itcamp 2011 - paula januszkiewicz - 10 deadly sins of windows administrators
TRANSCRIPT
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
Paula Januszkiewicz
CQURE: IT Security Auditor, MVP, MCT
http://blogs.technet.com/plwit/
10 Deadly Sins of Administrators in regards to Windows Security
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
IT Camp 2011
• Thanks for coming!
• ITCamp is made possible by our sponsors:
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
http://facebook.com/MVPpress
http://twitter.com/MVPpress
Follow us on:
MVP-Press Training Course
Planning, Deploying and Managing Microsoft Forefront Threat Management Gateway 2010 Available for online purchase: http://www.mvp-press.com
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
Agenda
1 2 3
Intruduction
Top 10 Sins: From bottom to top
Summary
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
2
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
9. Insecure Internet Browsing
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
DEMO
Insecure Internet Browsing / Publishing Data
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
8. Lack of updates @itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
7. Lack of Encryption
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
DEMO
SMB vs. IPSec
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
6. WYSI (NOT) WYG @itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
DEMO
Explorer.exe Misinterpretation, BackupRead/ BackupWrite
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
5. Network Monitoring
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
DEMO
Evil WebSite, Files over DNS, Files over ICMP
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
4. Pirated Software
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
DEMO
Malware
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
3. Lack of Backup Mechanisms
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
DEMO
MoveFileEx
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
2. Lack of Training @itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
DEMO
Image Hijacks
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
1. Lack
of
Documentation
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
DEMO
PowerShell, Autoruns
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
Life without passwords…
10. Weak Passwords
Summary
9. Insecure Internet Browsing
8. Lack of Regular Updates
7. Lack of Encryption
6. WUSI (NOT) WUG
5. Lack of Network Monitoring
4. Using Pirated Software
Top 10 List
3. Lack of Backup Mechanisms
2. Lack of Training
1. Lack of Documentation
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
Be Proactive!
• Infrastructure must be well documented
• Split and rotate tasks between admins
• Use the legal code
• Perform periodical checks – Autoruns
– Kernel Level Files
– Network Traffic
– Processes
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
Network Layers (In) Security
• http://northamerica.msteched.com/topic/details/SIM314?fbid=cCOEzy8IHuN
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
Q&A
@itcampro / #itcampro Premium conference on Microsoft’s Dev and ITPro technologies
Don’t forget!
Get your free Azure pass!
• 30+15 days, no CC req’d
– http://bit.ly/ITCAMP11
– Promo code: ITCAMP11
We want your feedback!
• Win a WP7 smartphone
– Fill in your feedback forms
– Raffle: end of the day