Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Goltsev Yuriy - Ломать - не строить!

0c988f4618b436b14ce6ddcecd52d11d?s=47 DC7499
May 22, 2015
Research
0
29

Goltsev Yuriy - Ломать - не строить!

DEFCON Moscow 8

0c988f4618b436b14ce6ddcecd52d11d?s=128

DC7499

May 22, 2015
Tweet

More Decks by DC7499

See All by DC7499
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
200
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
140
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
220
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
1
190
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
1
160
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
180
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
260
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
310
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
300

Other Decks in Research

See All in Research
14da6ebc2e909305afdb348e7970de81?s=48 wingnus
1
990
8ba32afb4b7d6967cb38b2dadf1ddd80?s=48 daigo0927
1
120
C612ab39597a17ba5948cae54d13f99f?s=48 mkimura
3
3.1k
14da6ebc2e909305afdb348e7970de81?s=48 wingnus
1
1.1k
99329e6255a0fe867a64beb897cf3c84?s=48 hkefka385
0
120
D50d47de32271093b714995cfd267fa9?s=48 questresearch
0
100
5414357263ef617c7ab3eb067c22412d?s=48 avandeursen
1
120
Fdcc88b334334c866232fab429ccca33?s=48 lancers_pr
0
4.8k
874ff503a00697a857e198a0ebb8f55f?s=48 ailaboocu
0
170
B9876944233f30c903c2c22da2ee00b2?s=48 cpsymap
2
230
B9876944233f30c903c2c22da2ee00b2?s=48 cpsymap
4
2.8k
6027044e52fbcbc07f22d0235fc9da37?s=48 secondapunta
0
130

Featured

See All Featured
F29327647a9cff5c69618bae420792ea?s=48 tenderlove
58
3.7k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
372
43k
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
591
210k
24fc194843a71f10949be18d5a692682?s=48 gr2m
85
11k
462dad0dd24c568a32dcdb0ae895ae1b?s=48 rasmusluckow
318
19k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
35
3.7k
5ce91fa49a613cbc3e20d5f96856473f?s=48 edds
56
9.5k
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
653
120k
C86443373fbfe92996aa882d0d7a59f8?s=48 imathis
482
150k
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
24
4k
B47b288784fda77a94aeb234ca743c24?s=48 keavy
110
15k
E195ae45320d9202eaa01c9f1d31a416?s=48 marktimemedia
14
610

Transcript

  1. Ломать - не строить! Юрий Гольцев @ygoltsev

  2. Intro

  3. Invest in your knowledge of practical information security

  4. Please, don’t order a penetration test until…

  5. My own TOP of security issues, related to internal networks:

    1. Weak password policy 2. Default accounts 3. Local accounts/unnecessary privileges 4. Windows architecture 5. WPAD configuration mismatch 6. Antivirus software configuration mismatch 7. No network segmentation 8. No patch management

  6. Weak password policy Description Easy to bruteforce Common Targets Directory

    Service (Active Directory/Lotus Domino/LDAP/Novell/etc) Recommendations Implement strong password policy, just follow next rules: - 8 chars (at least) -Lower, upper case -Alpha-Numeric Check for common passwords once a day (at least) - Special chars - Change every 60 days

  7. Default accounts Description Easy to bruteforce Common Targets DBs, network

    devices (routers/printers/etc) Recommendations -Disable all unused accounts -Set strong password

  8. Local accounts/unnecessary privileges Description Local administrator accounts/privileges – is bad

    Common Targets Windows hosts Recommendations -Disable accounts of local administrators on Windows hosts -Do not use GP to manage accounts of local administrators on Windows hosts

  9. Windows architecture Description You can’t prevent it, if you use

    it Common Targets Windows hosts Recommendations -Follow principle of minimal privileges -Use privileged accounts for administration tasks only -Implement two factor authentication for privileged accounts -Implement patch management

  10. WPAD configuration mismatch Description Very useful for corporate users if

    implemented, and for attacker – if not Common Targets Windows hosts Recommendations Disable WPAD (Web Proxy Auto Discovery) feature if it is not implemented

  11. Antivirus software configuration mismatch Description Antivirus software can be disable

    with local admin privileges Common Targets Windows hosts Recommendations Configure self defense feature of antivirus software

  12. No network segmentation Description No restrictions and no data filtration

    on network level Common Targets Network topology Recommendations Implement data filtration – it is better to use white lists for access

  13. No patch management Description MS08-067 still can be found during

    penetration test Common Targets Windows/Unix hosts Recommendations Implement patch management

  14. Outro