top 10 things to stay out of the news
play

Top 10 Things to Stay Out of the News Ron Schlecht Intro Ron - PowerPoint PPT Presentation

Top 10 Things to Stay Out of the News Ron Schlecht Intro Ron Schlecht , Managing Partner 18 years of Information Security experience G Contracting, Law Enforcement, Consulting, CISO Founded BTB Security in 2006 Company Profile


  1. Top 10 Things to Stay Out of the News Ron Schlecht

  2. Intro • Ron Schlecht , Managing Partner • 18 years of Information Security experience – G Contracting, Law Enforcement, Consulting, CISO – Founded BTB Security in 2006

  3. Company Profile Company Profile • The BTB Group, LLC / BTB Security – Founded in 2006 – Offices in Philadelphia, Chicago, Austin – coverage nationally – Backgrounds include years of experience with Big Four and similarly sized organizations, and experience building, managing, and operating corporate security groups. – 3 partners • Brian Bailey, Managing Partner (Chicago) • Chris McGinley, Managing Partner (Philly) • Ron Schlecht, Founder / Managing Partner (Philly)

  4. What we do We are hackers …well…not exactly like that

  5. These days • A lot of breaches in the news • We see that a lot of environments are vulnerable to simple issues

  6. What we find • Some attacks are complicated… • But most take advantage of simple misconfiguration

  7. Top Security Controls This talk will focus on the top security controls that can be implemented with low cost and low impact to your network, ensuring maximum ROI of your Domain Admin’s valuable time.

  8. 1-Separate DA from “everyday” Accounts Domain Admin Account

  9. 2-Separate DA Password Policy

  10. 3-DA is Allowed to only Log in to Domain Controllers

  11. 4-Delegate Rights to Users (Restrict User Access)

  12. 4-Delegate Rights to Users (Restrict User Access)

  13. 5-Disable Cached Credentials

  14. 6-Microsoft Security Compliance Manager

  15. 7-Disable NULL Sessions

  16. 8-Disable LLMNR/NBNS Protocols LL What? NB Who? Link-Local Multicast Name Resolution and NetBIOS Naming Service 1)Hosts File 2)DNS Server 3)LLMNR Multicast or NBNS Broadcast

  17. 8-Disable LLMNR/NBNS Protocols

  18. 9-Set SMB Signing to Enabled and Required http://btbsecurity.com/resources/videos/204-smbrelay-and- llmnr-zero-to-breach-in-ten-minutes

  19. 10-Do Not Store Passwords within Group Policy Preferences (GPP)

  20. 10-Do Not Store Passwords within Group Policy Preferences (GPP)

  21. #Bonus 1 - Disable Interactive Logon for Service Accounts

  22. #Bonus 2 - Use Managed Service Accounts

  23. #Bonus 3 - Use NTLMv2 and Set it to Required

  24. #Bonus 4 - Who can Add Workstations to your Domain?

  25. #Bonus 5 - Disable Powershell and CMD

  26. Questions? Ron Schlecht ron.schlecht@btbsecurity.com

Recommend


More recommend