SlideShare une entreprise Scribd logo

Getting Schooled DerbyCon 3.0

Télécharger en tant que PPTX, PDF
T
TonikJDK
Technologie
1  sur  29
GETTING SCHOOLED SECURITY WITH NO BUDGET IN A HOSTILE ENVIRONMENT.
WHOIS KennedyJamesD@Gmail.com @TonikJDK
ENVIRONMENT  12 Buildings in a metro area, fiber back to data center and fiber to the net.  7000 users, 6300 students and 700 staff.  Primarily a Microsoft/Cisco house.  35 servers physical/virtual, 3500 XP/Win7-8 desktops and 1000 IPads/Nexu.s  BYOD
IT DEPARTMENT 7 VS 7000 • Department Manager who is very technically sound. • Secretary, who is also technically sound. She is our helpdesk and administers our Cisco phone system. • Three desktop technicians. Extremely good, self directed and need very little hand holding. • 1 Network Administrator • 1 System Engineer • Money is tight, no really it’s tight.
DEPARTMENTS • The usual departments: HR, Finance, PR….along with Academic/Curriculum Departments, Pupil Services, Student Information, Food Services and Building Management. • Departments get their new budgets Aug. 1st. • Most of their projects hit at once, delivered on August 1 with late August for install. • There is very little thought given to security as these projects are defined, however they are extremely supportive and trusting of our advice on security issues. • August 1st – October 30th is pure chaos.
TEACHERS • They are all very intelligent and have their own style of teaching, just as children have their own style of learning. • Spend summers in classes, seminars and gathering new software. • The above creates a situation where we support 1492 different applications. • They have little tolerance for security issues such as our web filter or lack of administrative rights on machines to install software when it interferes with instruction.
STUDENTS • First and foremost, they are why we exist. We serve their needs above all others. • We answer to their parents and the tax payers of our community. It is their school, not ours. • They are children, they are not only learning academics, they are still learning the boundaries of acceptable computer usage. • They will try and hack. They will try and beat the web filter. They will try and get advanced copies of tests. Not because they are evil, they are not, but because they are children. • They will break stuff for the LOL’s
THE THIN RED LINE • We want to nurture what they are doing. • I need to know they are trying, to teach them the limits. But if they pull off a successful breach, if they pull off putting porn all over the screen then they face suspension or expulsion. If I let them get that far, I have failed them. • When they succeed at hacking, I have failed them.
THEY ALL START OUT INNOCENT LIKE DAVE DID
THE NEXT DAVE IS IN A HIGH SCHOOL RIGHT NOW
THREATS • Outside. Not high value other than phishing our bank accounts.. • Inside. The targets are very tempting to a student. Tests, grades, attendance, their ‘permanent’ record and PI on staff. • Surfing. A threat in it’s own. They are children with hormones, porn is high on the list. Plus interests in music and free games that lead them to a ton of virus/malware laden websites. Beating the filter is extremely high value. That leads them to proxies and trying to get staff accounts that have a more lenient filter. • BYOD
SAVED BY BORIS (WHO WOULD HAVE THOUGHT THAT) • Boris’s talk was a watershed moment for me. • Stop buying sh*t. • Stick with what you know or you will mess it up.
WHAT TO DO? • Define the attack vectotrs. • Watch the Red Team. What are they doing, what are they bragging about. How does that apply to my systems. • Listservs NTSysAdmin, PatchManagement.org, Blogs.
MANAGEMENT BUY IN • Embrace the audit and get one. • For us, that becomes a public record. That makes it a very powerful document. There is no debate, just: Fix it.
WHAT HAVE I GOT? • Document and define every system and every system interaction. • Document the software. Powershell queries, SCCM • Document the traffic. • Document access. Who needs what, build a list with an eye towards segmentation.
WHAT IS IT DOING? • Read the logs. • Logs, logs and more logs. You must audit access success and failure. • Web Filter logs. Blocks are a key metric.
SECURITY ONION • Doug Burks is the man. • Full open source Linux distro so easy even an MCSE can do it. • Full packet capture • Snort, Suricata, Bro, Sguil, Squert, Snorby , ELSA and Xplico. • Pivot from one to the other. SecurityOnion.Blogspot.Com
PATCH IT ALL • MS08-067 • 90 day patch window on average. • Remember our documentation? That drives your third party patching. Build a spreadsheet that lists them, with version and a clickable link to check for the newest. • NINITE (couple hundred bucks a month) • Verify your patches. Powershell: Get-ADComputer | Get-HotFix
WEB FILTER • Yea, people hate them. Sorry about that, talk to Congress. • Five strikes and you are out. • A very simple and powerful tool; this dropdown:
ANATOMY OF A PHISH
SERVER HARDENING • EMET 4.0 • ASA between users and servers. • Build your severs with segmentation of resources in mind so you can segment your users. Control that with your ASA and your VLANS. • Firewall on. Seriously, 2008+ the firewall is automatic. • Consider taking servers out of the domain. HVAC servers on management Vlan. .
SERVERS CONT. • Encrypt your databases. • Patch them, all of it especially third party software. Veritas <sigh>. • FSRM on all shares. Block exe’s, bat, dll’s, shortcuts…… • Restricted groups for local admins, disable local admin account. • Disable cached credentials • F8 is your friend.
DESKTOP HARDENING • No local admin. Period. Control it with Restricted Groups (replace not add) • Common images and standardization. • EMET 4.0 • RDS for Finance. • Local firewall via gpo. Logging on. • Event logging with auditing on success and failure. • Hide last user login • UAC • Autorun off • Software Restrictions
MOAR • Software Restrictions • Nuke Control Panel items. • Nuke Explorer search and menu search • Nuke task manager • Disable run/cmd/Internet Explorer drives which also kills servername in IE • No bat files, no VBS in user context • Hide the system drive. • IE Maintenance via GPO. Zones, History……
JAVA • EMET kills much of it. It looks for behavior not signatures. • In other cases egress filtering and/or the web filter. With only 80 and 443 allowed out the filter sees the exploit phoning home.
BYOD/TABLETS • Get out in front of it, don’t wait for them to dictate how it’s going to happen. • Today I want to announce our awesome new BYOD program. This is going to rock!! • Guest Network, straight out to the internet. • GAFE • Good luck, enjoy. • District owned tablets • Meraki (free) • Find them and wipe them. • Tab Pilot. • Publish apps to the home screen, kill the rest of it.
LEVERAGE YOUR SWITCHES-ROUTERS-FW • SSH only from management network. • Sticky Macs. • Kill unused ports. • Yea, it’s annoying for desktop techs. Talk to the memo. • Egress filtering.
IT NEVER ENDS • Have management read the memo they gave you dictating ‘fix it’ from the audit. • Point out that this takes time, I negotiated 20 percent of my time for this. One day a week, Wednesday. If my boss pulls me off I ask him to talk to the memo about it.
TIME FOR A HUG

Recommandé

Technology Tips for Students-New Student Tech Camp
Technology Tips for Students-New Student Tech CampTechnology Tips for Students-New Student Tech Camp
Technology Tips for Students-New Student Tech CampStephanie Moore
 
Digital survival guide
Digital survival guideDigital survival guide
Digital survival guideAlex Stonehill
 
I'm with Stupid
I'm with StupidI'm with Stupid
I'm with StupidStephanie Leary
 
Home OS
Home OSHome OS
Home OSsarahbukhari
 
Big data revolution in healthcare
Big data revolution in healthcareBig data revolution in healthcare
Big data revolution in healthcareSayantiniBiswas
 
Web 4.0
Web 4.0Web 4.0
Web 4.0Ross Tweedie
 
GIT501- Konumsal Matematik Yöntemler- derse giriş
GIT501- Konumsal Matematik Yöntemler- derse girişGIT501- Konumsal Matematik Yöntemler- derse giriş
GIT501- Konumsal Matematik Yöntemler- derse girişarifcagdas
 
Ims coworking
Ims coworkingIms coworking
Ims coworkingRoberto Crepaldi
 

Recommandé

Technology Tips for Students-New Student Tech Camp
Technology Tips for Students-New Student Tech CampTechnology Tips for Students-New Student Tech Camp
Technology Tips for Students-New Student Tech CampStephanie Moore
 
Digital survival guide
Digital survival guideDigital survival guide
Digital survival guideAlex Stonehill
 
I'm with Stupid
I'm with StupidI'm with Stupid
I'm with StupidStephanie Leary
 
Home OS
Home OSHome OS
Home OSsarahbukhari
 
Big data revolution in healthcare
Big data revolution in healthcareBig data revolution in healthcare
Big data revolution in healthcareSayantiniBiswas
 
Web 4.0
Web 4.0Web 4.0
Web 4.0Ross Tweedie
 
GIT501- Konumsal Matematik Yöntemler- derse giriş
GIT501- Konumsal Matematik Yöntemler- derse girişGIT501- Konumsal Matematik Yöntemler- derse giriş
GIT501- Konumsal Matematik Yöntemler- derse girişarifcagdas
 
Ims coworking
Ims coworkingIms coworking
Ims coworkingRoberto Crepaldi
 
Taller de redes sociales para empresas
Taller de redes sociales para empresasTaller de redes sociales para empresas
Taller de redes sociales para empresasMario Gordillo
 
Derby con 2014
Derby con 2014Derby con 2014
Derby con 2014TonikJDK
 
Ance 25112016 m
Ance 25112016 mAnce 25112016 m
Ance 25112016 mRoberto Crepaldi
 
Ance 25112016 r
Ance 25112016 rAnce 25112016 r
Ance 25112016 rRoberto Crepaldi
 
L’eccellenza gestionale per le imprese di costruzioni
L’eccellenza gestionale per le imprese di costruzioniL’eccellenza gestionale per le imprese di costruzioni
L’eccellenza gestionale per le imprese di costruzioniRoberto Crepaldi
 
The Best Culture Wins
The Best Culture WinsThe Best Culture Wins
The Best Culture WinsSean Abbas
 
Maintenance management confindustria_ro_13_11_2015
Maintenance management confindustria_ro_13_11_2015Maintenance management confindustria_ro_13_11_2015
Maintenance management confindustria_ro_13_11_2015Roberto Crepaldi
 
Due process of law
Due process of lawDue process of law
Due process of lawEleana Cabangon
 
Ict in sped
Ict in spedIct in sped
Ict in spedEleana Cabangon
 
CEAT RADIAL MARKET STUDY
CEAT RADIAL MARKET STUDYCEAT RADIAL MARKET STUDY
CEAT RADIAL MARKET STUDYMAINAK SAHA
 
Social media και Ανθρώπινες Σχέσεις
Social media και Ανθρώπινες ΣχέσειςSocial media και Ανθρώπινες Σχέσεις
Social media και Ανθρώπινες ΣχέσειςGalatia Antoniou
 
Forging by vamja
Forging by vamjaForging by vamja
Forging by vamjaHiren Vamja
 
La digitalizzazione del controllo di commessa
La digitalizzazione del controllo di commessaLa digitalizzazione del controllo di commessa
La digitalizzazione del controllo di commessaRoberto Crepaldi
 
Ance bim 888_sp
Ance bim 888_spAnce bim 888_sp
Ance bim 888_spRoberto Crepaldi
 
Nota Ringkas Sejarah Tingkatan 4
Nota Ringkas Sejarah Tingkatan 4Nota Ringkas Sejarah Tingkatan 4
Nota Ringkas Sejarah Tingkatan 4Fatin Nabielah
 
WFH Strategies for the unprepared
WFH Strategies for the unpreparedWFH Strategies for the unprepared
WFH Strategies for the unpreparedBob Coppedge
 
Cerebro general overiew eng
Cerebro general overiew engCerebro general overiew eng
Cerebro general overiew engCineSoft
 
Introduction to computer
Introduction to computerIntroduction to computer
Introduction to computerRoshanMaharjan13
 
Troubleshooting: A High-Value Asset For The Service-Provider Discipline
Troubleshooting: A High-Value Asset For The Service-Provider DisciplineTroubleshooting: A High-Value Asset For The Service-Provider Discipline
Troubleshooting: A High-Value Asset For The Service-Provider DisciplineSagi Brody
 
Chapter 6 effects of ict on society
Chapter 6 effects of ict on societyChapter 6 effects of ict on society
Chapter 6 effects of ict on societyPratik Gupta
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
POWRR Tools: Lessons learned from an IMLS National Leadership Grant
POWRR Tools: Lessons learned from an IMLS National Leadership GrantPOWRR Tools: Lessons learned from an IMLS National Leadership Grant
POWRR Tools: Lessons learned from an IMLS National Leadership GrantLynne Thomas
 

Contenu connexe

En vedette

Taller de redes sociales para empresas
Taller de redes sociales para empresasTaller de redes sociales para empresas
Taller de redes sociales para empresasMario Gordillo
 
Derby con 2014
Derby con 2014Derby con 2014
Derby con 2014TonikJDK
 
L’eccellenza gestionale per le imprese di costruzioni
L’eccellenza gestionale per le imprese di costruzioniL’eccellenza gestionale per le imprese di costruzioni
L’eccellenza gestionale per le imprese di costruzioniRoberto Crepaldi
 
The Best Culture Wins
The Best Culture WinsThe Best Culture Wins
The Best Culture WinsSean Abbas
 
Maintenance management confindustria_ro_13_11_2015
Maintenance management confindustria_ro_13_11_2015Maintenance management confindustria_ro_13_11_2015
Maintenance management confindustria_ro_13_11_2015Roberto Crepaldi
 
CEAT RADIAL MARKET STUDY
CEAT RADIAL MARKET STUDYCEAT RADIAL MARKET STUDY
CEAT RADIAL MARKET STUDYMAINAK SAHA
 
Social media και Ανθρώπινες Σχέσεις
Social media και Ανθρώπινες ΣχέσειςSocial media και Ανθρώπινες Σχέσεις
Social media και Ανθρώπινες ΣχέσειςGalatia Antoniou
 
Forging by vamja
Forging by vamjaForging by vamja
Forging by vamjaHiren Vamja
 
La digitalizzazione del controllo di commessa
La digitalizzazione del controllo di commessaLa digitalizzazione del controllo di commessa
La digitalizzazione del controllo di commessaRoberto Crepaldi
 
Nota Ringkas Sejarah Tingkatan 4
Nota Ringkas Sejarah Tingkatan 4Nota Ringkas Sejarah Tingkatan 4
Nota Ringkas Sejarah Tingkatan 4Fatin Nabielah
 

En vedette (15)

Taller de redes sociales para empresas
Taller de redes sociales para empresasTaller de redes sociales para empresas
Taller de redes sociales para empresas
 
Derby con 2014
Derby con 2014Derby con 2014
Derby con 2014
 
Ance 25112016 m
Ance 25112016 mAnce 25112016 m
Ance 25112016 m
 
Ance 25112016 r
Ance 25112016 rAnce 25112016 r
Ance 25112016 r
 
L’eccellenza gestionale per le imprese di costruzioni
L’eccellenza gestionale per le imprese di costruzioniL’eccellenza gestionale per le imprese di costruzioni
L’eccellenza gestionale per le imprese di costruzioni
 
The Best Culture Wins
The Best Culture WinsThe Best Culture Wins
The Best Culture Wins
 
Maintenance management confindustria_ro_13_11_2015
Maintenance management confindustria_ro_13_11_2015Maintenance management confindustria_ro_13_11_2015
Maintenance management confindustria_ro_13_11_2015
 
Due process of law
Due process of lawDue process of law
Due process of law
 
Ict in sped
Ict in spedIct in sped
Ict in sped
 
CEAT RADIAL MARKET STUDY
CEAT RADIAL MARKET STUDYCEAT RADIAL MARKET STUDY
CEAT RADIAL MARKET STUDY
 
Social media και Ανθρώπινες Σχέσεις
Social media και Ανθρώπινες ΣχέσειςSocial media και Ανθρώπινες Σχέσεις
Social media και Ανθρώπινες Σχέσεις
 
Forging by vamja
Forging by vamjaForging by vamja
Forging by vamja
 
La digitalizzazione del controllo di commessa
La digitalizzazione del controllo di commessaLa digitalizzazione del controllo di commessa
La digitalizzazione del controllo di commessa
 
Ance bim 888_sp
Ance bim 888_spAnce bim 888_sp
Ance bim 888_sp
 
Nota Ringkas Sejarah Tingkatan 4
Nota Ringkas Sejarah Tingkatan 4Nota Ringkas Sejarah Tingkatan 4
Nota Ringkas Sejarah Tingkatan 4
 

Similaire à Getting Schooled DerbyCon 3.0

WFH Strategies for the unprepared
WFH Strategies for the unpreparedWFH Strategies for the unprepared
WFH Strategies for the unpreparedBob Coppedge
 
Cerebro general overiew eng
Cerebro general overiew engCerebro general overiew eng
Cerebro general overiew engCineSoft
 
Troubleshooting: A High-Value Asset For The Service-Provider Discipline
Troubleshooting: A High-Value Asset For The Service-Provider DisciplineTroubleshooting: A High-Value Asset For The Service-Provider Discipline
Troubleshooting: A High-Value Asset For The Service-Provider DisciplineSagi Brody
 
Chapter 6 effects of ict on society
Chapter 6 effects of ict on societyChapter 6 effects of ict on society
Chapter 6 effects of ict on societyPratik Gupta
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
POWRR Tools: Lessons learned from an IMLS National Leadership Grant
POWRR Tools: Lessons learned from an IMLS National Leadership GrantPOWRR Tools: Lessons learned from an IMLS National Leadership Grant
POWRR Tools: Lessons learned from an IMLS National Leadership GrantLynne Thomas
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 
Software Development Whats & Whys
Software Development Whats & Whys Software Development Whats & Whys
Software Development Whats & Whys Harun Yardımcı
 
BioIT Trends - 2014 Internet2 Technology Exchange
BioIT Trends - 2014 Internet2 Technology ExchangeBioIT Trends - 2014 Internet2 Technology Exchange
BioIT Trends - 2014 Internet2 Technology ExchangeChris Dagdigian
 
PyData Texas 2015 Keynote
PyData Texas 2015 KeynotePyData Texas 2015 Keynote
PyData Texas 2015 KeynotePeter Wang
 
Protecting privacy with fuzzy-feeling test data
Protecting privacy with fuzzy-feeling test dataProtecting privacy with fuzzy-feeling test data
Protecting privacy with fuzzy-feeling test dataMatt Bowen
 
SRE Topics with Charity Majors and Liz Fong-Jones of Honeycomb
SRE Topics with Charity Majors and Liz Fong-Jones of HoneycombSRE Topics with Charity Majors and Liz Fong-Jones of Honeycomb
SRE Topics with Charity Majors and Liz Fong-Jones of HoneycombDaniel Zivkovic
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
IWMW 2004: Life After Email Strategies For Collaboration in the 21st Century
IWMW 2004: Life After Email Strategies For Collaboration in the 21st CenturyIWMW 2004: Life After Email Strategies For Collaboration in the 21st Century
IWMW 2004: Life After Email Strategies For Collaboration in the 21st CenturyIWMW
 
Feedback loops between tooling and culture
Feedback loops between tooling and cultureFeedback loops between tooling and culture
Feedback loops between tooling and cultureChris Winters
 
"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau
"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau
"Startups, comment gérer une équipe de développeurs" par Laurent CerveauTheFamily
 
Security in the News
Security in the NewsSecurity in the News
Security in the NewsJames Sutter
 
Devoxx Belgium 2022 - Debugging distributed systems
Devoxx Belgium 2022 - Debugging distributed systemsDevoxx Belgium 2022 - Debugging distributed systems
Devoxx Belgium 2022 - Debugging distributed systemsBert Jan Schrijver
 
Arnhem JUG March 2023 - Debugging distributed systems
Arnhem JUG March 2023 - Debugging distributed systemsArnhem JUG March 2023 - Debugging distributed systems
Arnhem JUG March 2023 - Debugging distributed systemsBert Jan Schrijver
 

Similaire à Getting Schooled DerbyCon 3.0 (20)

WFH Strategies for the unprepared
WFH Strategies for the unpreparedWFH Strategies for the unprepared
WFH Strategies for the unprepared
 
Cerebro general overiew eng
Cerebro general overiew engCerebro general overiew eng
Cerebro general overiew eng
 
Introduction to computer
Introduction to computerIntroduction to computer
Introduction to computer
 
Troubleshooting: A High-Value Asset For The Service-Provider Discipline
Troubleshooting: A High-Value Asset For The Service-Provider DisciplineTroubleshooting: A High-Value Asset For The Service-Provider Discipline
Troubleshooting: A High-Value Asset For The Service-Provider Discipline
 
Chapter 6 effects of ict on society
Chapter 6 effects of ict on societyChapter 6 effects of ict on society
Chapter 6 effects of ict on society
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
POWRR Tools: Lessons learned from an IMLS National Leadership Grant
POWRR Tools: Lessons learned from an IMLS National Leadership GrantPOWRR Tools: Lessons learned from an IMLS National Leadership Grant
POWRR Tools: Lessons learned from an IMLS National Leadership Grant
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
Software Development Whats & Whys
Software Development Whats & Whys Software Development Whats & Whys
Software Development Whats & Whys
 
BioIT Trends - 2014 Internet2 Technology Exchange
BioIT Trends - 2014 Internet2 Technology ExchangeBioIT Trends - 2014 Internet2 Technology Exchange
BioIT Trends - 2014 Internet2 Technology Exchange
 
PyData Texas 2015 Keynote
PyData Texas 2015 KeynotePyData Texas 2015 Keynote
PyData Texas 2015 Keynote
 
Protecting privacy with fuzzy-feeling test data
Protecting privacy with fuzzy-feeling test dataProtecting privacy with fuzzy-feeling test data
Protecting privacy with fuzzy-feeling test data
 
SRE Topics with Charity Majors and Liz Fong-Jones of Honeycomb
SRE Topics with Charity Majors and Liz Fong-Jones of HoneycombSRE Topics with Charity Majors and Liz Fong-Jones of Honeycomb
SRE Topics with Charity Majors and Liz Fong-Jones of Honeycomb
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
IWMW 2004: Life After Email Strategies For Collaboration in the 21st Century
IWMW 2004: Life After Email Strategies For Collaboration in the 21st CenturyIWMW 2004: Life After Email Strategies For Collaboration in the 21st Century
IWMW 2004: Life After Email Strategies For Collaboration in the 21st Century
 
Feedback loops between tooling and culture
Feedback loops between tooling and cultureFeedback loops between tooling and culture
Feedback loops between tooling and culture
 
"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau
"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau
"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
 
Devoxx Belgium 2022 - Debugging distributed systems
Devoxx Belgium 2022 - Debugging distributed systemsDevoxx Belgium 2022 - Debugging distributed systems
Devoxx Belgium 2022 - Debugging distributed systems
 
Arnhem JUG March 2023 - Debugging distributed systems
Arnhem JUG March 2023 - Debugging distributed systemsArnhem JUG March 2023 - Debugging distributed systems
Arnhem JUG March 2023 - Debugging distributed systems
 

Dernier

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 

Dernier (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Getting Schooled DerbyCon 3.0

  • 1. GETTING SCHOOLED SECURITY WITH NO BUDGET IN A HOSTILE ENVIRONMENT.
  • 3. ENVIRONMENT  12 Buildings in a metro area, fiber back to data center and fiber to the net.  7000 users, 6300 students and 700 staff.  Primarily a Microsoft/Cisco house.  35 servers physical/virtual, 3500 XP/Win7-8 desktops and 1000 IPads/Nexu.s  BYOD
  • 4. IT DEPARTMENT 7 VS 7000 • Department Manager who is very technically sound. • Secretary, who is also technically sound. She is our helpdesk and administers our Cisco phone system. • Three desktop technicians. Extremely good, self directed and need very little hand holding. • 1 Network Administrator • 1 System Engineer • Money is tight, no really it’s tight.
  • 5. DEPARTMENTS • The usual departments: HR, Finance, PR….along with Academic/Curriculum Departments, Pupil Services, Student Information, Food Services and Building Management. • Departments get their new budgets Aug. 1st. • Most of their projects hit at once, delivered on August 1 with late August for install. • There is very little thought given to security as these projects are defined, however they are extremely supportive and trusting of our advice on security issues. • August 1st – October 30th is pure chaos.
  • 6. TEACHERS • They are all very intelligent and have their own style of teaching, just as children have their own style of learning. • Spend summers in classes, seminars and gathering new software. • The above creates a situation where we support 1492 different applications. • They have little tolerance for security issues such as our web filter or lack of administrative rights on machines to install software when it interferes with instruction.
  • 7. STUDENTS • First and foremost, they are why we exist. We serve their needs above all others. • We answer to their parents and the tax payers of our community. It is their school, not ours. • They are children, they are not only learning academics, they are still learning the boundaries of acceptable computer usage. • They will try and hack. They will try and beat the web filter. They will try and get advanced copies of tests. Not because they are evil, they are not, but because they are children. • They will break stuff for the LOL’s
  • 8. THE THIN RED LINE • We want to nurture what they are doing. • I need to know they are trying, to teach them the limits. But if they pull off a successful breach, if they pull off putting porn all over the screen then they face suspension or expulsion. If I let them get that far, I have failed them. • When they succeed at hacking, I have failed them.
  • 9. THEY ALL START OUT INNOCENT LIKE DAVE DID
  • 10. THE NEXT DAVE IS IN A HIGH SCHOOL RIGHT NOW
  • 11. THREATS • Outside. Not high value other than phishing our bank accounts.. • Inside. The targets are very tempting to a student. Tests, grades, attendance, their ‘permanent’ record and PI on staff. • Surfing. A threat in it’s own. They are children with hormones, porn is high on the list. Plus interests in music and free games that lead them to a ton of virus/malware laden websites. Beating the filter is extremely high value. That leads them to proxies and trying to get staff accounts that have a more lenient filter. • BYOD
  • 12. SAVED BY BORIS (WHO WOULD HAVE THOUGHT THAT) • Boris’s talk was a watershed moment for me. • Stop buying sh*t. • Stick with what you know or you will mess it up.
  • 13. WHAT TO DO? • Define the attack vectotrs. • Watch the Red Team. What are they doing, what are they bragging about. How does that apply to my systems. • Listservs NTSysAdmin, PatchManagement.org, Blogs.
  • 14. MANAGEMENT BUY IN • Embrace the audit and get one. • For us, that becomes a public record. That makes it a very powerful document. There is no debate, just: Fix it.
  • 15. WHAT HAVE I GOT? • Document and define every system and every system interaction. • Document the software. Powershell queries, SCCM • Document the traffic. • Document access. Who needs what, build a list with an eye towards segmentation.
  • 16. WHAT IS IT DOING? • Read the logs. • Logs, logs and more logs. You must audit access success and failure. • Web Filter logs. Blocks are a key metric.
  • 17. SECURITY ONION • Doug Burks is the man. • Full open source Linux distro so easy even an MCSE can do it. • Full packet capture • Snort, Suricata, Bro, Sguil, Squert, Snorby , ELSA and Xplico. • Pivot from one to the other. SecurityOnion.Blogspot.Com
  • 18. PATCH IT ALL • MS08-067 • 90 day patch window on average. • Remember our documentation? That drives your third party patching. Build a spreadsheet that lists them, with version and a clickable link to check for the newest. • NINITE (couple hundred bucks a month) • Verify your patches. Powershell: Get-ADComputer | Get-HotFix
  • 19. WEB FILTER • Yea, people hate them. Sorry about that, talk to Congress. • Five strikes and you are out. • A very simple and powerful tool; this dropdown:
  • 20. ANATOMY OF A PHISH
  • 21. SERVER HARDENING • EMET 4.0 • ASA between users and servers. • Build your severs with segmentation of resources in mind so you can segment your users. Control that with your ASA and your VLANS. • Firewall on. Seriously, 2008+ the firewall is automatic. • Consider taking servers out of the domain. HVAC servers on management Vlan. .
  • 22. SERVERS CONT. • Encrypt your databases. • Patch them, all of it especially third party software. Veritas <sigh>. • FSRM on all shares. Block exe’s, bat, dll’s, shortcuts…… • Restricted groups for local admins, disable local admin account. • Disable cached credentials • F8 is your friend.
  • 23. DESKTOP HARDENING • No local admin. Period. Control it with Restricted Groups (replace not add) • Common images and standardization. • EMET 4.0 • RDS for Finance. • Local firewall via gpo. Logging on. • Event logging with auditing on success and failure. • Hide last user login • UAC • Autorun off • Software Restrictions
  • 24. MOAR • Software Restrictions • Nuke Control Panel items. • Nuke Explorer search and menu search • Nuke task manager • Disable run/cmd/Internet Explorer drives which also kills servername in IE • No bat files, no VBS in user context • Hide the system drive. • IE Maintenance via GPO. Zones, History……
  • 25. JAVA • EMET kills much of it. It looks for behavior not signatures. • In other cases egress filtering and/or the web filter. With only 80 and 443 allowed out the filter sees the exploit phoning home.
  • 26. BYOD/TABLETS • Get out in front of it, don’t wait for them to dictate how it’s going to happen. • Today I want to announce our awesome new BYOD program. This is going to rock!! • Guest Network, straight out to the internet. • GAFE • Good luck, enjoy. • District owned tablets • Meraki (free) • Find them and wipe them. • Tab Pilot. • Publish apps to the home screen, kill the rest of it.
  • 27. LEVERAGE YOUR SWITCHES-ROUTERS-FW • SSH only from management network. • Sticky Macs. • Kill unused ports. • Yea, it’s annoying for desktop techs. Talk to the memo. • Egress filtering.
  • 28. IT NEVER ENDS • Have management read the memo they gave you dictating ‘fix it’ from the audit. • Point out that this takes time, I negotiated 20 percent of my time for this. One day a week, Wednesday. If my boss pulls me off I ask him to talk to the memo about it.
  • 29. TIME FOR A HUG