SlideShare a Scribd company logo

System hardening - OS and Application

Download as PPTX, PDF
E
edavid2685

OS System and Application Hardening

Technology
1 of 48
System Hardening Windows OS Clients and Applications
About me.. • This talk really shouldn’t be about me.. Its about you.. • This community is about educating each other and making things better
What is this talk about? • Hardening Microsoft OS’s for Domain and Standalone computers • Large Scale EMET deployments • How to approach Java problem if you run out of date versions • Adobe Acrobat customization according to NSA standards • Local Admin accounts and Passwords and what to do about them • Cryptography – Some brief thoughts
OS Security references • Microsoft Security Compliance Manager - http://technet.microsoft.com/en-us/library/cc677002.aspx • Center for Internet Security Benchmarks** - https://benchmarks.cisecurity.org/downloads/multiform/index.cfm • DISA Stigs - http://iase.disa.mil/stigs/os/windows/Pages/index.aspx
CIS Security Benchmarks • Recommended technical control rules/values for hardening operating systems • Distributed free of charge by CIS in .PDF format • Where to Begin?? • Incident Response and SSLF.. Flip up the guide for your audience!
Microsoft SCM Current Baselines
MS Security Compliance Manager • Exporting Group Policy Objects in your environment and re-import into SCM • Mix and Merge two separate security baselines to remediate issues or consolidate security • No Active Directory? Apply Policy through Local GPO Tools
Inventory Your current Security Posture (If Any) • Security Policies can easily be exported from Group Policy Management Console and re-imported into Microsoft Security Compliance Manager • Two options to mix and merge: Compare with SCM pre-populated baselines or build your own based upon CIS PDF’s • My preference is to build based upon CIS and take security to the maximum hardened limit. (Ex. Earlier Win7 CIS gave Self Limited Functionality Profiles SSLF for high security environments)
Warning: You will Break Stuff!
Troubleshooting Hardening issues • Easiest method is to have a container set up in Active Directory with all group policy inheritance blocked. • Apply your OS Hardening Policies through the local GPO tool. This tool is available when you install Security Compliance Manager. • Installer Can be found in C:Program Files (x86)Microsoft Security Compliance ManagerLGPO << After SCM Install
Why troubleshoot CIS with LGPO Tool • Instead of having your sever admins randomly shut group policies off at the server level you can rapidly respond to testing by locally turning off policies • It’s a needle in a haystack approach. Most issues you deal with will probably be around network security and authentication hardening • Works great if you want to applied hardened OS policies in standalone high security environments
A few other things • The concept of least privilege should always be used (UAC) • Getting asked even by IT folks to turn it off (UAC) • Limit Admin accounts. Secondary admin accounts are better. Never use admin accounts to browse or do daily tasks on your network • Autorun should be one of the first things you disable in any org. It’s a quick hit with minimal impacts to end users • Enforce the firewall from getting turned off. Use Domain firewall profiles heavily. While restricting public and home profiles. • Be careful with Audit policies. Too much audit information can be a bad thing in logs
A few other things continued • Debug programs.. No one should have access to do this. PG. 76 • Limit the amount of remotely accessible registry path’s. (Take note Windows 7 remote registry services has to be manually started. ) This should be disabled Pg. 133 • Lan Manager Authentication Level: Enforce NTLMv2 and Refuse LM and NTLM << This should be non negotiable IE. Pass the Hash Pg. 137 • For High security environments don’t process legacy and run once list << Could lead to other issues with certain applications and driver applications. Use cautiously. • Prevent computers from Joining Homegroups.. BYOD issues PG 169
But Wait….I HAZ Shells
Disable Remote Shell Access • Remote Shell Access pg160 • You need to decide if it’s worth it for you to really have remote shell access. • Reduce your attack surface… This is what OS hardening is all about
Lets have a talk about Large Scale EMET deployments (5,000 Machines and More)
EMET Large Scale deployments • Resources • Customizing • Scaling • Group Policy • Where does everything fit and in what order?
EMET Resources • Kurt Falde Blog (http://blogs.technet.com/b/kfalde/) • Security Research and Defense Blogs (http://blogs.technet.com/b/srd/) • EMET Social Technet Forum (http://social.technet.microsoft.com/Forums/security/en- US/home?forum=emet) • EMET Pilot Proof of Concept Recommendations (http://social.technet.microsoft.com/wiki/contents/articles/23598.emet-pilot- proof-of-concept-recommendations.aspx) • EMET Know Application Issues Table (http://social.technet.microsoft.com/wiki/contents/articles/22931.emet-known- application-issues-table.aspx)
Avoiding EMET “Resume Generating Events”
What to avoid with EMET deployments • Do not immediately add popular or recommended XML profiles to EMET. Attaching EMET to processes and not vetting them in a organization is not a good idea. • Do not use Group Policy out of the gate. Instead inject with local policies first to vet out problems. • Use System Wide DEP settings cautiously. You may uncover applications, even though not hooked into EMET, crashing because of system wide DEP. Use “Application Opt In” is a safer solution
EMET Customization • Base MSI • Exporting custom XML and using EMET_Conf to push settings • Registry import to policy key for EMET. Acts as local group policy.
Using EMET_Conf
EMET_Conf (cont.) • Use EMET_Conf --delete_all to remove all application mitigation settings and certificate trust configurations • Built your own settings… Then Export… Export will be in a .xml file • Reimport by using EMET_Conf --import.xml • If you script emet_conf to push out settings include HelperLib.dll, MitigationInterface.dll, PKIPinningSubsystem.dll, SdbHelper.dll
EMET Policies
Injecting EMET policies into Registry
Starting out with EMET • Start out with highest risk applications first. Start with browsers (Internet Explorer, Firefox, Chrome, Opera) • Move onto Adobe Reader/writer, Java. • High risk exploited apps should always be first
The Java Problem • Malicious actors are using trusted applications to exploit gaps in perimeter security. • Java comprises 91 percent of web exploits; 76 percent of companies using Cisco Web Security services are running Java 6, an end-of-life, unsupported version. • “Watering hole” attacks are targeting specific industry-related websites to deliver malware. Source: Cisco 2014 Annual Security Report (http://www.cisco.com/web/offers/l p/2014-annual-security-report/ index.html)
The Java Problem Continued • Corporations rely on Out of Date versions • The “Pigeon Hole” Effect. I can’t upgrade Java because you will break my critical business app. • Virtualizing can be a expensive solution • But my AV will stop it! << Probably not… • Oracle EOL Java 6 but paid support can extend this.. << too expensive • Java is a security nightmare and a application administrators worst enemy
The Java problem continued
Prevent Java from running • Hopefully by now everyone has deployed MS014-051. If not you should.. Soon. • Don’t deploy and assume you are done. Don’t accept Default Policies for this. • Starting with MS014-051 does out of date java blocking by default but allows users to circumvent.
Mitigating the Java Problem with GPO’s • Before you do this… lock down trusted sites. Don’t allow users to circumvent security by putting stuff in trusted sites without a vetting process • Don’t allow users to “run this time” If Java is out of Date. Lock it down • Allow out of date java to sites that are business critical only.
Java Resources For Mitigation • http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins- blocking-out-of-date-activex-controls.aspx • http://blogs.msdn.com/b/askie/archive/2014/08/12/how-to-manage- the-new-quot-blocking-out-of-date-activex-controls-quot-feature- in-ie.aspx
Java Active X Blocking • Computer ConfigurationAdministrative TemplatesWindows ComponentsInternet ExplorerSecurity FeaturesAdd On Management
Java Active X Blocking
Java Active X Blocking
Java Active X Blocking
Java Active X Blocking
Bonus: Block Flash too.. High Security Environments
End Results
Hardening Adobe Reader/Writer • Adobe Enterprise Toolkit http://www.adobe.com/devnet-docs/ acrobatetk/index.html • Application Security Overview http://www.adobe.com/devnet-docs/ acrobatetk/tools/AppSec/index.html • Adobe Customization Wizard (Use this)ftp://ftp.adobe.com/pub/adobe/acrobat/win/11.x/11.0.00/misc/ • NSA guidelines for Adobe XI in Enterprise Environments (Use This) https://www.nsa.gov/ia/_files/app/Recommendations_for_Configuring _Adobe_Acrobat_Reader_XI_in_a_Windows_Environment.pdf
Hardening Adobe Reader/Writer • Don’t give people a chance to disable Protected mode, protected view, and enhanced security • For high security environments disable Javascript. Disable URL links.. Don’t allow flash content to be viewed in PDF’s << Very bad • Patch often and ASAP • Hook in with EMET to enhance exploit mitigation
Adobe Demo
Admin Passwords • Disable Admin Passwords • If you can’t disable then Randomize it.. Per machine.. • Sans SEC 505.. Awesome course… • http://cyber-defense.sans.org/blog/2013/08/01/reset-local-administrator- password-automatically-with-a-different-password-across- the-enterprise
Cryptography • Truecrypt << my advice is to please stay away from this. • http://istruecryptauditedyet.com/ • 2nd part of the audit is very important as it deals with Cryptanalysis and RNG’s. If the RNG’s are weak or in a predictable state such as Dual Elliptic Curve. Truecrypt users will be in trouble. • Developers were never known..
Cryptography • If you use bitlocker… Please enforce AES 256. Bitlocker defaults to AES 128 • Kill Secrets from memory.. • Starting in Windows 8.1 Pro versions come packed with bitlocker • 2008 Servers and above have it to • Encrypt all your things……There is no reason not to.
Questions???

Recommended

Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Ahmed Mohamed Mahmoud
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNitheesh Adithyan
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 

Recommended

Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Ahmed Mohamed Mahmoud
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNitheesh Adithyan
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Web security
Web securityWeb security
Web securityJatin Grover
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and FirewallShafeeqaFarsana
 
Cyber security
Cyber securityCyber security
Cyber securityTaimoorArshad5
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in CybersecurityTeri Radichel
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
Email Security and Awareness
Email Security and AwarenessEmail Security and Awareness
Email Security and AwarenessSanjiv Arora
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and SolutionsUlf Mattsson
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptNitesh Dubey
 
Windows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationWindows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationMahendra Pratap Singh
 
IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
Hardening firefox, Securizar Mozilla Firefox
Hardening firefox, Securizar Mozilla FirefoxHardening firefox, Securizar Mozilla Firefox
Hardening firefox, Securizar Mozilla FirefoxPrivaciseguridad
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security HardeningTimothy Wood
 

More Related Content

What's hot

Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and FirewallShafeeqaFarsana
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in CybersecurityTeri Radichel
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
Email Security and Awareness
Email Security and AwarenessEmail Security and Awareness
Email Security and AwarenessSanjiv Arora
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and SolutionsUlf Mattsson
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptNitesh Dubey
 
Windows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationWindows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationMahendra Pratap Singh
 

What's hot (20)

Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Web security
Web securityWeb security
Web security
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
 
Cyber security
Cyber securityCyber security
Cyber security
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in Cybersecurity
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
 
Email Security and Awareness
Email Security and AwarenessEmail Security and Awareness
Email Security and Awareness
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and Solutions
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Windows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationWindows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for Investigation
 
IoT Security
IoT SecurityIoT Security
IoT Security
 

Viewers also liked

Hardening firefox, Securizar Mozilla Firefox
Hardening firefox, Securizar Mozilla FirefoxHardening firefox, Securizar Mozilla Firefox
Hardening firefox, Securizar Mozilla FirefoxPrivaciseguridad
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security HardeningTimothy Wood
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux SystemNovell
 
Getting started with GrSecurity
Getting started with GrSecurityGetting started with GrSecurity
Getting started with GrSecurityFrancesco Pira
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slideAlya Al Saadi
 
Hardening Linux Server Security
Hardening Linux Server SecurityHardening Linux Server Security
Hardening Linux Server SecurityIlham Kurniawan
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal IssuesIkuo Takahashi
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computingmovinghats
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 
Security Measure
Security MeasureSecurity Measure
Security Measuresyafiqa
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesFrank Lesniak
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Frank Lesniak
 
Security measures (Microsoft Powerpoint)
Security measures (Microsoft Powerpoint)Security measures (Microsoft Powerpoint)
Security measures (Microsoft Powerpoint)ainizbahari97
 

Viewers also liked (20)

Hardening firefox, Securizar Mozilla Firefox
Hardening firefox, Securizar Mozilla FirefoxHardening firefox, Securizar Mozilla Firefox
Hardening firefox, Securizar Mozilla Firefox
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security Hardening
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server Hardening
 
Ejecutables
EjecutablesEjecutables
Ejecutables
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux System
 
Getting started with GrSecurity
Getting started with GrSecurityGetting started with GrSecurity
Getting started with GrSecurity
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)
 
Router hardening project.slide
Router hardening project.slideRouter hardening project.slide
Router hardening project.slide
 
Hardening Linux Server Security
Hardening Linux Server SecurityHardening Linux Server Security
Hardening Linux Server Security
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal Issues
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by Steps
 
Linux Security
Linux SecurityLinux Security
Linux Security
 
Security Measures
Security MeasuresSecurity Measures
Security Measures
 
Security Measure
Security MeasureSecurity Measure
Security Measure
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security Baselines
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
 
Security measures (Microsoft Powerpoint)
Security measures (Microsoft Powerpoint)Security measures (Microsoft Powerpoint)
Security measures (Microsoft Powerpoint)
 

Similar to System hardening - OS and Application

GrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the CheapGrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the CheapJoel Cardella
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Teemu Tiainen
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summaryKarun Chennuri
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
ProdSec: A Technical Approach
ProdSec: A Technical ApproachProdSec: A Technical Approach
ProdSec: A Technical ApproachJeremy Brown
 
Open source: Top issues in the top enterprise packages
Open source: Top issues in the top enterprise packagesOpen source: Top issues in the top enterprise packages
Open source: Top issues in the top enterprise packagesRogue Wave Software
 
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious ServersRaleigh ISSA
 
Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...
Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...
Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...Theo Jungeblut
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...Mike Spaulding
 
Pentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionPentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionBeau Bullock
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Adrian Sanabria
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdfMarlboroAbyad
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
Build automation best practices
Build automation best practicesBuild automation best practices
Build automation best practicesCode Mastery
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...eG Innovations
 
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IVIncident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IVAlexander Sverdlov
 

Similar to System hardening - OS and Application (20)

GrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the CheapGrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the Cheap
 
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
ProdSec: A Technical Approach
ProdSec: A Technical ApproachProdSec: A Technical Approach
ProdSec: A Technical Approach
 
Open source: Top issues in the top enterprise packages
Open source: Top issues in the top enterprise packagesOpen source: Top issues in the top enterprise packages
Open source: Top issues in the top enterprise packages
 
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
 
Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...
Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...
Debugging,Troubleshooting & Monitoring Distributed Web & Cloud Applications a...
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
 
Pentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 EditionPentest Apocalypse - SANSFIRE 2016 Edition
Pentest Apocalypse - SANSFIRE 2016 Edition
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdf
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Build automation best practices
Build automation best practicesBuild automation best practices
Build automation best practices
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
 
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IVIncident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

System hardening - OS and Application

  • 1. System Hardening Windows OS Clients and Applications
  • 2. About me.. • This talk really shouldn’t be about me.. Its about you.. • This community is about educating each other and making things better
  • 3. What is this talk about? • Hardening Microsoft OS’s for Domain and Standalone computers • Large Scale EMET deployments • How to approach Java problem if you run out of date versions • Adobe Acrobat customization according to NSA standards • Local Admin accounts and Passwords and what to do about them • Cryptography – Some brief thoughts
  • 4. OS Security references • Microsoft Security Compliance Manager - http://technet.microsoft.com/en-us/library/cc677002.aspx • Center for Internet Security Benchmarks** - https://benchmarks.cisecurity.org/downloads/multiform/index.cfm • DISA Stigs - http://iase.disa.mil/stigs/os/windows/Pages/index.aspx
  • 5. CIS Security Benchmarks • Recommended technical control rules/values for hardening operating systems • Distributed free of charge by CIS in .PDF format • Where to Begin?? • Incident Response and SSLF.. Flip up the guide for your audience!
  • 7. MS Security Compliance Manager • Exporting Group Policy Objects in your environment and re-import into SCM • Mix and Merge two separate security baselines to remediate issues or consolidate security • No Active Directory? Apply Policy through Local GPO Tools
  • 8. Inventory Your current Security Posture (If Any) • Security Policies can easily be exported from Group Policy Management Console and re-imported into Microsoft Security Compliance Manager • Two options to mix and merge: Compare with SCM pre-populated baselines or build your own based upon CIS PDF’s • My preference is to build based upon CIS and take security to the maximum hardened limit. (Ex. Earlier Win7 CIS gave Self Limited Functionality Profiles SSLF for high security environments)
  • 9. Warning: You will Break Stuff!
  • 10. Troubleshooting Hardening issues • Easiest method is to have a container set up in Active Directory with all group policy inheritance blocked. • Apply your OS Hardening Policies through the local GPO tool. This tool is available when you install Security Compliance Manager. • Installer Can be found in C:Program Files (x86)Microsoft Security Compliance ManagerLGPO << After SCM Install
  • 11. Why troubleshoot CIS with LGPO Tool • Instead of having your sever admins randomly shut group policies off at the server level you can rapidly respond to testing by locally turning off policies • It’s a needle in a haystack approach. Most issues you deal with will probably be around network security and authentication hardening • Works great if you want to applied hardened OS policies in standalone high security environments
  • 12.
  • 13.
  • 14. A few other things • The concept of least privilege should always be used (UAC) • Getting asked even by IT folks to turn it off (UAC) • Limit Admin accounts. Secondary admin accounts are better. Never use admin accounts to browse or do daily tasks on your network • Autorun should be one of the first things you disable in any org. It’s a quick hit with minimal impacts to end users • Enforce the firewall from getting turned off. Use Domain firewall profiles heavily. While restricting public and home profiles. • Be careful with Audit policies. Too much audit information can be a bad thing in logs
  • 15. A few other things continued • Debug programs.. No one should have access to do this. PG. 76 • Limit the amount of remotely accessible registry path’s. (Take note Windows 7 remote registry services has to be manually started. ) This should be disabled Pg. 133 • Lan Manager Authentication Level: Enforce NTLMv2 and Refuse LM and NTLM << This should be non negotiable IE. Pass the Hash Pg. 137 • For High security environments don’t process legacy and run once list << Could lead to other issues with certain applications and driver applications. Use cautiously. • Prevent computers from Joining Homegroups.. BYOD issues PG 169
  • 17. Disable Remote Shell Access • Remote Shell Access pg160 • You need to decide if it’s worth it for you to really have remote shell access. • Reduce your attack surface… This is what OS hardening is all about
  • 18. Lets have a talk about Large Scale EMET deployments (5,000 Machines and More)
  • 19. EMET Large Scale deployments • Resources • Customizing • Scaling • Group Policy • Where does everything fit and in what order?
  • 20. EMET Resources • Kurt Falde Blog (http://blogs.technet.com/b/kfalde/) • Security Research and Defense Blogs (http://blogs.technet.com/b/srd/) • EMET Social Technet Forum (http://social.technet.microsoft.com/Forums/security/en- US/home?forum=emet) • EMET Pilot Proof of Concept Recommendations (http://social.technet.microsoft.com/wiki/contents/articles/23598.emet-pilot- proof-of-concept-recommendations.aspx) • EMET Know Application Issues Table (http://social.technet.microsoft.com/wiki/contents/articles/22931.emet-known- application-issues-table.aspx)
  • 21. Avoiding EMET “Resume Generating Events”
  • 22. What to avoid with EMET deployments • Do not immediately add popular or recommended XML profiles to EMET. Attaching EMET to processes and not vetting them in a organization is not a good idea. • Do not use Group Policy out of the gate. Instead inject with local policies first to vet out problems. • Use System Wide DEP settings cautiously. You may uncover applications, even though not hooked into EMET, crashing because of system wide DEP. Use “Application Opt In” is a safer solution
  • 23. EMET Customization • Base MSI • Exporting custom XML and using EMET_Conf to push settings • Registry import to policy key for EMET. Acts as local group policy.
  • 25. EMET_Conf (cont.) • Use EMET_Conf --delete_all to remove all application mitigation settings and certificate trust configurations • Built your own settings… Then Export… Export will be in a .xml file • Reimport by using EMET_Conf --import.xml • If you script emet_conf to push out settings include HelperLib.dll, MitigationInterface.dll, PKIPinningSubsystem.dll, SdbHelper.dll
  • 27. Injecting EMET policies into Registry
  • 28. Starting out with EMET • Start out with highest risk applications first. Start with browsers (Internet Explorer, Firefox, Chrome, Opera) • Move onto Adobe Reader/writer, Java. • High risk exploited apps should always be first
  • 29. The Java Problem • Malicious actors are using trusted applications to exploit gaps in perimeter security. • Java comprises 91 percent of web exploits; 76 percent of companies using Cisco Web Security services are running Java 6, an end-of-life, unsupported version. • “Watering hole” attacks are targeting specific industry-related websites to deliver malware. Source: Cisco 2014 Annual Security Report (http://www.cisco.com/web/offers/l p/2014-annual-security-report/ index.html)
  • 30. The Java Problem Continued • Corporations rely on Out of Date versions • The “Pigeon Hole” Effect. I can’t upgrade Java because you will break my critical business app. • Virtualizing can be a expensive solution • But my AV will stop it! << Probably not… • Oracle EOL Java 6 but paid support can extend this.. << too expensive • Java is a security nightmare and a application administrators worst enemy
  • 31. The Java problem continued
  • 32. Prevent Java from running • Hopefully by now everyone has deployed MS014-051. If not you should.. Soon. • Don’t deploy and assume you are done. Don’t accept Default Policies for this. • Starting with MS014-051 does out of date java blocking by default but allows users to circumvent.
  • 33. Mitigating the Java Problem with GPO’s • Before you do this… lock down trusted sites. Don’t allow users to circumvent security by putting stuff in trusted sites without a vetting process • Don’t allow users to “run this time” If Java is out of Date. Lock it down • Allow out of date java to sites that are business critical only.
  • 34. Java Resources For Mitigation • http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins- blocking-out-of-date-activex-controls.aspx • http://blogs.msdn.com/b/askie/archive/2014/08/12/how-to-manage- the-new-quot-blocking-out-of-date-activex-controls-quot-feature- in-ie.aspx
  • 35. Java Active X Blocking • Computer ConfigurationAdministrative TemplatesWindows ComponentsInternet ExplorerSecurity FeaturesAdd On Management
  • 36. Java Active X Blocking
  • 37. Java Active X Blocking
  • 38. Java Active X Blocking
  • 39. Java Active X Blocking
  • 40. Bonus: Block Flash too.. High Security Environments
  • 42. Hardening Adobe Reader/Writer • Adobe Enterprise Toolkit http://www.adobe.com/devnet-docs/ acrobatetk/index.html • Application Security Overview http://www.adobe.com/devnet-docs/ acrobatetk/tools/AppSec/index.html • Adobe Customization Wizard (Use this)ftp://ftp.adobe.com/pub/adobe/acrobat/win/11.x/11.0.00/misc/ • NSA guidelines for Adobe XI in Enterprise Environments (Use This) https://www.nsa.gov/ia/_files/app/Recommendations_for_Configuring _Adobe_Acrobat_Reader_XI_in_a_Windows_Environment.pdf
  • 43. Hardening Adobe Reader/Writer • Don’t give people a chance to disable Protected mode, protected view, and enhanced security • For high security environments disable Javascript. Disable URL links.. Don’t allow flash content to be viewed in PDF’s << Very bad • Patch often and ASAP • Hook in with EMET to enhance exploit mitigation
  • 45. Admin Passwords • Disable Admin Passwords • If you can’t disable then Randomize it.. Per machine.. • Sans SEC 505.. Awesome course… • http://cyber-defense.sans.org/blog/2013/08/01/reset-local-administrator- password-automatically-with-a-different-password-across- the-enterprise
  • 46. Cryptography • Truecrypt << my advice is to please stay away from this. • http://istruecryptauditedyet.com/ • 2nd part of the audit is very important as it deals with Cryptanalysis and RNG’s. If the RNG’s are weak or in a predictable state such as Dual Elliptic Curve. Truecrypt users will be in trouble. • Developers were never known..
  • 47. Cryptography • If you use bitlocker… Please enforce AES 256. Bitlocker defaults to AES 128 • Kill Secrets from memory.. • Starting in Windows 8.1 Pro versions come packed with bitlocker • 2008 Servers and above have it to • Encrypt all your things……There is no reason not to.