ten deadly sins of administrators about windows security
DESCRIPTION
by Paula Januszkiewicz at TechEd Europe 2012TRANSCRIPT
![Page 1: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/1.jpg)
![Page 2: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/2.jpg)
10 Deadly Sinsof Administrators about Windows SecurityPaula JanuszkiewiczPenetration Tester, MVP: Enterprise Security, MCTiDesign - CQURE: [email protected]://idesign.net/
SIA300
![Page 3: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/3.jpg)
Agenda
1
Introduction
Summary
2 3
Top 10 Sins
![Page 4: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/4.jpg)
![Page 5: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/5.jpg)
Agenda
1
Introduction
Summary
2 3
Top 10 Sins
![Page 6: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/6.jpg)
(s)Sin 10:
Misunderst
andin
g
![Page 7: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/7.jpg)
Sin 10: Misunderstanding Passwords
Will you share your passwords with others? We do this every day!
How do services store passwords?
Passwords are often similar to your other passwordsAt least one of them can be easily accessed by the administrator of the service
Be prepared for password loss and service recovery
![Page 8: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/8.jpg)
demo
Passwords Never Sleep
![Page 9: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/9.jpg)
I will steal your laptop anyway…
Sin 9: Ignoring Offline Access
![Page 10: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/10.jpg)
Sin 9: Ignoring Offline Access
Offline access allows someone to bypass a system’s security mechanisms
Useful in critical situations
Almost every object that contains information can be read offline
It is a minimal privilege for the person with good intentionsIt is a maximum privilege for… everybody else
Simplified offline access is acceptable if you do not value your information
![Page 11: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/11.jpg)
demo
Sophisticated Offline Access
![Page 12: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/12.jpg)
Sin 8: Incorrect Access Control
![Page 13: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/13.jpg)
Sin 8: Incorrect Access Control
ServicesWhen used as a part of software that was not installed in %systemroot% or %programfiles%
Installed in a folder with inappropriate ACLs
PermissionsShould be audited
Should be set up as a part of NTFS, not as a part of shares
BackupRead / BackupWriteCopy operation that is more important than ACLs
Used by backup software
![Page 14: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/14.jpg)
demo
(Lack of) Permissions in the Operating System
![Page 15: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/15.jpg)
Sin 7: Using Old Technology
![Page 16: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/16.jpg)
Sin 7: Using Old Technology
Hacker’s role here is very valuable
It is hard to be up to date with technologyBut some of the antiques like NT4.0 should be thrown on the scrap heap!
Perform periodic revisions
Even old technology requires updatesSometimes it is not possible (f.e. LNK vulnerability in W2K)
![Page 17: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/17.jpg)
demo
Old Technology a Little Bit Too… Old
![Page 18: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/18.jpg)
Sin 6: Encryption… What is encryption?
![Page 19: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/19.jpg)
Sin 6: Encryption… What is Encryption?
Data EncryptionProtects from offline access – stolen laptops, tapes
Transmission EncryptionProtects from outsiders testing the network sockets
HTTPS – Man-In-The-Middle
Encryption is problematic for usersLet’s use the lower layer encryption (BitLocker, IPSec)
New Security Motto: Encrypt when you can!
![Page 20: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/20.jpg)
demo
Easy and Useful Encryption
![Page 21: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/21.jpg)
Sin 5: Installing Pirated Software
![Page 22: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/22.jpg)
Sin 5: Installing Pirated Software& My Small Research
Installation of software is performed on the administrative account
Malformed installation files are not necessary recognized by antivirus software
UAC is not the protection method as everybody is used to giving Installer high privileges
Keep your toolbox up to date and keep the checksums in a different place
![Page 23: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/23.jpg)
No…
20 of 20 IT admins said:
Do you check for the file’s signatures
before installation?
![Page 24: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/24.jpg)
Do you perform periodic security checks of your folder with installation
files?
No?
18 of 20 IT admins said:
![Page 25: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/25.jpg)
demo
Malware Around the Corner
![Page 26: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/26.jpg)
Sin 4: Lack of Network Monitoring
![Page 27: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/27.jpg)
Sin 4: Lack of Network Monitoring
Violation of the one well known rule:Do not allow traffic that you do not know
Most of the protocols have space for dataWhy not put the sensitive information there and send it out?
Malicious traffic can be easily connected to the process
It can happen once a month
You need context based tools: Network Monitor, Network Miner etc.
![Page 28: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/28.jpg)
demo
Monitoring Network Traffic
![Page 29: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/29.jpg)
Sin 3: What You See Is NOT What You Get
![Page 30: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/30.jpg)
Sin 3: What You See Is NOT What You Get
Explorer.exe is owned by user
Lack of the NTFS permissions does not mean that somebody cannot access the file
Troubleshooting after the injection is difficultRootkits influence the operating system behavior
Conclusion: Always have at least two methods of troubleshooting the same issue
![Page 31: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/31.jpg)
demo
Blinded Operating System
![Page 32: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/32.jpg)
Sin 2: Too Much Trust In People
![Page 33: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/33.jpg)
Sin 2: Too Much Trust in People
The cheapest and most effective attacks are often nontechnical
People tend to take shortcutsIt is hard to control their intentions
They should not be a part of a security chain
Monitor them… and show that you’re doing it
Perform periodical audits of your infrastructure
![Page 34: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/34.jpg)
demo
Too Much Trust…
![Page 35: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/35.jpg)
Sin 1: Lack of Documentation
![Page 36: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/36.jpg)
Sin 1: Lack of Documentation & Training
Is this really the admin’s sin?
The negative side of this sin is that you need to trust peopleMost companies are not prepared for the IT Staff going on a… vacation
Set up the rules before creating the solutions
![Page 37: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/37.jpg)
Agenda
1
Introduction
Summary
2 3
Top 10 Sins
![Page 38: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/38.jpg)
10 Deadly Sins
Sin 10: Misunderstanding Passwords Sin 5: Installing Pirated Software
Sin 9: Ignoring Offline Access Sin 4: Lack of Network Monitoring
Sin 8: Incorrect Access Control Sin 3: What You See is NOT What You Get
Sin 7: Using Old Technology Sin 2: Too Much Trust in People
Sin 6: Encryption… What is encryption?
Sin 1: Lack of Documentation & Training
![Page 39: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/39.jpg)
Be Proactive!
Split and rotate tasks between admins
Eliminate at least one of the sins in your organizationPeriodically attend trainings and organize themAudit your environment
Use the legal code
Source: Heard.TypePad.com
![Page 40: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/40.jpg)
Related Content
Breakout Sessions (SIA301, SIA302, SIA401, SIA311, SIA203, SIA304, SIA307)
Find Me Later At TLC
![Page 41: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/41.jpg)
Track Resources
http://msdn.microsoft.com
http://sysinternals.com
http://ismycreditcardstolen.com/
http://blog.gentilkiwi.com/mimikatz
![Page 42: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/42.jpg)
Track Resources
www.microsoft.com/twc
www.microsoft.com/security
www.microsoft.com/privacy
www.microsoft.com/reliability
![Page 43: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/43.jpg)
Resources
Connect. Share. Discuss.
http://europe.msteched.com
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Resources for Developers
http://microsoft.com/msdn
![Page 44: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/44.jpg)
Evaluations
http://europe.msteched.com/sessions
Submit your evals online
![Page 45: Ten Deadly Sins of Administrators about Windows Security](https://reader035.vdocument.in/reader035/viewer/2022062615/548a82a7b47959e27c8b47ab/html5/thumbnails/45.jpg)
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be
a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.