SlideShare une entreprise Scribd logo

Windows Service Hardening

Digital Bond
Digital Bond

Bryan Owen of OSIsoft at S4x15 OTDay. Bryan shows how to harden a Windows Services generically and then specifically to a service used by OSIsoft's PI Server

Technologie
1  sur  30
Télécharger pour lire hors ligne
Windows  Service  Hardening Applied  to  Securing  PI  Interfaces   S4x15   OT  Day   Bryan  S  Owen  PE   bryan@osiso8.com  
Objec5ves •  What  is  Service  Hardening?   •  How  to  harden  a  PI  Interface?    
Service  Hardening  is  a  Defensive  Prac5ce •  Part  of  ‘Assume  Breach’  mindset   •  Strive  to  limit  damage  poten?al  
Reality:  Services  are  A?rac5ve  Targets •  Readily  discoverable   •  Open  network  ports   •  No  user  interac?on   •  Elevated  privileges    
Countermeasures Whitelis?ng  approach  for:   1.  Specific  Privileges   2.  Allowed  Communica?on   Service Hardening ACL File system Registry Network
Windows  Service  Hardening   Kernel  changes  in  Windows  6.0  (Vista/2008  and  later) D DD •  Reduce  size  of  high   risk  layers   •  Segment  the   services   •  Increase  number     of  layers   Kernel DriversD D User-mode Drivers D D D Service 1 Service 2 Service 3 Service … Service … Service A Service B
Built-­‐in  Users/Groups •  System   •  Administrators   •  Network  Service   •  Users,  Local  Service   •  Virtual  Service  Account            (NT  ServiceServiceName)   Most   Privilege   Least   Privilege  
Default  Service  Account  is  ‘System’! Used  in   Stuxnet   Worm   Numerous   aYacks  
Access  Control  List  (ACL)  Example Local  System         Default:  Full  control       …access  to  everything  
Opportuni5es •  Network  access  restric?ons   •  Service  isola?on   File  system  and  registry  permissions   •  Specify  required  privileges   •  Service  accounts  
PISNMP  Interface  CASE  Study Securing  PI  Interfaces  
Harden      Harden      Harden   Harden      Harden      Harden   PI  SNMP  Interface  Data  flow SNMP  capable  ICS  device   PI  SNMP  Interface  Node   (collect  and  buffer  services)   PI  Server  PINET  protocol  Harden      Harden      Harden      Harden      Harden   SNMP  protocol   Harden      Harden      Harden      Harden      Harden  
Service  Hardening  Scope 1.  Service  Recovery  Policy   2.  Reduce  Privilege   3.  Protect  File  System   4.  Firewall  Service  Rules  
SCM   Service  Control  Manager  “SCM”   Configura5on  Tools Basic   Advanced  
Service  Recovery
Service  Process  Privileges SeChangeNo?fyPrivilege   SeCreateGlobalPrivilege   SeImpersonatePrivilege   SeAuditPrivilege   SeChangeNo?fyPrivilege   SeCreateGlobalPrivilege   SeCreatePagefilePrivilege   SeCreatePermanentPrivilege   SeCreateSymbolicLinkPrivilege   SeDebugPrivilege   SeImpersonatePrivilege   SeIncreaseWorkingSetPrivilege   SeLockMemoryPrivilege   SeProfileSingleProcessPrivilege   SeSystemProfilePrivilege   SeSystemProfilePrivilege   SeTcbPrivilege   SeTimeZonePrivilege     SeChangeNo?fyPrivilege   System   Network  Service   Minimum  Required  
Network  Service No  longer  full  access   •  Reduced  privileges   •  Authen?cated  Users  
Quiz By  default,  is  “Network  Service”  allowed  to  write  then  execute   from  disk?   Hint:   •  “ICACLS  %SystemRoot%system32”   •  “ICACLS  %SystemDrive%”    
Service  ‘Hopping’  with  Built-­‐In  Accounts •  Shared  Logon:  Network  Service   ACL   Network   Service   Service1   Service2  
Virtual  Service  Account •  Creates  a  security  iden?fier  based  on  service  name   •  Alterna?ve  to  sharing  built  in  service  accounts   •  NT  Serviceservice  name   •  Local  account   •  Windows  networking  iden?ty   •  Domain:  machine  name$   •  Workgroup:  anonymous     •  Passwords   •  Automa?cally  generated,  non-­‐expiring,  cannot  be  locked-­‐out     •  240  bytes,  cryptographically  random.  
Enable  Virtual  Service  Account  (example) C:>sc  qsidtype  pisnmp1     [SC]  QueryServiceConfig2  SUCCESS     SERVICE_NAME:  pisnmp1     SERVICE_SID_TYPE:  NONE       C:>sc  sidtype  pisnmp1  unrestricted     [SC]  ChangeServiceConfig2  SUCCESS        
SID  Types •  None   No  virtual  service  account  SID  available.   •  Unrestricted   Access  token  “NT  SERVICEServiceName”     •  Restricted   Access  token  with  RESTRICTED,MANDATORY  flags:   •  NT  SERVICEServiceName   •  NT  AUTHORITYWRITE  RESTRICTED   •  Everyone   •  NT  AUTHORITYS-­‐1-­‐5-­‐5-­‐0-­‐…..  (Logon  SID,  A  unique  SID  is  created  for  each  logon  session).  
Service  Isola5on   Grant  permission  to  Virtual  Service  Account Default  ACL   Full  Access   Logon:  Local  System   ACL   NT  Servicepisnmp1  –  r/w   Logon:  NT  ServicePISNMP1  More  secure   Any  File   Program  FilesPIPCInterfacesSNMP   PISNMP1   PISNMP1  
Specify  Required  Privileges C:>sc  sidtype  pisnmp1  unrestricted     [SC]  ChangeServiceConfig2  SUCCESS       C:>sc  privs  pisnmp1  seChangeNoPfyPrivilege     [SC]  ChangeServiceConfig2  SUCCESS       C:>sc  qprivs  pisnmp1     [SC]  QueryServiceConfig2  SUCCESS     SERVICE_NAME:  pisnmp1     PRIVILEGES  :  seChangeNoJfyPrivilege       **  Restart  the  service  **  
Quiz •  Find  a  Windows  service  that  has  an  ‘unrestricted’  SID  with   minimal  privileges.   Hint:   •  use  “sc  query  |  findstr  SERVICE_NAME”     •  Then  “sc  qsidtype  servicename”   •  And  “sc  qprivs  servicename”  (scheduler,  spooler,  etc…)  
Network  Service  Restric5ons PI  SNMP   Port  *   PI  SNMP   Port  *   PI  SNMP  Port  *   Port   5450   Port   53   Define  Required  Communica?on   Endpoints  and  Ports  for  each  Windows  Service   DNS  Server   Port   161   PI  Network  Manager   Port  *   (Proxy  for  PIBufSS  Service)   PI  Server   SNMP  ICS  Device   PI  SNMP     Interface  
Bind  Windows  Firewall  Rule  to  a  Service
Quiz •  Why  did  the  PISNMP  service  need  a  separate  firewall  rule  for   DNS?   Hint:   •  Browse  firewall  rules  for  "Core  Networking  -­‐  DNS  (UDP-­‐Out)"   •  (Alt)  redirect  output  to  file  and  search  file   “netsh  advfirewall  firewall  show  rule  name  =  all  verbose”  
Ideal  Case:  More  Secure  by  Default Secure   Configura?on   Maintenance  
References •  Overview  of  Windows  Services  (Microsot)   •  Securing  PI  Interfaces  (OSIsot  UC2014  Learning  Day  Workbooks)       Enjoy  the  rest  of  OT  Day  and  S4x15!  

Recommandé

Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking Mehul Jariwala
 
Port Scanning
Port ScanningPort Scanning
Port Scanningamiable_indian
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotikTola LENG
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
Endpoint Security Solutions
Endpoint Security SolutionsEndpoint Security Solutions
Endpoint Security SolutionsThe TNS Group
 

Recommandé

Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking Mehul Jariwala
 
Port Scanning
Port ScanningPort Scanning
Port Scanningamiable_indian
 
Basic command to configure mikrotik
Basic command to configure mikrotikBasic command to configure mikrotik
Basic command to configure mikrotikTola LENG
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...Salem Trabelsi
 
Endpoint Security Solutions
Endpoint Security SolutionsEndpoint Security Solutions
Endpoint Security SolutionsThe TNS Group
 
Aircrack
AircrackAircrack
AircrackNithin Sathees
 
CCNA Course Training Presentation
CCNA Course Training PresentationCCNA Course Training Presentation
CCNA Course Training PresentationRohit Singh
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)DH Da Lat
 
CCNA Product Overview.pptx
CCNA Product Overview.pptxCCNA Product Overview.pptx
CCNA Product Overview.pptxKISHOYIANKISH
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOSFaelix Ltd
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1Nil Menon
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Ccna command
Ccna commandCcna command
Ccna commandSiddhartha Rajbhatt
 
Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commandsRobin Rohit
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE ExperienceDigital Bond
 

Contenu connexe

Tendances

CCNA Course Training Presentation
CCNA Course Training PresentationCCNA Course Training Presentation
CCNA Course Training PresentationRohit Singh
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)DH Da Lat
 
CCNA Product Overview.pptx
CCNA Product Overview.pptxCCNA Product Overview.pptx
CCNA Product Overview.pptxKISHOYIANKISH
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOSFaelix Ltd
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1Nil Menon
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commandsRobin Rohit
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 

Tendances (20)

Aircrack
AircrackAircrack
Aircrack
 
CCNA Course Training Presentation
CCNA Course Training PresentationCCNA Course Training Presentation
CCNA Course Training Presentation
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)
 
CCNA Product Overview.pptx
CCNA Product Overview.pptxCCNA Product Overview.pptx
CCNA Product Overview.pptx
 
Network Security
Network SecurityNetwork Security
Network Security
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
Network security
Network securityNetwork security
Network security
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOS
 
Server hardening
Server hardeningServer hardening
Server hardening
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1CCNA 2 Routing and Switching v5.0 Chapter 1
CCNA 2 Routing and Switching v5.0 Chapter 1
 
System hacking
System hackingSystem hacking
System hacking
 
Ccna command
Ccna commandCcna command
Ccna command
 
Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commands
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate Training
 

En vedette

Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE ExperienceDigital Bond
 
Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Digital Bond
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Digital Bond
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaDigital Bond
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Digital Bond
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Digital Bond
 
Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015Digital Bond
 
Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)Digital Bond
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)Digital Bond
 
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening GuidePT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guideqqlan
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat SheetICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat Sheetqqlan
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 

En vedette (20)

Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE Experience
 
Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)Internet Accessible ICS in Japan (English)
Internet Accessible ICS in Japan (English)
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing Keynote
 
Attacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar AsiaAttacking and Defending Autos Via OBD-II from escar Asia
Attacking and Defending Autos Via OBD-II from escar Asia
 
Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)Vulnerability Inheritance in ICS (English)
Vulnerability Inheritance in ICS (English)
 
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)Dynamic Zoning Based On Situational Activity in ICS (Japanese)
Dynamic Zoning Based On Situational Activity in ICS (Japanese)
 
Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015Remote Control Automobiles at ESCAR US 2015
Remote Control Automobiles at ESCAR US 2015
 
Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)Survey and Analysis of ICS Vulnerabilities (Japanese)
Survey and Analysis of ICS Vulnerabilities (Japanese)
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)ICS Security Training ... What Works and What Is Needed (Japanese)
ICS Security Training ... What Works and What Is Needed (Japanese)
 
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening GuidePT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guide
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat SheetICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
 

Similaire à Windows Service Hardening

Configuration Management Tools on NX-OS
Configuration Management Tools on NX-OSConfiguration Management Tools on NX-OS
Configuration Management Tools on NX-OSCisco DevNet
 
Microsoft Days 09 Windows 2008 Security
Microsoft Days 09 Windows 2008 SecurityMicrosoft Days 09 Windows 2008 Security
Microsoft Days 09 Windows 2008 Securitydkaya
 
Prévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxPrévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxColloqueRISQ
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB DeploymentMongoDB
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise MongoDB
 
0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartITimothy Chen
 
Securing the Helix Platform at Citrix
Securing the Helix Platform at CitrixSecuring the Helix Platform at Citrix
Securing the Helix Platform at CitrixPerforce
 
MongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB
 
MongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB
 
SPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideSPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideJ.D. Wade
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet
 
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB
 
Securing Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseSecuring Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseMongoDB
 
10 Tips Every XenDesktop Admin Should Know
10 Tips Every XenDesktop Admin Should Know10 Tips Every XenDesktop Admin Should Know
10 Tips Every XenDesktop Admin Should KnowDavid McGeough
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
Oracle security 08-oracle network security
Oracle security 08-oracle network securityOracle security 08-oracle network security
Oracle security 08-oracle network securityZhaoyang Wang
 
Security best practices
Security best practicesSecurity best practices
Security best practicesAVEVA
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX SecurityHelpSystems
 
Exploiting Active Directory Administrator Insecurities
Exploiting Active Directory Administrator InsecuritiesExploiting Active Directory Administrator Insecurities
Exploiting Active Directory Administrator InsecuritiesPriyanka Aash
 

Similaire à Windows Service Hardening (20)

Configuration Management Tools on NX-OS
Configuration Management Tools on NX-OSConfiguration Management Tools on NX-OS
Configuration Management Tools on NX-OS
 
Microsoft Days 09 Windows 2008 Security
Microsoft Days 09 Windows 2008 SecurityMicrosoft Days 09 Windows 2008 Security
Microsoft Days 09 Windows 2008 Security
 
Prévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxPrévention et détection des mouvements latéraux
Prévention et détection des mouvements latéraux
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
 
0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI0505 Windows Server 2008 一日精華營 PartI
0505 Windows Server 2008 一日精華營 PartI
 
Securing the Helix Platform at Citrix
Securing the Helix Platform at CitrixSecuring the Helix Platform at Citrix
Securing the Helix Platform at Citrix
 
MongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the Cloud
 
MongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud SecurityMongoDB World 2018: Enterprise Cloud Security
MongoDB World 2018: Enterprise Cloud Security
 
SPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival GuideSPS Ozarks 2012: Kerberos Survival Guide
SPS Ozarks 2012: Kerberos Survival Guide
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB EnterpriseMongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
MongoDB Days UK: Securing Your Deployment with MongoDB Enterprise
 
Securing Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB EnterpriseSecuring Your Deployment with MongoDB Enterprise
Securing Your Deployment with MongoDB Enterprise
 
10 Tips Every XenDesktop Admin Should Know
10 Tips Every XenDesktop Admin Should Know10 Tips Every XenDesktop Admin Should Know
10 Tips Every XenDesktop Admin Should Know
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDB
 
Oracle security 08-oracle network security
Oracle security 08-oracle network securityOracle security 08-oracle network security
Oracle security 08-oracle network security
 
Cl212
Cl212Cl212
Cl212
 
Security best practices
Security best practicesSecurity best practices
Security best practices
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX Security
 
Exploiting Active Directory Administrator Insecurities
Exploiting Active Directory Administrator InsecuritiesExploiting Active Directory Administrator Insecurities
Exploiting Active Directory Administrator Insecurities
 

Plus de Digital Bond

The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsDigital Bond
 
Unidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICSUnidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICSDigital Bond
 
Havex Deep Dive (English)
Havex Deep Dive (English)Havex Deep Dive (English)
Havex Deep Dive (English)Digital Bond
 
Unsolicited Response - Getting BACnet Off of the Internet (Japanese)
Unsolicited Response - Getting BACnet Off of the Internet (Japanese)Unsolicited Response - Getting BACnet Off of the Internet (Japanese)
Unsolicited Response - Getting BACnet Off of the Internet (Japanese)Digital Bond
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Digital Bond
 
Application Whitelisting and DPI in ICS (English)
Application Whitelisting and DPI in ICS (English)Application Whitelisting and DPI in ICS (English)
Application Whitelisting and DPI in ICS (English)Digital Bond
 
Industrial Wireless Security (Japanese)
Industrial Wireless Security (Japanese)Industrial Wireless Security (Japanese)
Industrial Wireless Security (Japanese)Digital Bond
 
S4x14 Session: You Name It; We Analyze It
S4x14 Session: You Name It; We Analyze ItS4x14 Session: You Name It; We Analyze It
S4x14 Session: You Name It; We Analyze ItDigital Bond
 
Writing ICS Vulnerability Analysis
Writing ICS Vulnerability AnalysisWriting ICS Vulnerability Analysis
Writing ICS Vulnerability AnalysisDigital Bond
 
HART as an Attack Vector
HART as an Attack VectorHART as an Attack Vector
HART as an Attack VectorDigital Bond
 
PLC Code Protection
PLC Code ProtectionPLC Code Protection
PLC Code ProtectionDigital Bond
 

Plus de Digital Bond (13)

The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
Assessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS SolutionsAssessing the Security of Cloud SaaS Solutions
Assessing the Security of Cloud SaaS Solutions
 
Unidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICSUnidirectional Security Appliances to Secure ICS
Unidirectional Security Appliances to Secure ICS
 
Havex Deep Dive (English)
Havex Deep Dive (English)Havex Deep Dive (English)
Havex Deep Dive (English)
 
Unsolicited Response - Getting BACnet Off of the Internet (Japanese)
Unsolicited Response - Getting BACnet Off of the Internet (Japanese)Unsolicited Response - Getting BACnet Off of the Internet (Japanese)
Unsolicited Response - Getting BACnet Off of the Internet (Japanese)
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
 
Application Whitelisting and DPI in ICS (English)
Application Whitelisting and DPI in ICS (English)Application Whitelisting and DPI in ICS (English)
Application Whitelisting and DPI in ICS (English)
 
Industrial Wireless Security (Japanese)
Industrial Wireless Security (Japanese)Industrial Wireless Security (Japanese)
Industrial Wireless Security (Japanese)
 
S4x14 Session: You Name It; We Analyze It
S4x14 Session: You Name It; We Analyze ItS4x14 Session: You Name It; We Analyze It
S4x14 Session: You Name It; We Analyze It
 
Writing ICS Vulnerability Analysis
Writing ICS Vulnerability AnalysisWriting ICS Vulnerability Analysis
Writing ICS Vulnerability Analysis
 
HART as an Attack Vector
HART as an Attack VectorHART as an Attack Vector
HART as an Attack Vector
 
PLC Code Protection
PLC Code ProtectionPLC Code Protection
PLC Code Protection
 

Dernier

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Dernier (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Windows Service Hardening

  • 1. Windows  Service  Hardening Applied  to  Securing  PI  Interfaces   S4x15   OT  Day   Bryan  S  Owen  PE   bryan@osiso8.com  
  • 2. Objec5ves •  What  is  Service  Hardening?   •  How  to  harden  a  PI  Interface?    
  • 3. Service  Hardening  is  a  Defensive  Prac5ce •  Part  of  ‘Assume  Breach’  mindset   •  Strive  to  limit  damage  poten?al  
  • 4. Reality:  Services  are  A?rac5ve  Targets •  Readily  discoverable   •  Open  network  ports   •  No  user  interac?on   •  Elevated  privileges    
  • 5. Countermeasures Whitelis?ng  approach  for:   1.  Specific  Privileges   2.  Allowed  Communica?on   Service Hardening ACL File system Registry Network
  • 6. Windows  Service  Hardening   Kernel  changes  in  Windows  6.0  (Vista/2008  and  later) D DD •  Reduce  size  of  high   risk  layers   •  Segment  the   services   •  Increase  number     of  layers   Kernel DriversD D User-mode Drivers D D D Service 1 Service 2 Service 3 Service … Service … Service A Service B
  • 7. Built-­‐in  Users/Groups •  System   •  Administrators   •  Network  Service   •  Users,  Local  Service   •  Virtual  Service  Account            (NT  ServiceServiceName)   Most   Privilege   Least   Privilege  
  • 8. Default  Service  Account  is  ‘System’! Used  in   Stuxnet   Worm   Numerous   aYacks  
  • 9. Access  Control  List  (ACL)  Example Local  System         Default:  Full  control       …access  to  everything  
  • 10. Opportuni5es •  Network  access  restric?ons   •  Service  isola?on   File  system  and  registry  permissions   •  Specify  required  privileges   •  Service  accounts  
  • 11. PISNMP  Interface  CASE  Study Securing  PI  Interfaces  
  • 12. Harden      Harden      Harden   Harden      Harden      Harden   PI  SNMP  Interface  Data  flow SNMP  capable  ICS  device   PI  SNMP  Interface  Node   (collect  and  buffer  services)   PI  Server  PINET  protocol  Harden      Harden      Harden      Harden      Harden   SNMP  protocol   Harden      Harden      Harden      Harden      Harden  
  • 13. Service  Hardening  Scope 1.  Service  Recovery  Policy   2.  Reduce  Privilege   3.  Protect  File  System   4.  Firewall  Service  Rules  
  • 14. SCM   Service  Control  Manager  “SCM”   Configura5on  Tools Basic   Advanced  
  • 16. Service  Process  Privileges SeChangeNo?fyPrivilege   SeCreateGlobalPrivilege   SeImpersonatePrivilege   SeAuditPrivilege   SeChangeNo?fyPrivilege   SeCreateGlobalPrivilege   SeCreatePagefilePrivilege   SeCreatePermanentPrivilege   SeCreateSymbolicLinkPrivilege   SeDebugPrivilege   SeImpersonatePrivilege   SeIncreaseWorkingSetPrivilege   SeLockMemoryPrivilege   SeProfileSingleProcessPrivilege   SeSystemProfilePrivilege   SeSystemProfilePrivilege   SeTcbPrivilege   SeTimeZonePrivilege     SeChangeNo?fyPrivilege   System   Network  Service   Minimum  Required  
  • 17. Network  Service No  longer  full  access   •  Reduced  privileges   •  Authen?cated  Users  
  • 18. Quiz By  default,  is  “Network  Service”  allowed  to  write  then  execute   from  disk?   Hint:   •  “ICACLS  %SystemRoot%system32”   •  “ICACLS  %SystemDrive%”    
  • 19. Service  ‘Hopping’  with  Built-­‐In  Accounts •  Shared  Logon:  Network  Service   ACL   Network   Service   Service1   Service2  
  • 20. Virtual  Service  Account •  Creates  a  security  iden?fier  based  on  service  name   •  Alterna?ve  to  sharing  built  in  service  accounts   •  NT  Serviceservice  name   •  Local  account   •  Windows  networking  iden?ty   •  Domain:  machine  name$   •  Workgroup:  anonymous     •  Passwords   •  Automa?cally  generated,  non-­‐expiring,  cannot  be  locked-­‐out     •  240  bytes,  cryptographically  random.  
  • 21. Enable  Virtual  Service  Account  (example) C:>sc  qsidtype  pisnmp1     [SC]  QueryServiceConfig2  SUCCESS     SERVICE_NAME:  pisnmp1     SERVICE_SID_TYPE:  NONE       C:>sc  sidtype  pisnmp1  unrestricted     [SC]  ChangeServiceConfig2  SUCCESS        
  • 22. SID  Types •  None   No  virtual  service  account  SID  available.   •  Unrestricted   Access  token  “NT  SERVICEServiceName”     •  Restricted   Access  token  with  RESTRICTED,MANDATORY  flags:   •  NT  SERVICEServiceName   •  NT  AUTHORITYWRITE  RESTRICTED   •  Everyone   •  NT  AUTHORITYS-­‐1-­‐5-­‐5-­‐0-­‐…..  (Logon  SID,  A  unique  SID  is  created  for  each  logon  session).  
  • 23. Service  Isola5on   Grant  permission  to  Virtual  Service  Account Default  ACL   Full  Access   Logon:  Local  System   ACL   NT  Servicepisnmp1  –  r/w   Logon:  NT  ServicePISNMP1  More  secure   Any  File   Program  FilesPIPCInterfacesSNMP   PISNMP1   PISNMP1  
  • 24. Specify  Required  Privileges C:>sc  sidtype  pisnmp1  unrestricted     [SC]  ChangeServiceConfig2  SUCCESS       C:>sc  privs  pisnmp1  seChangeNoPfyPrivilege     [SC]  ChangeServiceConfig2  SUCCESS       C:>sc  qprivs  pisnmp1     [SC]  QueryServiceConfig2  SUCCESS     SERVICE_NAME:  pisnmp1     PRIVILEGES  :  seChangeNoJfyPrivilege       **  Restart  the  service  **  
  • 25. Quiz •  Find  a  Windows  service  that  has  an  ‘unrestricted’  SID  with   minimal  privileges.   Hint:   •  use  “sc  query  |  findstr  SERVICE_NAME”     •  Then  “sc  qsidtype  servicename”   •  And  “sc  qprivs  servicename”  (scheduler,  spooler,  etc…)  
  • 26. Network  Service  Restric5ons PI  SNMP   Port  *   PI  SNMP   Port  *   PI  SNMP  Port  *   Port   5450   Port   53   Define  Required  Communica?on   Endpoints  and  Ports  for  each  Windows  Service   DNS  Server   Port   161   PI  Network  Manager   Port  *   (Proxy  for  PIBufSS  Service)   PI  Server   SNMP  ICS  Device   PI  SNMP     Interface  
  • 27. Bind  Windows  Firewall  Rule  to  a  Service
  • 28. Quiz •  Why  did  the  PISNMP  service  need  a  separate  firewall  rule  for   DNS?   Hint:   •  Browse  firewall  rules  for  "Core  Networking  -­‐  DNS  (UDP-­‐Out)"   •  (Alt)  redirect  output  to  file  and  search  file   “netsh  advfirewall  firewall  show  rule  name  =  all  verbose”  
  • 29. Ideal  Case:  More  Secure  by  Default Secure   Configura?on   Maintenance  
  • 30. References •  Overview  of  Windows  Services  (Microsot)   •  Securing  PI  Interfaces  (OSIsot  UC2014  Learning  Day  Workbooks)       Enjoy  the  rest  of  OT  Day  and  S4x15!