Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Goltsev Yuriy - Ломать - не строить!

0c988f4618b436b14ce6ddcecd52d11d?s=47 DC7499
May 22, 2015
Research
0
23

Goltsev Yuriy - Ломать - не строить!

DEFCON Moscow 8

0c988f4618b436b14ce6ddcecd52d11d?s=128

DC7499

May 22, 2015
Tweet

More Decks by DC7499

See All by DC7499
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
160
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
120
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
210
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
1
180
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
1
150
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
170
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
240
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
270
0c988f4618b436b14ce6ddcecd52d11d?s=48 defcon
0
280

Other Decks in Research

See All in Research
A658ec7f1badf73819dfa501165016c1?s=48 yuukit
1
650
0fee20d8bbb7283e1887e7075f638f59?s=48 eumesy
3
1.6k
2b692bd83f4418103142a053ecf5ff59?s=48 matsumoto_r
PRO
7
1.8k
Db1b7e3c6fe6f6a0e9752b2c19bf5473?s=48 makenowjust
0
100
99e9e6d2de62c373990ac1bd7c4defc5?s=48 hakubishin3
2
360
8bc27ce7461f9557879771e9f9a7bdd8?s=48 gtsak
0
100
7d64064c51829ab25d114d76cbd8f9bb?s=48 beeeee
0
170
E2dd989b2ba0f83d8a981b9cb3197bf1?s=48 j20232
0
790
D77e6b2d469947a4792ab062d466350b?s=48 hagino3000
0
350
2c0947c6a28e7f771ebd9859ecf54e5c?s=48 shinyorke
1
330
36bf5cdb824c2bfed3b267940906de3a?s=48 takurodadada
0
660
Af063a6baa6f4b5543c76c2fad554a06?s=48 patanamon
1
100

Featured

See All Featured
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
368
42k
Be9caeb9d4ef9944d151af909063ed6e?s=48 samlambert
237
9.9k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
494
110k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
100
11k
D09fad3e36ae6841f54820be0e907f7a?s=48 rocio
155
11k
170b760e0147792d0140e59ec78e9893?s=48 eitanlees
111
9.9k
245cee81a9c424266e5e401d844ea881?s=48 lara
16
2.6k
39488f9d172ab92fd352f2cd7b73258d?s=48 mza
80
4.1k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
393
60k
78b475797a14c84799063c7cd073962f?s=48 holman
288
130k
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
19
810
168ccec72eee0530b818d44f3fedaacf?s=48 shlominoach
176
7.4k

Transcript

  1. Ломать - не строить! Юрий Гольцев @ygoltsev

  2. Intro

  3. Invest in your knowledge of practical information security

  4. Please, don’t order a penetration test until…

  5. My own TOP of security issues, related to internal networks:

    1. Weak password policy 2. Default accounts 3. Local accounts/unnecessary privileges 4. Windows architecture 5. WPAD configuration mismatch 6. Antivirus software configuration mismatch 7. No network segmentation 8. No patch management

  6. Weak password policy Description Easy to bruteforce Common Targets Directory

    Service (Active Directory/Lotus Domino/LDAP/Novell/etc) Recommendations Implement strong password policy, just follow next rules: - 8 chars (at least) -Lower, upper case -Alpha-Numeric Check for common passwords once a day (at least) - Special chars - Change every 60 days

  7. Default accounts Description Easy to bruteforce Common Targets DBs, network

    devices (routers/printers/etc) Recommendations -Disable all unused accounts -Set strong password

  8. Local accounts/unnecessary privileges Description Local administrator accounts/privileges – is bad

    Common Targets Windows hosts Recommendations -Disable accounts of local administrators on Windows hosts -Do not use GP to manage accounts of local administrators on Windows hosts

  9. Windows architecture Description You can’t prevent it, if you use

    it Common Targets Windows hosts Recommendations -Follow principle of minimal privileges -Use privileged accounts for administration tasks only -Implement two factor authentication for privileged accounts -Implement patch management

  10. WPAD configuration mismatch Description Very useful for corporate users if

    implemented, and for attacker – if not Common Targets Windows hosts Recommendations Disable WPAD (Web Proxy Auto Discovery) feature if it is not implemented

  11. Antivirus software configuration mismatch Description Antivirus software can be disable

    with local admin privileges Common Targets Windows hosts Recommendations Configure self defense feature of antivirus software

  12. No network segmentation Description No restrictions and no data filtration

    on network level Common Targets Network topology Recommendations Implement data filtration – it is better to use white lists for access

  13. No patch management Description MS08-067 still can be found during

    penetration test Common Targets Windows/Unix hosts Recommendations Implement patch management

  14. Outro