Save 37% off PRO during our Black Friday Sale! »

Goltsev Yuriy - Ломать - не строить!

0c988f4618b436b14ce6ddcecd52d11d?s=47 DC7499
May 22, 2015
Research
0
32

Goltsev Yuriy - Ломать - не строить!

DEFCON Moscow 8

0c988f4618b436b14ce6ddcecd52d11d?s=128

DC7499

May 22, 2015
Tweet

More Decks by DC7499

See All by DC7499
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
240
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
160
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
220
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
1
190
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
1
160
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
190
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
280
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
330
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
310

Other Decks in Research

See All in Research
6d667e747a4a1cda7d201c3358424257?s=48 digitalnaturegroup
0
550
Da66788b8c49f71f91a69b8a8def10ad?s=48 anugrahsr
2
4.1k
38e2af7f8bdad4f2087ab3d42b627e33?s=48 shuntaros
2
2.6k
D0167b760673d702a06427fb3f878696?s=48 umepon
1
840
33fca951f15568ea697599c68ebedfeb?s=48 ryoherisson
0
120
191b51e394766638990831da6691d089?s=48 tkym1220
0
160
9782dd351a8f1737d4ef02d839e821f9?s=48 kitachan_black
0
1.2k
9782dd351a8f1737d4ef02d839e821f9?s=48 kitachan_black
0
3.4k
C612ab39597a17ba5948cae54d13f99f?s=48 mkimura
2
710
Fba2bc6aeb14d00ab84710be1903da49?s=48 taishi
0
220
7d5c4656c947d0905dfbc5e39f233857?s=48 ayaniwa
0
170
8462b18bc6d57cac5579ef4b2f64a6de?s=48 kei18
0
480

Featured

See All Featured
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
261
24k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
17
1.2k
168ccec72eee0530b818d44f3fedaacf?s=48 shlominoach
177
8.2k
E837d2996f52008ace055a08fbfff992?s=48 frogandcode
130
20k
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
23
1.2k
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
110
11k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
88
5.3k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
208
20k
D47656e20ff5e42f125fc5ea0fd636c6?s=48 tmm1
64
10k
9952dfcd5d338f8a8e7175c8a8f65fb5?s=48 wjessup
342
16k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
497
110k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
56
5.7k

Transcript

  1. Ломать - не строить! Юрий Гольцев @ygoltsev

  2. Intro

  3. Invest in your knowledge of practical information security

  4. Please, don’t order a penetration test until…

  5. My own TOP of security issues, related to internal networks:

    1. Weak password policy 2. Default accounts 3. Local accounts/unnecessary privileges 4. Windows architecture 5. WPAD configuration mismatch 6. Antivirus software configuration mismatch 7. No network segmentation 8. No patch management

  6. Weak password policy Description Easy to bruteforce Common Targets Directory

    Service (Active Directory/Lotus Domino/LDAP/Novell/etc) Recommendations Implement strong password policy, just follow next rules: - 8 chars (at least) -Lower, upper case -Alpha-Numeric Check for common passwords once a day (at least) - Special chars - Change every 60 days

  7. Default accounts Description Easy to bruteforce Common Targets DBs, network

    devices (routers/printers/etc) Recommendations -Disable all unused accounts -Set strong password

  8. Local accounts/unnecessary privileges Description Local administrator accounts/privileges – is bad

    Common Targets Windows hosts Recommendations -Disable accounts of local administrators on Windows hosts -Do not use GP to manage accounts of local administrators on Windows hosts

  9. Windows architecture Description You can’t prevent it, if you use

    it Common Targets Windows hosts Recommendations -Follow principle of minimal privileges -Use privileged accounts for administration tasks only -Implement two factor authentication for privileged accounts -Implement patch management

  10. WPAD configuration mismatch Description Very useful for corporate users if

    implemented, and for attacker – if not Common Targets Windows hosts Recommendations Disable WPAD (Web Proxy Auto Discovery) feature if it is not implemented

  11. Antivirus software configuration mismatch Description Antivirus software can be disable

    with local admin privileges Common Targets Windows hosts Recommendations Configure self defense feature of antivirus software

  12. No network segmentation Description No restrictions and no data filtration

    on network level Common Targets Network topology Recommendations Implement data filtration – it is better to use white lists for access

  13. No patch management Description MS08-067 still can be found during

    penetration test Common Targets Windows/Unix hosts Recommendations Implement patch management

  14. Outro