Fine Tuning Desktop Security Presented by J Abernethy & Josh Quinn

Size: px

Start display at page:

Download "Fine Tuning Desktop Security Presented by J Abernethy & Josh Quinn"

Norman Lucas
7 years ago
Views:

1 Fine Tuning Desktop Security Presented by J Abernethy & Josh Quinn

2 Presenter: J Abernethy Practice Manager of Legal Applications mindshift, a Ricoh Company Presenter: Josh Quinn Manager, Desktop & Application Engineering McDermott Will & Emery

3 Yesterday s Hacker

4 Attackers today Well-funded Well-organized State Sponsored Highly Motivated Wields sophisticated weapons Penetrates the entire attack surface Focused targets

5 Today s Agenda Establishing a Secure Foundation Least Privilege Demonstrations of typical attacks Steps to protect your environment

6 Fine Tuning Desktop Security Least Privilege

7 LEAST PRIVILEGE What is it? Apps Users Core security principle Providing users and applications the lowest level of rights and permissions to do their job or function

8 LEAST PRIVILEGE Benefits Greater Success in Deployments Inherently More Secure Increased Stability

9 LEAST PRIVILEGE Applicability Applications Least Privilege Principle Users

10 LEAST PRIVILEGE Applicability Users User Account Control (UAC) Least privilege applied to user accounts

11 LEAST PRIVILEGE Applicability Users Microsoft User Account Control (UAC) How does it work? Admin User 1 User 2

12 LEAST PRIVILEGE Applicability Users Microsoft User Account Control (UAC) BENEFITS: CAVEATS: Compartmentalize the session Isolate running actions Lack of customization (wording) All or Nothing approach vs. on-demand elevation

13 LEAST PRIVILEGE Applicability Applications Identify applications that need admin privileges Hold vendors responsible! Leverage Microsoft SHIM where needed Microsoft AppLocker (whitelisting) 3 rd party products for on-demand elevation BeyondTrust, Avecto, Viewfinity

LEAST PRIVILEGE How to Implement? Action Items Must be sold to non-it personnel for buy-in Survey key stakeholders to understand true business needs Focus on Roles vs.

14 LEAST PRIVILEGE How to Implement? Action Items Must be sold to non-it personnel for buy-in Survey key stakeholders to understand true business needs Focus on Roles vs. Individuals Hybrid approach to levels of privilege On-demand elevation ( Privilege bracketing ) Manual Run As & Automated Elevation Rulesets Periodically review levels to confirm they are still appropriate

15 Fine Tuning Desktop Security Exploits & Vulnerabilities

16 Modern Day Attack Vectors Infected Attachments (PDF, DOC) Spear Phishing Spam Web based Phishing Mistyped Domains Malicious Ad (Flash) Social Media Combination Attack

19 Demonstration Web Link Exploit

20 Fine Tuning Desktop Security 3 RD PARTY PATCHING

21 3 RD PARTY PATCHING Understanding the Risks Speed of patching is important! Source: Microsoft Security Intelligence Report, Vol. 16

22 3 RD PARTY PATCHING Understanding the Risks Where do we focus our efforts on the desktop? Source: Microsoft Security Intelligence Report, Vol. 16

23 3 RD PARTY PATCHING Understanding the Risks Where do we focus our efforts in applications? Source: Microsoft Security Intelligence Report, Vol. 16

24 3 RD PARTY PATCHING Monitoring For Updates Active Manual Website Check Blogs Passive RSS Alerts Automated Automatic Updates SCUP Catalogs

25 3 RD PARTY PATCHING Version Control Why is it needed? Compatibility with applications/services in your environment Should you enable Automatic Updates? Not always!

26 3 RD PARTY PATCHING Deploying Needed Updates Manual Process Active Directory Group Policy SCCM/LANDesk SCUP Catalogs Free = Adobe, Dell, HP Paid = Secunia, Shavlik, SolarWinds

3 RD PARTY PATCHING Action Items Evaluate desktop management tools (SCCM/LANDesk) for your environment Don t volunteer for an increased attack surface if you don t need

27 3 RD PARTY PATCHING Action Items Evaluate desktop management tools (SCCM/LANDesk) for your environment Don t volunteer for an increased attack surface if you don t need it, don t install it! Ensure all software deployed in your environment is updated regularly Identify business dependencies on Java and minimize footprint where it s not needed

28 Other Layers of Protection User Education Traditional AntiVirus Products Application Whitelisting Microsoft EMET Sandboxing Windows Firewall

29 Demonstration Virtual Desktop Exploits

30 How to Protect Yourself? Secure the Endpoint Device Endpoint Protection Checks Mobile Device Management Secure your Virtual Desktops Implement the same security measures as Physical Encrypt the session protocol

31 Fine Tuning Desktop Security Device Security

32 How to Protect Yourself? BIOS Security Whole Disk Encryption It s not just for laptops! Secure Boot

33 QUESTIONS EXPLOITS & VULNERABILITIES LEAST PRIVILEGE DEVICE SECURITY 3 RD PARTY PATCHING

34 Thank You

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Sophistication of attacks will keep improving, especially APT and zero-day exploits FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint