The Ultimate Windows 10 Hardening Guide: What to Do to Make Hackers Pick Someone Else

Similar documents
Windows Devices. Device Capabilities. Premium. Entry

Windows 10 The Ultimate Beginners Guide

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

OWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP

Useful Hacking Series

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

CIS Controls Measures and Metrics for Version 7

CIS Controls Measures and Metrics for Version 7

Hackveda Training - Ethical Hacking, Networking & Security

WINDOWS 10 ENTERPRISE New Security Features

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

Solutions Business Manager Web Application Security Assessment

Web Application Security. Philippe Bogaerts

Security issues. Unit 27 Web Server Scripting Extended Diploma in ICT 2016 Lecture: Phil Smith

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

Application vulnerabilities and defences

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

Your Turn to Hack the OWASP Top 10!

Tanium Protect User Guide. Version 1.0.7

NET 311 INFORMATION SECURITY

Client Portal FAQ's. Client Portal FAQ's. Why is the Portal more secure?

Penetration Testing with Kali Linux

(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection

DreamFactory Security Guide

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

BIG-IP Access Policy Manager : Portal Access. Version 12.1

Is Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection

How Shielded VMs Protect Your Data

DEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology

Computer Security 3e. Dieter Gollmann. Chapter 18: 1

Independent DeltaV Domain Controller

OWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13

Requirements from the Application Software Extended Package for Web Browsers

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Working with Applications Lesson 7

Operating system hardening

Privileged Identity App Launcher and Session Recording

Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma

INF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015

Objectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats

Module 14: SQL Injection

CompTIA. PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo. m/

Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013

Quick Lockdown Guide. Firmware 6.4

Excerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Application security : going quicker

Mobile Trends And The New Threats Is Your SAP System Vulnerable to Cyber Attacks? Stephen Lamy, Virtual Forge

Windows 10 Security & Audit

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

Chat with a hacker. Increase attack surface for Pentest. A talk by Egor Karbutov and Alexey Pertsev

W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s

Webapps Vulnerability Report

BREAKTHROUGH CYBER SECURITY FREQUENTLY ASKED QUESTIONS

GOING WHERE NO WAFS HAVE GONE BEFORE

Don t blink or how to create secure software. Bozhidar Bozhanov, LogSentinel

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Release Notes McAfee Application Control 6.1.0

PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick

Release Notes Version 7.8

Host. Computer system #1. Host Hardening

Secure Programming Techniques

Tanium Protect User Guide. Version 1.2.0

Penetration Testing. James Walden Northern Kentucky University

The 3 Pillars of SharePoint Security

Training for the cyber professionals of tomorrow

Tabular Presentation of the Application Software Extended Package for Web Browsers

CompTIA A+ Certification ( ) Study Guide Table of Contents

CNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components

epldt Web Builder Security March 2017

BIG-IP Access Policy Manager : Portal Access. Version 13.0

Application Security Introduction. Tara Gu IBM Product Security Incident Response Team

Practical Network Defense Labs

P2_L12 Web Security Page 1

Ruby on Rails Secure Coding Recommendations

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Web Application Penetration Testing

Why bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?

Security: The Key to Affordable Unmanned Aircraft Systems

Windows 10 and the Enterprise. Craig A. Brown Prepared for: GMIS

OAuth 2 and Native Apps

Configuring F5 for SSL Intercept

CSCD 303 Essential Computer Security Fall 2017

WebsitePanel User Guide

CSCE 813 Internet Security Case Study II: XSS

Integrity attacks (from data to code): Malicious File upload, code execution, SQL Injection

Remote Desktop Web Connection Activex Control Could Not Be Installed Xp

GSE/Belux Enterprise Systems Security Meeting

INCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1

Executive Summary. Flex Bounty Program Overview. Bugcrowd Inc Page 2 of 7

UTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Copyright

Imperva Incapsula Website Security

Transcription:

The Ultimate Windows 10 Hardening Guide: What to Do to Make Hackers Pick Someone Else Paula Januszkiewicz CQURE: CEO, Penetration Tester CQURE Offices: New York, Dubai, Warsaw MVP: Enterprise Security, MCT paula@cqure.us http://cqure.us @paulacqure @CQUREAcademy #win10tour

Agenda

Tools! Check out the following links:

http://www.taggarts.co.uk/hyundai/news/i30-at-knowsley-safari-park

Agenda

Step 1: Monitor DNS Queries For example: What if RevDNS of Hackers.cn IP says it is Microsoft.com? Nothing if we remember that our DNS has resolved the hackers.cn name!

DNS to Rely On The DNS protocol perspective

Step 2. Sanitize Network Data Nothing but an inappropriate data sanitization Black list approach: deny eg. <script>, --, ;,../ White list approach: define what you accept Regular expressions SQL Injection, Directory Traversal, escape sequences, XSS

Shell is shocked The operating system perspective

Step 3: Actively Monitor Your Servers Applocker blocks unwanted software Sysmon will inform you when someone starts a process or connection or changes the file date System logs (Process creation details) Sysmon enhances built in functionalities It can be used for malware or unwanted activity discovery

Sysmon Demonstration The administrator s perspective

Step 4: Web Server Check Patch and upgrade the Web server application Remove/disable unnecessary services, apps, and sample content Install Web content on a dedicated hard drive or logical partition Limit uploads to filesystem and disable directory browsing Define a single directory for all external scripts or programs executed as part of Web content Disable the use of hard or symbolic links Use service accounts with strictly defined privileges Define a complete Web content access matrix that identifies which folders and files are restricted and which are accessible by whom Use host-based IDS/IPS and/or file integrity checkers Protect backend server (e.g., database server) from command injection attacks at both the Web server and the backend server

How much web could a web-check check? The web perspective

Step 5: Centralize your logs Logs for critical systems should be stored outside the server Can help us to correlate different logs and events Helps to maintain the legal proof after attack Available solutions Operating system built in: subscriptions, scripts Other products: SCOM, Splunk, SolarWinds, WhatsUpGold, TripWire & other (see: Gartner) Search for: Top 47 Log Management Tools

Sysmon Demonstration The bad guys perspective

Step 6A: EMET - Protection From Injection Helps prevent vulnerabilities in software from being successfully exploited Protection mechanisms: Data Execution Prevention (DEP) Structured Exception Handler Overwrite Protection (SEHOP) Address Space Layout Randomization (ASLR) Certificate Trust (Pinning)

Secure Boot Includes Secure Firmware Updates and Platform Secure Boot Kernel Mode Code Integrity (KMCI) User Mode Code Integrity (UMCI) AppLocker Platform Secure Boot UEFI Secure Boot KMCI UMCI AppLocker ROM/Fuses Bootloaders Native UEFI Windows OS Loader Windows Kernel and Drivers 3 rd Party Drivers User mode code (apps, etc.)

Code.Stopper The workstation perspective

Step 7: Malicious File Review /OpenAction and /AA defines the script or action to run automatically /Names, /AcroForm, /Action can also specify and launch scripts or actions /JavaScript specifies JavaScript to run /GoTo* changes the view to a destination within the PDF or in another PDF file /Launch launches a program or opens a document /URI accesses a resource by its URL /RichMedia can be used to embed Flash in PDF /ObjStm can hide objects inside an Object Stream

Perfectly Designed File? The file perspective

Step 8: Data Caching Hashes, Passwords from browsers and applications Temporary files, RDP cache Search, browsing history Profile and folder redirection Set cached logon policy

Cache the hash The good practice perspective

Step 9: Use Host-Based Firewall Edge firewall does not provide that function

It is not obvious. It isn't.. The remote connection perspective

Agenda

Summary

Tools! Check out the following links:

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback