Goltsev Yuriy - Ломать - не строить!

0c988f4618b436b14ce6ddcecd52d11d?s=47 DC7499
May 22, 2015
Research
0
21

Goltsev Yuriy - Ломать - не строить!

DEFCON Moscow 8

0c988f4618b436b14ce6ddcecd52d11d?s=128

DC7499

May 22, 2015
Tweet

More Decks by DC7499

See All by DC7499
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
150
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
110
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
200
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
1
170
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
1
150
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
160
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
230
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
250
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
270

Other Decks in Research

See All in Research
99e9e6d2de62c373990ac1bd7c4defc5?s=48 hakubishin3
1
230
Cef25a38df4639275be8726a6d5f1906?s=48 shiftpn
1
1k
0886c70b5ecf3b0b0ee6500c5e47884d?s=48 ecoopnet
0
160
A42dd3541cd40296dcd8a5e6b4a01bef?s=48 scatterlab
0
830
7aff8f547184534da3ca2e14e63a68a8?s=48 mgiraldo
0
140
C3bc10b8a72ed3c3bfd843793b8a9868?s=48 s3_seminar
0
140
B5a067386e1890d3c8b6f753593e89e9?s=48 omshivaprakash
0
190
83722380372c00bd75ac920f2089f6aa?s=48 zacky1972
2
160
A42dd3541cd40296dcd8a5e6b4a01bef?s=48 scatterlab
0
820
99e9e6d2de62c373990ac1bd7c4defc5?s=48 hakubishin3
1
500
Eca565592bf3c17c6797ee81a32bd953?s=48 oshinko90yen
1
220
Bb6c3fc8c577710c72d03aeb4fa56bf6?s=48 masakat0
2
310

Featured

See All Featured
44b54d2ffcb7857004071cc6795dde11?s=48 cassininazir
345
20k
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
5
540
A9704266587836f7e784235e5073b93e?s=48 jmmastey
5
370
C4de88ea47538e4594750e3861a341c8?s=48 brettharned
91
2.8k
D09fad3e36ae6841f54820be0e907f7a?s=48 rocio
155
11k
7653c7c449918ff6542880a8c284f5e7?s=48 jponch
101
4.8k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
309
21k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
51
4k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
492
110k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
190
17k
24fc194843a71f10949be18d5a692682?s=48 gr2m
82
11k
Dad095ea7038f89f760419ce475d5d14?s=48 michaelherold
224
8.3k

Transcript

  1. Ломать - не строить! Юрий Гольцев @ygoltsev

  2. Intro

  3. Invest in your knowledge of practical information security

  4. Please, don’t order a penetration test until…

  5. My own TOP of security issues, related to internal networks:

    1. Weak password policy 2. Default accounts 3. Local accounts/unnecessary privileges 4. Windows architecture 5. WPAD configuration mismatch 6. Antivirus software configuration mismatch 7. No network segmentation 8. No patch management

  6. Weak password policy Description Easy to bruteforce Common Targets Directory

    Service (Active Directory/Lotus Domino/LDAP/Novell/etc) Recommendations Implement strong password policy, just follow next rules: - 8 chars (at least) -Lower, upper case -Alpha-Numeric Check for common passwords once a day (at least) - Special chars - Change every 60 days

  7. Default accounts Description Easy to bruteforce Common Targets DBs, network

    devices (routers/printers/etc) Recommendations -Disable all unused accounts -Set strong password

  8. Local accounts/unnecessary privileges Description Local administrator accounts/privileges – is bad

    Common Targets Windows hosts Recommendations -Disable accounts of local administrators on Windows hosts -Do not use GP to manage accounts of local administrators on Windows hosts

  9. Windows architecture Description You can’t prevent it, if you use

    it Common Targets Windows hosts Recommendations -Follow principle of minimal privileges -Use privileged accounts for administration tasks only -Implement two factor authentication for privileged accounts -Implement patch management

  10. WPAD configuration mismatch Description Very useful for corporate users if

    implemented, and for attacker – if not Common Targets Windows hosts Recommendations Disable WPAD (Web Proxy Auto Discovery) feature if it is not implemented

  11. Antivirus software configuration mismatch Description Antivirus software can be disable

    with local admin privileges Common Targets Windows hosts Recommendations Configure self defense feature of antivirus software

  12. No network segmentation Description No restrictions and no data filtration

    on network level Common Targets Network topology Recommendations Implement data filtration – it is better to use white lists for access

  13. No patch management Description MS08-067 still can be found during

    penetration test Common Targets Windows/Unix hosts Recommendations Implement patch management

  14. Outro