Who am I? Martin Hansen Senior Security Consultant

Similar documents
Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

A Decision Maker s Guide to Securing an IT Infrastructure

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

Network Segmentation

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Paul Vlissidis Group Technical Director NCC Group plc

Hackers are here. Where are you?

Securing E-Commerce. Agenda. The Security Problem IC Security: Key Elements Designing and Implementing _06_2000_c1_sec3

Penetration testing & Ethical Hacking. Security Week 2014

Pentests: Exposing real world attacks

Feeling Vulnerable? Jamie S. Herman, C CISO, CISM, CISSP Balazs Bucsay, OSCE, OSCP, GIAC, GPEN

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

BMS Consulting Cyber Security and IT Technology Team

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

Spillemyndigheden s Certification Programme Instructions on Penetration Testing

IT HEALTHCHECK TOP TIPS WHITEPAPER

Goals. Understanding security testing

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Strategies To Effective PCI Scoping ISACA Columbus Chapter Presentation October 2008

Payment Card Industry (PCI) Data Security Standard

The Next Generation of Security Leaders

A New Era. A New Edge. Phishing within your company

A Rackspace White Paper Spring 2010

8 Steps for Network Security Protection

8 Steps For Network Security Protection

AUDIT LOGGING/LOG MANAGEMENT

Presenters. Robert Gottesman, CISA, GCFE, EnCE. Leslie King Smith. Mark Wilson, CISSP. Information Systems Auditor. Electronic Pay Specialist

Penetration Testing. Request for Proposal

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Information Security

Firewall VPN Router. Quick Installation Guide M73-APO09-380

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

VERIFONE ENHANCED ZONE ROUTER

How to complete the Secure Internet Site Declaration (SISD) form

EC-Council Certified Security Analyst (ECSA)

Hackers are here. Where are you?

CMS Operational Policy for Firewall Administration

PCI Requirements Coverage Summary Table

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Presented by Evan Sylvester, CISSP

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Certification and Training

GFI White Paper PCI-DSS compliance and GFI Software products

March

PCI Compliance Can Make Your Organization Stronger and Fitter. Brent Harman Manager, Systems Consultant Team West NetPro Computing, Inc.

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER

SECURITY CONSIDERATIONS FOR LAW FIRMS

CRYPTOGEDDON: HEALTH CARE COMPROMISE. Todd Dow, CISA, PMP Founder,

PCI DSS in Essence Through practical examples. September, 2016 Septia Academy

Secure Web Applications. The front line defense

Payment Card Industry Security Standards PCI DSS, PCI-PTS and PA-DSS

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Microsoft Baseline Security Analyzer (MBSA)

Analyze. Secure. Defend. Do you hold ECSA credential?

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold

IBM. Vulnerability scanning and best practices

How To Perform An External Security Vulnerability Assessment Of An External Computer System

Credit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

THE SANS INFORMATION SECURITY SALARY & CAREER ADVANCEMENT SURVEY

Kevin Savoy, CPA, CISA, CISSP Director of Information Technology Audits Brian Daniels, CISA, GCFA Senior IT Auditor

Effective Defense in Depth Strategies

INFORMATION SECURITY TRAINING CATALOG (2015)

Configuring User Identification via Active Directory

Data Security for the Hospitality

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

LogLogic. Application Security Use Case: PCI Compliance. Jaime D Anna Sr Dir of Product Strategy, TIBCO Software

PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

11th AMC Conference on Securely Connecting Communities for Improved Health

Recent Developments in PCI DSS. PCI in the Headlines Risks to Higher Education PCI DSS Version 1.2

Georgia College & State University

PCI-DSS Penetration Testing

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

How to put the DVR online

STATE OF NEW HAMPSHIRE BUREAU OF PURCHASE AND PROPERTY 25 CAPITOL STREET - ROOM 102 CONCORD NEW HAMPSHIRE NOTICE OF CONTRACT REVISION

Session 2: Self Assessment Questionnaire

Josiah Wilkinson Internal Security Assessor. Nationwide

Integrating Security into Your Corporate Infrastructure

Contents. Facts. Contact. Company Biography...4. Qualifications & Accolades...5. Executive Leadership Team...6. Products & Services...

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Tenzing Security Services and Best Practices

Auditing emerging cyber threats and IT controls

PCI DATA SECURITY STANDARD OVERVIEW

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

PCI Compliance in Multi-Site Retail Environments

Multi-Homing Dual WAN Firewall Router

Spillemyndigheden s Certification Programme Instructions on Vulnerability Scanning

PCI Requirements Coverage Summary Table

Technical Note. ForeScout CounterACT: Virtual Firewall

PCI-DSS Compliance. Ron Dinwiddie Chief Technology Officer J. Spargo & Associates

HOW SECURE IS YOUR PAYMENT CARD DATA?

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

MITIGATING LARGE MERCHANT DATA BREACHES

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Transcription:

07/09/15 NCC Group 1

Who am I? Martin Hansen Senior Security Consultant Fields of expertise Specializes in the following areas of information security: Advanced Internal and External penetration testing - Web applications, Network, Application Security and Social Engineering. PCI (Payment Card Industry) Critical IT Security Controls IT Security Audit Background FortConsult A/S part of NCC Group, Senior Security Consultant 2014 - present Ernst & Young, Manager 2005 2014 Cand.Merc.Aud, Master of Science in Business Economics and Auditing 2005-2009 HA (dat.) Bachelor of Computer Science and Business Administration 2002 2005 Certifications PCI Council PCI Payment Card Industry PCI QSA Qualified Security Assessor SANS GIAC Critical Controls Certification GCCC since 2014 (ISC) 2 Certified Information Systems Security Professional CISSP since 2011 SANS GIAC Penetration Tester GPEN since 2011 ISO 27001 Lead Auditor EY Certify Point, 2011, Denmark ISACA - Certified Information Systems Auditor - CISA since 2010 07/09/15 NCC Group 2

Global IT- Security company, HQ Copenhagen Delivering security assessment, review, test and incident response Working with financial, government, tech and top 100 companies worldwide Owned by NCC Group PLC, 1500 skilled security professionals in 18 location World largest team of penetration testers 07/09/15 NCC Group 3

FortConsult udfører sikkerhedstest for virksomheder som er ISO27001 compliant, får en 3402 revisionserklæring, som er PCI Compliant eller som lever op til andre sikkerhedsstandarder. Selvom disse virksomheder på papiret lever op til diverse krav som stilles igennem diverse frameworks finder vi stadig simple sårbarheder som gør at vi kan gennemtrænge deres netværk. Hvilke sårbarheder er det som FortConsult finder igen og igen når vi udfører vores sikkerhedstest og hvordan kan du som virksomhed indføre simple kontroller for at opdage disse sårbarheder inden en Hacker udnytter disse sikkerhedsbrister. 07/09/15 NCC Group 4

Agenda 1. Password 2. Segmentation 3. Social Engineering 4. Patching of business critical systems 5. Default/hardening/Baseline 5

Password 6

Password How real users interpret password rules!!!! - #!!#!# Passwords must contain at least 1 upper, 1 lower, 1 number, and be at least 7 characters long Take a base word of 6, 7 or 8 characters Chose only one upper Make first character upper Add numbers on the end (one, two, or four numbers) Or, substitute numbers and symbols for letters which look like numbers and symbols ( P@ssw0rd! ) For password changes, users increment the number: "Manunited1!", "Manunited2!", "Manunited3!" 7

Password Problem: User!! Password1 Welcome1 Lars&Mikkel Vinter2014 Top 5 most used 1 Password1 2 12345678 3 Welcome1 4 Sommer2014 5 opret123 Martin12 Sommer2014 Fortconsult10 Bigger Problem: Not only users; Also Admins and Service Accounts!!!!! 8

9

Password 1. Extract password hashes 2. Crack password hashes 3. Force password change 4. Awareness training for users 10

Password How many in this room has a secure password??? 11

Segmentation 12

Segmentation DMZ Development Servers Test Clients Secure zone Different Geographical Locations 13

Segmentation Firewall Review remark *** Access to router *** permit udp host 0.0.0.0 host 255.255.255.255 permit icmp 192.168.168.0 0.0.0.255 host 192.168.168.1 permit udp 192.168.168.0 0.0.0.255 host 192.168.168.1 eq ntp remark *** Access to FRY *** permit ip 192.168.168.0 0.0.0.255 host 10.210.220.2 remark *** KJU access *** permit ip 192.168.168.0 0.0.0.255 10.210.8.0 0.0.0.255 remark *** XX access *** permit ip 192.168.168.0 0.0.0.255 10.210.192.0 0.0.15.255 permit ip 192.168.168.0 0.0.0.255 10.210.208.0 0.0.8.255 permit ip 192.168.168.0 0.0.0.255 10.99.0.0 0.0.64.255 remark *** IL access *** permit ip 192.168.168.0 0.0.0.255 10.210.190.0 0.0.0.41 remark *** Access to INT *** permit ip 192.168.168.0 0.0.0.255 10.0.0.0 0.4.255.255 remark *** Support access *** permit ip 192.168.168.0 0.0.0.255 10.210.20.0 0.0.4.255 permit icmp 192.168.168.0 0.0.0.255 10.210.0.0 0.1.255.255 deny ip any any log ip access- list extended vlan106- in remark *** DNS *** permit udp 10.210.220.14 0.0.0.8 host 10.210.8.11 eq domain permit udp 10.210.220.14 0.0.0.8 host 10.210.8.16 eq domain remark *** rasmor.blob.com *** permit ip 10.210.220.14 0.0.0.8 host 10.4.200.144 remark *** raste.blob.com *** permit ip 10.210.220.14 0.0.0.8 host 10.4.65.11 remark *** mdm.limo.blob.com *** permit ip 10.210.220.14 0.0.0.8 host 10.4.200.148 remark *** mobile.blob.com *** permit ip 10.210.220.14 0.0.0.8 host 10.4.200.218 remark *** melllpo.apple.com *** permit ip 10.210.220.14 0.0.0.8 host 10.4.200.184 remark *** proxy.kimh.blob.com *** permit tcp 10.210.220.14 0.0.0.8 host 10.4.200.129 eq www permit tcp 10.210.220.14 0.0.0.8 host 10.4.200.129 range 8088 8088 remark *** DHCP *** permit udp any eq bootpc host 255.255.255.255 eq bootps permit udp host 10.210.220.98 eq bootps host 255.255.255.255 eq bootpc remark *** range for future use *** permit ip 10.210.220.14 0.0.0.8 10.4.5.192 0.0.0.64 deny ip any any log ip access- list extended vlan210- in remark *** Access to router *** permit udp host 0.0.0.0 host 255.255.255.255 permit icmp 10.210.220.104 0.0.0.8 host 10.210.220.105 permit udp 10.210.220.104 0.0.0.8 host 10.210.220.105 eq ntp remark *** BP access *** permit ip 10.210.220.104 0.0.0.8 10.210.8.0 0.0.0.255 14

Segmentation 15

Social Engineering 07/09/15 FortConsult 16

Patching of business critical systems Policy all servers should patched in 90 days? Is this ok.? How is the patch process? 17

Patching of business critical systems What we still find Critical vulnerabilities - Exploiting MS14-068, ms08_067 HeartBleed? Not all systems are covered Third party vendors don t update/patch Hosting don t always update/patch all layers 18

Patching of business critical systems Microsoft Baseline Security Analyzer 2.3 (MBSA) http://www.microsoft.com/en- us/download/details.aspx?id=7558 19

Default/hardening/Baseline Baseline security policy is in place? Is the baseline applied to relevant servers/ workstations/network devices? Check! 20

Default/hardening/Baseline 1. Connect to \\PrinterFF Victim 2. Dont know \\ PrinterFF DNS 3. Who is \\PrinterFF 4. I am \\ PrinterFF 5. Here is my credentials ADMIN:[NTLMv2-hash] Attacker 21

Default/hardening/Baseline 22

Controls Password - Extract password hashes Crack password hashes (24 hours of cracking) Segmentation Test can be done automaticly with script Social Engineering NEXT TOPIC!!!!! No spoilers... Patch MBSA Baseline - Test new exploits/attack scenarios on a periodic basis 23

07/09/15 NCC Group 24

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information