itcamp 2012 - paula januszkiewicz - stronghold to strengthen

itcampro @ itcamp12 # Premium conference on Microsoft technologies

Private &

Public Cloud ITCamp 2012 sponsors


Private &

Public Cloud Agenda

1 2 4

Intruduction

Hardening Techiques Summary

3

Infrastructure Techniques


Private &

Public Cloud Hacker Role in IT Development

• Hackers make IT security world running

• Hackers encourage us to be up to date

• Hackers test the newest technology

What is the security

trend?

8

19790509


Private &

Public Cloud Security Intelligence Report

http://www.microsoft.com/security/sir/


Private &

Public Cloud Agenda

1 2 4

Intruduction

Hardening Techiques Summary

3

Infrastructure Techniques


Private &

Public Cloud

External Views


Demo


Private &

Public Cloud Test Your Users

• Play a social engineer role

• Monitor them…

• …and show you do it

• Break users’ passwords

• Train them well


Demo


Private &

Public Cloud Know At Least One Scripting Language

• Hackers love scripts

– Perl

– Python

• You should love PowerShell 2.0

– Server Role management modules

– Server management

– Remoting

– Microsoft Common Criteria


Demo

Incorrect Access Control Lists


Demo


WYSI (NOT) WYG


Demo


Private &

Public Cloud Use Debugger

• Variable choices:

– SoftICE

–WinDbg

–DEBUG

– IDA Pro

• One idea:

– To look through the code and data structures

• Administrators: Crash dump analysis

• Process Explorer

Picture: commons.wikimedia.org


Demo


Private &

Public Cloud Network Monitoring

• Watch for protocol anomalies

– Data can leak through the data field

– Watch for protocols used not only for data transfers

• Monitor the traffic

– Unfortunately some traffic may happen only once a month


Demo


Private &

Public Cloud Agenda

1 2 3

Hacker role in IT development

Hacker Techniques and Demos

Things you should remember and summary


Demo

Lack of General Revisions


Lack of Training


Private &

Public Cloud Keep Your Knowledge Up To Date

• Know law regulations in your country

• IT resources – Mailing Lists

– Blogs / RSS

– Webcasts

• Security bulletins – Microsoft

– SANS

– ISS


Private &

Public Cloud Have Your Own Toolkit

• Internet Browser is sometimes enough

• CMD and build-in system tools

• Specialist tools

• Your own scripts

• Social engineering skills

• PowerShell 2.0/3.0


[email protected]

Thank you!

itcamp 2012 - paula januszkiewicz - stronghold to strengthen

Technology

itcamp12 premium conference

microsoft technologies

itcamp12premium conference

date private public

usersprivate public

sponsors private public

lack of general revisions

hacker techniques