was pirated in 2012. Although production equipment and the printer represent only 1% of security threats, they often are too neglected. Case study: SNMP on a router agency This happened during one of our audits. A VPN router of one of our client agencies has a SNMP service activated listening on the Internet. The setup by default allows us to read and write MIB’s information. The setup scenario consisted in redirecting DNS requests to Then, we can collect all the forwarded messages. Case study: Production stopped SNMP is not the only one open ad- ministration protocol. Let’s take the example of an inverter on a client’s production lines. This inverter is on just have to log on to the admin web server with the default accounts in order to turn off all the production services. 25 % 20 % 15 % 10 % 5 % 0 % 21% 20% 13% 12% 10% 4% 3% 1% 1% laptopsw orkstations netw ork m obile data tablets,com putersdatacenters production equipm ents standardsofguidlines printers 7 one of our servers and to review the statistics. After this convincing first step, the 6 confidential information they contain, these databases include users lists on which attackers to find and re-sell. ADMINISTRATION PROTOCOLS: the devil is in details DATABASES
  • 7. 7 WHITE PAPER Top 10 vulnerabilities by ITrust communication protocols (FTP, NFS, SMB…). Generally, restrictions about these shares are weak or non-existent. Whether it is an anonymous FTP access allowed or an access restriction to the company network for the network shares (SMB or NFS), During our audits, we found that a hardware or software inventory is almost never done within information systems. During an audit, when we discover not maintained and highly vulnerable test servers or abandoned servers, administrators are surprised as they were not even aware of these items on the network. These servers are easy to exploit and can still detain valid and usable information. Moreover, they are used as relay to attack more relevant targets. Case study: management’s printer By default, the latest printers have some shares activated to receipt scans or fax received. management’s photocopies, scans and fax. http://buff.ly/ZWQ2Mv Some researchers from the Univertsity of Columbia claim that could impact millions of companies, consumers and governmental organisms. Printers can be remotely controlled online by computer criminals. Many systems have file sharing. Shares may be managed via various an attacker has the possibility to obtain a lot of confidential information. When an attacker chooses to use the scorched earth tactic and to delete all the files (backup, financial data…), the damage caused is extremely high. 4 5 FILE SHARING ABANDONED SERVERS
  • 8. 8 WHITE PAPER Top 10 vulnerabilities by ITrust This category could be a whole article as it is a very wide subject. In our case and according to our sample, Web vulnerabilities do not represent the majority of encountered vulnerabilities. However, very often, especially during the auditing of a website, it is possible to monitor some applications’ vulnerabilities. If we confront the 10 top web vulnerabilities given by OWASP, this is what we can We can place the vulnerabilities we’re faced with into 2 categories: Phase 1: Entry points • Not updated systems This vulnerability category is a whole top 10 paragraph: • SQL injections • XSS attacks • Sessions management Phase 2: Operation This vulnerabilities category allows on the second hand to operate the information • Sensitive data exposure • Lack of restricted privileges rightly managed, it is possible to access the server and obtain all rights. According to the hacker’s nuisance potential, the operation can go to a website break down, to some data loss (potentially sensible like banking data), to the creation of a zombie and, worst case, scenario to a data deletion. Case study: working session Hijacked / Video surveillance systems an online access. Session cookies are not protected and allow repla ys. Thus, all users can guess the cookies format and access another company’s video surveillance system. The issue could be limited to a clients’ disclosure issue if passwords were not that weak. But robbery. Case study: Unprotected PHP functions Websites offer the possibility to update some contents (like images for instance) and use PHP upload functionalities. If strict controls of these functio- nalities are not in place, it is possible to upload a web shell and to obtain information such as condensed passwords. This allows to access the conclude given our field experience: These vulnerabilities allow a first system assessment and give information. By frequency order, we find: collected in phase 1. In this category we find: • Lack of secure configuration As soon as an operating vulnerability is identified on the website, if privileges are not 3 WEBVULNERABILITY
  • 9. 9 WHITE PAPER Top 10 vulnerabilities by ITrust 96% of our customers’ audits. A trainee would be able to reach it. ThIS is an issue for users in a company whose awareness is the most high – and it is still one of the attack vectors the most used and the easiest to do so. FEEDBACK: Top 3 of the most weaknesses passwords encountered: - Account without password - Same login and password - Generic password from created accounts And let us not forget the user name password, name of the user’s kids or a word from dictionary… This should be the most occasional problem and is paradoxically the easiest and the most automated to exploit. Common security vulnerabilities are known and, once issued, the editors give patches. To be protected against risks, systems just need to be updated. However, these vulnerabilities are the biggest attacks vector for information systems. We remember the hacking of the Sony’s PlayStation network. This hacking was possible through a known vulnerability with an available update. 3 others vulnerabilities can be added to the top 10, increasing the total to 13 vulnerabilities. This top 13 shows us all exploitable vulnerabilities of an information system. PASSWORDS COMMON SECURITY RISKS > Human Vulnerabilities For instance: An employee gives his password to a fake system administrator- via phone or mail. Case study: Blackberry server To illustrate this issue, we return to the case of a Windows server with the administrator’s password of the database left by default. With this access we can create a new user within the system and we can see that the BlackBerry obtained. A default or common password gives access to confidential resources, observed in ; The latest news involved systems not updated for many years. > Application Flaws > Unknown Vulnerabilities 1010 In addition to the vulnerabilities 2 1
  • 10. 10 WHITE PAPER Top 10 vulnerabilities by ITrust Conclusion During an audit, we penetrate an information system more than 9 out of ten times. We do so starting with the common security breaches (in the top 10), through a simple internet connection. If we can make it, so can the hackers or malwares. Then, what do we do? We often meet customers who pile up on security tools instead of eliminating the 10 main breaches that would increase their security level exponentially . This is the reason why it is necessary to set up permanent controls to check these points. This year, a Verizon report showed that 97% of the data violations could have been avoided through basic controls. [4]. I am a security expert for 15 years. I have been the BNP’s trading room security director. I am an ISS cloud expert in the National Assembly. I am the CEO of ITrust founded 7 years ago. incalculable number of tools, viruses, methods, schools which use their own process or protocols. It is a young activity, (practised for) only 20 years. With the new threats arising, especially APTs and the cloud, our clients remain expectant. Few of them understand why, still after 20 years, we have to keep them. They realise that many of us lied to them promising the end of their troubles with new tools. We are currently at a turning point in our activity. Attacking technologies prevail over defencing ones. The gap between the hackers and engineers is widening. The technology, for instance), we wanted to explain to our clients and to our CISOs, that there is another complementary way to classic medicine - through ITrust. An alternative, but a complementary one, based on better practices and good hygiene. A kind of “Chinese medicine” that prevents rather than cures. Even though all problems could be avoided with very simple controls, each year For example, did you know that 98% of the companies we checked use default passwords? attacks or intrusions and they don’t even know it. attacks. We have been told for years that we must protect ourselves, but the security principles are not respected. We remain as vulnerable as before and it is your infrastructure. Our activity is complex. You can find a lot of standards and methods. You can find an improving systems with new methods and new tools. They find with surprise and incredulity that firewalls and antiviruses are no longer efficient enough to protect systemsareextraordinarilyvulnerableandtheefficienttechnologiesarerare. Similarlytomedicine,currentantibioticsarenotthatefficient. Byfillingthegapbetweentheswordandtheshield(withabehavioralanalysis more companies are suffering serious incidents related to cyber security. Youthinkyouarenotfacingsecurityproblems?Ofcourse:8companiesoutof10sufferfrom Youhavefirewallsandprotectionsystemsbutyouarestillsufferingfrommalicious analysis remains terrible. Despite all the tools and significant security budgets, basic easy even for an intern to get confidential information off the networks. Or even for a Korean student to get your ERP rate base or to launch a significant DDOS attack on
  • 11. 11 WHITE PAPER Top 10 vulnerabilities by ITrust To convince you, a story that deserves a conference: Simple solutions and controlled procedures have mostly avoided major disasters: • BP oilrig: Valve security system was disabled due to the generation of a large amount of false positives. • Société Générale - Kerviel case: The trader was also the designer of the trading tool. • Fukushima: Engineers were convinced that the cooling pump was open. • Stuxnet virus: Using the default password of Siemens devices. • Hesel disaster: Due to a lack of controls, too many spectators without tickets, attend the match. Most security incidents could have been easily avoided. Did you know that the largest cyber attack (Stuxnet) could have been avoided by changing the default password of Siemens devices? Respecting what is known as common-sense security practices: simple and smart controls. Security is something simple. To avoid being sick, you wash your hands, you have good hygiene and eat healthy... That is similar for the information system security; but thisspeech is hard to take in given that for the last 20 years we kept on hearing that drugs were the only solution to solve our problems. BEST PRACTICES « . Maintain a good security policy in real time by avoiding default best practice for SMEs.» Hervé Schauer, security consultant expert Leadingexpertsandstudiesconfirmwhatwesay. The antivirus is not more effective in responding to new threats. passwords and overseeing the flaws of security remains the current Youaregratefulnottobestuffedwithdrugseverymorning.
  • 12. 55 avenue l’Occitane BP 67303 31 670 Labège Cedex, France Tél : +33 (0)567.346.781 Email : sales@itrust.fr www.itrust.fr/en www.ikare-monitoring.com WRITE PAPER Le Top 10 des vulnérabilités par ITrust Propriété exclusive © ITrust Over the last years, other experts went along with us: 10 security vulnerabilities are 99% of encountered vulnerabilities in any kind of company. TOP 10 FLAWS IN ALL ENTERPRISES Systems that are too verbose Weak passwords Rights to know Trust between domains Database default password DNS servers too wordy for internal domains Bad shares Development servers, abandoned servers Historical and common vulnerabilities exponentially, better than any expensive technology. ITrust has developed its own solution, IKare, based on these ideas. IKare continuously checks security vulnerabilities of the information system and suggest the appropriate corrections. What does the police do? Often, salvation comes from regulation. The moment when these controls become mandatory, they will also be systematically implemented. So? This is a strong trend, more and more recommendations or compliance standards take this step. These include: • The Health safety guide from ANSSI (link...) • New constraints related to health data, more and more recommendations • The top 20 SANS Bibliography [1] http://lexpansion.lexpress.fr/high-tech/ cyberguerre-comment-les-americains-ont- pirate-l-elysee_361225.html [2] http://www.cenzic.com/resources/reg-re - quired/whitePapers/Ponemon2011/ [3] https://www.owasp.org/index.php/ Top_10_2013-T10 [4] http://www.wired.com/images_blogs/threat- level/2012/03/Verizon-Data-Breach-Re - port-2012.pdf Writers Julien Lavesqueis ITrust’s CTO. He is a security consultant, acting as an auditor, expert and trainer for sixty clients. Telecom and security engineer. Jean-Nicolas Piotrowski , Itrust’s CEO. Security Arbitrage trading room. He is general secretary and co-founder of Digital Place cluster. Based on a case study by Denis Ducamp, security consultant. ITrust (www.itrust.fr) is a security company since 2007, providing its expertise and product to more than 100 customers in Europe. It develops IKare, a vulneralibity management solution. ITrust is prizewinner of Future investment, «SVC» project, and developed a breakthrough technology for behavioural analysis. ITrust was awarded in 2013 for the price of international digital, given by IEClub and Ubifrance. Let’s fix these vulnerabilities first and companies security level will increase expert since fifteen years, former CISO at BNP