SlideShare une entreprise Scribd logo

System hardening - OS and Application

Télécharger en tant que PPTX, PDF
E
edavid2685

OS System and Application Hardening

Technologie
1  sur  48
System Hardening Windows OS Clients and Applications
About me.. • This talk really shouldn’t be about me.. Its about you.. • This community is about educating each other and making things better
What is this talk about? • Hardening Microsoft OS’s for Domain and Standalone computers • Large Scale EMET deployments • How to approach Java problem if you run out of date versions • Adobe Acrobat customization according to NSA standards • Local Admin accounts and Passwords and what to do about them • Cryptography – Some brief thoughts
OS Security references • Microsoft Security Compliance Manager - http://technet.microsoft.com/en-us/library/cc677002.aspx • Center for Internet Security Benchmarks** - https://benchmarks.cisecurity.org/downloads/multiform/index.cfm • DISA Stigs - http://iase.disa.mil/stigs/os/windows/Pages/index.aspx
CIS Security Benchmarks • Recommended technical control rules/values for hardening operating systems • Distributed free of charge by CIS in .PDF format • Where to Begin?? • Incident Response and SSLF.. Flip up the guide for your audience!
Microsoft SCM Current Baselines
MS Security Compliance Manager • Exporting Group Policy Objects in your environment and re-import into SCM • Mix and Merge two separate security baselines to remediate issues or consolidate security • No Active Directory? Apply Policy through Local GPO Tools
Inventory Your current Security Posture (If Any) • Security Policies can easily be exported from Group Policy Management Console and re-imported into Microsoft Security Compliance Manager • Two options to mix and merge: Compare with SCM pre-populated baselines or build your own based upon CIS PDF’s • My preference is to build based upon CIS and take security to the maximum hardened limit. (Ex. Earlier Win7 CIS gave Self Limited Functionality Profiles SSLF for high security environments)
Warning: You will Break Stuff!
Troubleshooting Hardening issues • Easiest method is to have a container set up in Active Directory with all group policy inheritance blocked. • Apply your OS Hardening Policies through the local GPO tool. This tool is available when you install Security Compliance Manager. • Installer Can be found in C:Program Files (x86)Microsoft Security Compliance ManagerLGPO << After SCM Install
Why troubleshoot CIS with LGPO Tool • Instead of having your sever admins randomly shut group policies off at the server level you can rapidly respond to testing by locally turning off policies • It’s a needle in a haystack approach. Most issues you deal with will probably be around network security and authentication hardening • Works great if you want to applied hardened OS policies in standalone high security environments
A few other things • The concept of least privilege should always be used (UAC) • Getting asked even by IT folks to turn it off (UAC) • Limit Admin accounts. Secondary admin accounts are better. Never use admin accounts to browse or do daily tasks on your network • Autorun should be one of the first things you disable in any org. It’s a quick hit with minimal impacts to end users • Enforce the firewall from getting turned off. Use Domain firewall profiles heavily. While restricting public and home profiles. • Be careful with Audit policies. Too much audit information can be a bad thing in logs
A few other things continued • Debug programs.. No one should have access to do this. PG. 76 • Limit the amount of remotely accessible registry path’s. (Take note Windows 7 remote registry services has to be manually started. ) This should be disabled Pg. 133 • Lan Manager Authentication Level: Enforce NTLMv2 and Refuse LM and NTLM << This should be non negotiable IE. Pass the Hash Pg. 137 • For High security environments don’t process legacy and run once list << Could lead to other issues with certain applications and driver applications. Use cautiously. • Prevent computers from Joining Homegroups.. BYOD issues PG 169
But Wait….I HAZ Shells
Disable Remote Shell Access • Remote Shell Access pg160 • You need to decide if it’s worth it for you to really have remote shell access. • Reduce your attack surface… This is what OS hardening is all about
Lets have a talk about Large Scale EMET deployments (5,000 Machines and More)
EMET Large Scale deployments • Resources • Customizing • Scaling • Group Policy • Where does everything fit and in what order?
EMET Resources • Kurt Falde Blog (http://blogs.technet.com/b/kfalde/) • Security Research and Defense Blogs (http://blogs.technet.com/b/srd/) • EMET Social Technet Forum (http://social.technet.microsoft.com/Forums/security/en- US/home?forum=emet) • EMET Pilot Proof of Concept Recommendations (http://social.technet.microsoft.com/wiki/contents/articles/23598.emet-pilot- proof-of-concept-recommendations.aspx) • EMET Know Application Issues Table (http://social.technet.microsoft.com/wiki/contents/articles/22931.emet-known- application-issues-table.aspx)
Avoiding EMET “Resume Generating Events”
What to avoid with EMET deployments • Do not immediately add popular or recommended XML profiles to EMET. Attaching EMET to processes and not vetting them in a organization is not a good idea. • Do not use Group Policy out of the gate. Instead inject with local policies first to vet out problems. • Use System Wide DEP settings cautiously. You may uncover applications, even though not hooked into EMET, crashing because of system wide DEP. Use “Application Opt In” is a safer solution
EMET Customization • Base MSI • Exporting custom XML and using EMET_Conf to push settings • Registry import to policy key for EMET. Acts as local group policy.
Using EMET_Conf
EMET_Conf (cont.) • Use EMET_Conf --delete_all to remove all application mitigation settings and certificate trust configurations • Built your own settings… Then Export… Export will be in a .xml file • Reimport by using EMET_Conf --import.xml • If you script emet_conf to push out settings include HelperLib.dll, MitigationInterface.dll, PKIPinningSubsystem.dll, SdbHelper.dll
EMET Policies
Injecting EMET policies into Registry
Starting out with EMET • Start out with highest risk applications first. Start with browsers (Internet Explorer, Firefox, Chrome, Opera) • Move onto Adobe Reader/writer, Java. • High risk exploited apps should always be first
The Java Problem • Malicious actors are using trusted applications to exploit gaps in perimeter security. • Java comprises 91 percent of web exploits; 76 percent of companies using Cisco Web Security services are running Java 6, an end-of-life, unsupported version. • “Watering hole” attacks are targeting specific industry-related websites to deliver malware. Source: Cisco 2014 Annual Security Report (http://www.cisco.com/web/offers/l p/2014-annual-security-report/ index.html)
The Java Problem Continued • Corporations rely on Out of Date versions • The “Pigeon Hole” Effect. I can’t upgrade Java because you will break my critical business app. • Virtualizing can be a expensive solution • But my AV will stop it! << Probably not… • Oracle EOL Java 6 but paid support can extend this.. << too expensive • Java is a security nightmare and a application administrators worst enemy
The Java problem continued
Prevent Java from running • Hopefully by now everyone has deployed MS014-051. If not you should.. Soon. • Don’t deploy and assume you are done. Don’t accept Default Policies for this. • Starting with MS014-051 does out of date java blocking by default but allows users to circumvent.
Mitigating the Java Problem with GPO’s • Before you do this… lock down trusted sites. Don’t allow users to circumvent security by putting stuff in trusted sites without a vetting process • Don’t allow users to “run this time” If Java is out of Date. Lock it down • Allow out of date java to sites that are business critical only.
Java Resources For Mitigation • http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins- blocking-out-of-date-activex-controls.aspx • http://blogs.msdn.com/b/askie/archive/2014/08/12/how-to-manage- the-new-quot-blocking-out-of-date-activex-controls-quot-feature- in-ie.aspx
Java Active X Blocking • Computer ConfigurationAdministrative TemplatesWindows ComponentsInternet ExplorerSecurity FeaturesAdd On Management
Java Active X Blocking
Java Active X Blocking
Java Active X Blocking
Java Active X Blocking
Bonus: Block Flash too.. High Security Environments
End Results
Hardening Adobe Reader/Writer • Adobe Enterprise Toolkit http://www.adobe.com/devnet-docs/ acrobatetk/index.html • Application Security Overview http://www.adobe.com/devnet-docs/ acrobatetk/tools/AppSec/index.html • Adobe Customization Wizard (Use this)ftp://ftp.adobe.com/pub/adobe/acrobat/win/11.x/11.0.00/misc/ • NSA guidelines for Adobe XI in Enterprise Environments (Use This) https://www.nsa.gov/ia/_files/app/Recommendations_for_Configuring _Adobe_Acrobat_Reader_XI_in_a_Windows_Environment.pdf
Hardening Adobe Reader/Writer • Don’t give people a chance to disable Protected mode, protected view, and enhanced security • For high security environments disable Javascript. Disable URL links.. Don’t allow flash content to be viewed in PDF’s << Very bad • Patch often and ASAP • Hook in with EMET to enhance exploit mitigation
Adobe Demo
Admin Passwords • Disable Admin Passwords • If you can’t disable then Randomize it.. Per machine.. • Sans SEC 505.. Awesome course… • http://cyber-defense.sans.org/blog/2013/08/01/reset-local-administrator- password-automatically-with-a-different-password-across- the-enterprise
Cryptography • Truecrypt << my advice is to please stay away from this. • http://istruecryptauditedyet.com/ • 2nd part of the audit is very important as it deals with Cryptanalysis and RNG’s. If the RNG’s are weak or in a predictable state such as Dual Elliptic Curve. Truecrypt users will be in trouble. • Developers were never known..
Cryptography • If you use bitlocker… Please enforce AES 256. Bitlocker defaults to AES 128 • Kill Secrets from memory.. • Starting in Windows 8.1 Pro versions come packed with bitlocker • 2008 Servers and above have it to • Encrypt all your things……There is no reason not to.
Questions???

Recommandé

Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web AttacksVivek Sinha Anurag
 

Recommandé

Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web AttacksVivek Sinha Anurag
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security AttacksSajid Hasan
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Cyber security
Cyber securityCyber security
Cyber securityTaimoorArshad5
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
Hardening firefox, Securizar Mozilla Firefox
Hardening firefox, Securizar Mozilla FirefoxHardening firefox, Securizar Mozilla Firefox
Hardening firefox, Securizar Mozilla FirefoxPrivaciseguridad
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security HardeningTimothy Wood
 

Contenu connexe

Tendances

Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security AttacksSajid Hasan
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 

Tendances (20)

Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security Attacks
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Cyber security
Cyber securityCyber security
Cyber security
 
Software security
Software securitySoftware security
Software security
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
 

En vedette

Hardening firefox, Securizar Mozilla Firefox
Hardening firefox, Securizar Mozilla FirefoxHardening firefox, Securizar Mozilla Firefox
Hardening firefox, Securizar Mozilla FirefoxPrivaciseguridad
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security HardeningTimothy Wood
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux SystemNovell
 
Getting started with GrSecurity
Getting started with GrSecurityGetting started with GrSecurity
Getting started with GrSecurityFrancesco Pira
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slideAlya Al Saadi
 
Hardening Linux Server Security
Hardening Linux Server SecurityHardening Linux Server Security
Hardening Linux Server SecurityIlham Kurniawan
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal IssuesIkuo Takahashi
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computingmovinghats
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 
Security Measure
Security MeasureSecurity Measure
Security Measuresyafiqa
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesFrank Lesniak
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Frank Lesniak
 
Security measures (Microsoft Powerpoint)
Security measures (Microsoft Powerpoint)Security measures (Microsoft Powerpoint)
Security measures (Microsoft Powerpoint)ainizbahari97
 

En vedette (20)

Hardening firefox, Securizar Mozilla Firefox
Hardening firefox, Securizar Mozilla FirefoxHardening firefox, Securizar Mozilla Firefox
Hardening firefox, Securizar Mozilla Firefox
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security Hardening
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server Hardening
 
Ejecutables
EjecutablesEjecutables
Ejecutables
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux System
 
Getting started with GrSecurity
Getting started with GrSecurityGetting started with GrSecurity
Getting started with GrSecurity
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slide
 
Hardening Linux Server Security
Hardening Linux Server SecurityHardening Linux Server Security
Hardening Linux Server Security
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal Issues
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by Steps
 
Linux Security
Linux SecurityLinux Security
Linux Security
 
Security Measures
Security MeasuresSecurity Measures
Security Measures
 
Security Measure
Security MeasureSecurity Measure
Security Measure
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security Baselines
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
 
Security measures (Microsoft Powerpoint)
Security measures (Microsoft Powerpoint)Security measures (Microsoft Powerpoint)
Security measures (Microsoft Powerpoint)
 

Similaire à System hardening - OS and Application

GrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the CheapGrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the CheapJoel Cardella
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Teemu Tiainen
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summaryKarun Chennuri
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
ProdSec: A Technical Approach
ProdSec: A Technical ApproachProdSec: A Technical Approach
ProdSec: A Technical ApproachJeremy Brown
 
Open source: Top issues in the top enterprise packages
Open source: Top issues in the top enterprise packagesOpen source: Top issues in the top enterprise packages
Open source: Top issues in the top enterprise packagesRogue Wave Software
 
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious ServersRaleigh ISSA
 
Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...
Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...
Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...Theo Jungeblut
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...Mike Spaulding
 
Pentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionPentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionBeau Bullock
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Adrian Sanabria
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdfMarlboroAbyad
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Build automation best practices
Build automation best practicesBuild automation best practices
Build automation best practicesCode Mastery
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...eG Innovations
 
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IVIncident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IVAlexander Sverdlov
 

Similaire à System hardening - OS and Application (20)

GrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the CheapGrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the Cheap
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
ProdSec: A Technical Approach
ProdSec: A Technical ApproachProdSec: A Technical Approach
ProdSec: A Technical Approach
 
Open source: Top issues in the top enterprise packages
Open source: Top issues in the top enterprise packagesOpen source: Top issues in the top enterprise packages
Open source: Top issues in the top enterprise packages
 
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
 
Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...
Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...
Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
 
Pentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionPentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 Edition
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdf
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Build automation best practices
Build automation best practicesBuild automation best practices
Build automation best practices
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
 
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IVIncident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
 

Dernier

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Dernier (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

System hardening - OS and Application

  • 1. System Hardening Windows OS Clients and Applications
  • 2. About me.. • This talk really shouldn’t be about me.. Its about you.. • This community is about educating each other and making things better
  • 3. What is this talk about? • Hardening Microsoft OS’s for Domain and Standalone computers • Large Scale EMET deployments • How to approach Java problem if you run out of date versions • Adobe Acrobat customization according to NSA standards • Local Admin accounts and Passwords and what to do about them • Cryptography – Some brief thoughts
  • 4. OS Security references • Microsoft Security Compliance Manager - http://technet.microsoft.com/en-us/library/cc677002.aspx • Center for Internet Security Benchmarks** - https://benchmarks.cisecurity.org/downloads/multiform/index.cfm • DISA Stigs - http://iase.disa.mil/stigs/os/windows/Pages/index.aspx
  • 5. CIS Security Benchmarks • Recommended technical control rules/values for hardening operating systems • Distributed free of charge by CIS in .PDF format • Where to Begin?? • Incident Response and SSLF.. Flip up the guide for your audience!
  • 7. MS Security Compliance Manager • Exporting Group Policy Objects in your environment and re-import into SCM • Mix and Merge two separate security baselines to remediate issues or consolidate security • No Active Directory? Apply Policy through Local GPO Tools
  • 8. Inventory Your current Security Posture (If Any) • Security Policies can easily be exported from Group Policy Management Console and re-imported into Microsoft Security Compliance Manager • Two options to mix and merge: Compare with SCM pre-populated baselines or build your own based upon CIS PDF’s • My preference is to build based upon CIS and take security to the maximum hardened limit. (Ex. Earlier Win7 CIS gave Self Limited Functionality Profiles SSLF for high security environments)
  • 9. Warning: You will Break Stuff!
  • 10. Troubleshooting Hardening issues • Easiest method is to have a container set up in Active Directory with all group policy inheritance blocked. • Apply your OS Hardening Policies through the local GPO tool. This tool is available when you install Security Compliance Manager. • Installer Can be found in C:Program Files (x86)Microsoft Security Compliance ManagerLGPO << After SCM Install
  • 11. Why troubleshoot CIS with LGPO Tool • Instead of having your sever admins randomly shut group policies off at the server level you can rapidly respond to testing by locally turning off policies • It’s a needle in a haystack approach. Most issues you deal with will probably be around network security and authentication hardening • Works great if you want to applied hardened OS policies in standalone high security environments
  • 12.
  • 13.
  • 14. A few other things • The concept of least privilege should always be used (UAC) • Getting asked even by IT folks to turn it off (UAC) • Limit Admin accounts. Secondary admin accounts are better. Never use admin accounts to browse or do daily tasks on your network • Autorun should be one of the first things you disable in any org. It’s a quick hit with minimal impacts to end users • Enforce the firewall from getting turned off. Use Domain firewall profiles heavily. While restricting public and home profiles. • Be careful with Audit policies. Too much audit information can be a bad thing in logs
  • 15. A few other things continued • Debug programs.. No one should have access to do this. PG. 76 • Limit the amount of remotely accessible registry path’s. (Take note Windows 7 remote registry services has to be manually started. ) This should be disabled Pg. 133 • Lan Manager Authentication Level: Enforce NTLMv2 and Refuse LM and NTLM << This should be non negotiable IE. Pass the Hash Pg. 137 • For High security environments don’t process legacy and run once list << Could lead to other issues with certain applications and driver applications. Use cautiously. • Prevent computers from Joining Homegroups.. BYOD issues PG 169
  • 17. Disable Remote Shell Access • Remote Shell Access pg160 • You need to decide if it’s worth it for you to really have remote shell access. • Reduce your attack surface… This is what OS hardening is all about
  • 18. Lets have a talk about Large Scale EMET deployments (5,000 Machines and More)
  • 19. EMET Large Scale deployments • Resources • Customizing • Scaling • Group Policy • Where does everything fit and in what order?
  • 20. EMET Resources • Kurt Falde Blog (http://blogs.technet.com/b/kfalde/) • Security Research and Defense Blogs (http://blogs.technet.com/b/srd/) • EMET Social Technet Forum (http://social.technet.microsoft.com/Forums/security/en- US/home?forum=emet) • EMET Pilot Proof of Concept Recommendations (http://social.technet.microsoft.com/wiki/contents/articles/23598.emet-pilot- proof-of-concept-recommendations.aspx) • EMET Know Application Issues Table (http://social.technet.microsoft.com/wiki/contents/articles/22931.emet-known- application-issues-table.aspx)
  • 21. Avoiding EMET “Resume Generating Events”
  • 22. What to avoid with EMET deployments • Do not immediately add popular or recommended XML profiles to EMET. Attaching EMET to processes and not vetting them in a organization is not a good idea. • Do not use Group Policy out of the gate. Instead inject with local policies first to vet out problems. • Use System Wide DEP settings cautiously. You may uncover applications, even though not hooked into EMET, crashing because of system wide DEP. Use “Application Opt In” is a safer solution
  • 23. EMET Customization • Base MSI • Exporting custom XML and using EMET_Conf to push settings • Registry import to policy key for EMET. Acts as local group policy.
  • 25. EMET_Conf (cont.) • Use EMET_Conf --delete_all to remove all application mitigation settings and certificate trust configurations • Built your own settings… Then Export… Export will be in a .xml file • Reimport by using EMET_Conf --import.xml • If you script emet_conf to push out settings include HelperLib.dll, MitigationInterface.dll, PKIPinningSubsystem.dll, SdbHelper.dll
  • 27. Injecting EMET policies into Registry
  • 28. Starting out with EMET • Start out with highest risk applications first. Start with browsers (Internet Explorer, Firefox, Chrome, Opera) • Move onto Adobe Reader/writer, Java. • High risk exploited apps should always be first
  • 29. The Java Problem • Malicious actors are using trusted applications to exploit gaps in perimeter security. • Java comprises 91 percent of web exploits; 76 percent of companies using Cisco Web Security services are running Java 6, an end-of-life, unsupported version. • “Watering hole” attacks are targeting specific industry-related websites to deliver malware. Source: Cisco 2014 Annual Security Report (http://www.cisco.com/web/offers/l p/2014-annual-security-report/ index.html)
  • 30. The Java Problem Continued • Corporations rely on Out of Date versions • The “Pigeon Hole” Effect. I can’t upgrade Java because you will break my critical business app. • Virtualizing can be a expensive solution • But my AV will stop it! << Probably not… • Oracle EOL Java 6 but paid support can extend this.. << too expensive • Java is a security nightmare and a application administrators worst enemy
  • 31. The Java problem continued
  • 32. Prevent Java from running • Hopefully by now everyone has deployed MS014-051. If not you should.. Soon. • Don’t deploy and assume you are done. Don’t accept Default Policies for this. • Starting with MS014-051 does out of date java blocking by default but allows users to circumvent.
  • 33. Mitigating the Java Problem with GPO’s • Before you do this… lock down trusted sites. Don’t allow users to circumvent security by putting stuff in trusted sites without a vetting process • Don’t allow users to “run this time” If Java is out of Date. Lock it down • Allow out of date java to sites that are business critical only.
  • 34. Java Resources For Mitigation • http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins- blocking-out-of-date-activex-controls.aspx • http://blogs.msdn.com/b/askie/archive/2014/08/12/how-to-manage- the-new-quot-blocking-out-of-date-activex-controls-quot-feature- in-ie.aspx
  • 35. Java Active X Blocking • Computer ConfigurationAdministrative TemplatesWindows ComponentsInternet ExplorerSecurity FeaturesAdd On Management
  • 36. Java Active X Blocking
  • 37. Java Active X Blocking
  • 38. Java Active X Blocking
  • 39. Java Active X Blocking
  • 40. Bonus: Block Flash too.. High Security Environments
  • 42. Hardening Adobe Reader/Writer • Adobe Enterprise Toolkit http://www.adobe.com/devnet-docs/ acrobatetk/index.html • Application Security Overview http://www.adobe.com/devnet-docs/ acrobatetk/tools/AppSec/index.html • Adobe Customization Wizard (Use this)ftp://ftp.adobe.com/pub/adobe/acrobat/win/11.x/11.0.00/misc/ • NSA guidelines for Adobe XI in Enterprise Environments (Use This) https://www.nsa.gov/ia/_files/app/Recommendations_for_Configuring _Adobe_Acrobat_Reader_XI_in_a_Windows_Environment.pdf
  • 43. Hardening Adobe Reader/Writer • Don’t give people a chance to disable Protected mode, protected view, and enhanced security • For high security environments disable Javascript. Disable URL links.. Don’t allow flash content to be viewed in PDF’s << Very bad • Patch often and ASAP • Hook in with EMET to enhance exploit mitigation
  • 45. Admin Passwords • Disable Admin Passwords • If you can’t disable then Randomize it.. Per machine.. • Sans SEC 505.. Awesome course… • http://cyber-defense.sans.org/blog/2013/08/01/reset-local-administrator- password-automatically-with-a-different-password-across- the-enterprise
  • 46. Cryptography • Truecrypt << my advice is to please stay away from this. • http://istruecryptauditedyet.com/ • 2nd part of the audit is very important as it deals with Cryptanalysis and RNG’s. If the RNG’s are weak or in a predictable state such as Dual Elliptic Curve. Truecrypt users will be in trouble. • Developers were never known..
  • 47. Cryptography • If you use bitlocker… Please enforce AES 256. Bitlocker defaults to AES 128 • Kill Secrets from memory.. • Starting in Windows 8.1 Pro versions come packed with bitlocker • 2008 Servers and above have it to • Encrypt all your things……There is no reason not to.