The webinar focuses on cybersecurity best practices for Managed Service Providers (MSPs), emphasizing key controls to mitigate risks from hackers. Participants are guided on implementing multi-factor authentication (MFA), proper network access configurations, and unique local administrator passwords to enhance security for small businesses. The session stresses the importance of practical advice over academic theories and highlights the necessity of treating vulnerabilities carefully to avoid complacency.

1. MSP Security Masterclass
Webinar 2 of 3
Tyler Wrightson
Leet Cyber Security
Twitter: @tbwrightson

6. @tbwrightson

9. Takeaway

11. Last Week Recap
• Hackers Target MSPs
• Risk is Bidirectional
1. Admin policy & Training to avoid password reuse
2. MFA Everything (of value)
3. Minimum Necessary & Least Privilege
4. Complacency

13. Agenda
• Pragmatic Guidance on Controls for your clients
– No sales pitch, no ‘academic bs’
• Foundations
• Top Five controls

15. Small Business
Double Edged Sword

16. Small Business
Strength in Size

17. Small Business is
Manageable

18. Foundations – Pragmatism
Quantify Specifics of This
Not This

19. Business Impact

21. Vulnerability != Risk

25. What do you think of X control?

26. Top Five Controls

27. Top Five Controls - 1

28. MFA

29. https://bit.ly/LCS-Legacy

30. MFA
– “Other Sites”
• Wiki, Project Management, CRM, etc
• Don’t forget forgotten sites (pun intended)
– Assume adversary can find everything
• DNS, public records, social engineering

31. Top Five Controls - 1
MFA
– Email & VPN
– Legacy Protocols
• https://bit.ly/LCS-Legacy
– “Other Sites”
• Wiki, Project Management, CRM, etc
• Don’t forget forgotten sites (pun intended)
– Assume adversary can find everything
• DNS, public records, social engineering

32. Top Five Controls - 2

33. Important App
Internal Network
Junk App Internal App
DC
Access Everything – Bad

34. Important App
Internal Network
Junk App Internal App
DC
Access Servers Only - Good

35. Important App
Internal Network
Junk App Internal App
DC
Access Only Necessary - Best

36. Important App
Internal Network
Junk App
Internal App
DC
Access Workstation RDP - Bad

37. Important App
Internal Network
Junk App
Internal App
DC
Access Workstation RDP – Better
TCP Port 3389

38. Important App
Internal Network
Junk App
Internal App
DC
Access Workstation RDP – Best
TCP Port 3389

39. Internal Network
Most Networks
Internet
DMZ App

40. DMZ
Good
Internet
DMZ App
Internal Network

41. DMZ
Good – No Internal Access from DMZ
Internet
DMZ App
Internal Network
Nothing Inbound

42. DMZ
Good – No Internal Access from DMZ
Internet
DMZ App
Internal Network
Nothing Inbound

43. DMZ
Better – No WKS Access from Servers
Internet
DMZ App
Servers
Nothing Inbound
Workstations
Minimal Inbound

44. DMZ
Better – No WKS to WKS
Internet
DMZ App
Servers
Nothing Inbound
Workstations
Private VLAN
Minimal Inbound

45. DMZ
Better – No WKS to WKS
Internet
DMZ App
Servers
Nothing Inbound
High Priv
Low Priv

46. DMZ
Better – No WKS to WKS
Internet
DMZ App
Servers
Nothing Inbound
General Pop
Finance
Manufacturing

47. Poll – VPN Configuration

48. Top Five Controls - 4

49. Local Administrators Group

50. Local Administrators Group
Domain Users

51. Local Administrators Group
Primary User

52. Credential Reuse

53. SuperSecretPass99$$
Most Networks
SuperSecretPass99$$

54. SuperSecretPass99$$
Same Local Admin Everywhere
SuperSecretPass99$$

55. aad3b435b51404eeaad3b435b51404ee
Pass The Hash
aad3b435b51404eeaad3b435b51404ee$$

56. ServerManagerPass1!
Not Much Better
WorkstationPass99$$

57. Credential Reuse - LAPS

58. Microsoft PAWs

59. Privileged Users
• Less is More
• ANY privileges
• Domain Admins, Enterprise Admin, Schema Admins
• Password Reset

60. Top Five Controls - 4
• Local Administrator Configuration
• Local Administrative Passwords
– Unique for each host
• LAPS & PAWS
• Limit priv users
– DAs (ent admins, schema admins)

61. Top Five Controls - 5
MDR
– Specifically Managed
– Not NSM

62. Questions