Hey you... Stay away from my network - Techinsights 2011 SEA

Hey you… Stay away from my network…

Esmaeil SarabadaniSystems and Security ConsultantRedynamics Asia Sdn. Bhd.

What will be covered…

• Cloud computing, Social Networking and the Information Leak

• Social Engineering• Port Scanning and Nmap• Vulnerability scanning with MBSA &

Nessus• Microsoft Security Response Center• Enhanced Mitigation Experience Toolkit• Security Best Practices

The world is changing …

Cloud Computing…

Revealing Information…

Social Networks vs. Social EngineeringThere is no patch for human stupidity!

What kind of risk ?!!

• Employees reveal so much information about the company.

• Hackers create fake Facebook profiles pretending to be your colleagues.

• Convincing the employees to click on malicious URLs that they post on Facebook.

• People leave their:• Phone numbers• Photos• Status messages containing very important

information

What kind of risk ?!!

How much would you get to sell out your colleague?

Would you accept 1000 USD to give out a simple document from inside the company?

• How about 10,000 USD ???• How about 100,000 USD ???

Do you trust everyone at work?

How do you realize if someone is the bad guy?

Educate your users and employees...

Let them know about the threats...

Do not block Facebook to them at work…

Evaluate their awareness every now and then…

Step 1Reconnaissance

Step 2Initial intrusion

into the network

Step 3Establish a

backdoor into the network

Step 4Obtain user credentials

Step 5Install various

utilities

Step 6Privilege escalation /lateral movement /data exfiltration

Step 7Maintain

persistence

The Steps in Hacking

Port ScanningScanning the target computer to detect the open ports.

• Detect Open Ports• Detect the services behind those

ports• Find security vulnerabilities of those

services• Attack the vulnerabilities

What hackers do…

DEMONmap

Vulnerability Scanning

Scanning the target computer:

• For possible security bugs and vulnerabilities

• For open and filtered ports• To detect the target OS• To get a solution to fix the

bug• To get a link for the exploits

DEMONessus & MBSA

• Discovering Vulnerabilities in Microsoft Products

• Releasing Security Updates, Patches and Service Packs

• Advanced Update Notifications

• Microsoft Security Essentials

• Malicious Software Removal Tool

What if Hackers are Faster ?!!

Security Vulnerability

Exploit

Security Patch

1 week

3 Days

Enhanced Mitigation Experience Toolkit(EMET v 2.1)

• Uses Security Mitigation Technologies

• Makes it Difficult to Exploit the 0-Day Bugs on Systems

• Can Cover Security Bugs on any Softwares on the System

DEMOEnhanced Mitigation Experience Toolkit

Security Best Practices

Security and complexity are often inversely proportional.Begin your security design from the clients.

Be thorough.Your security is only as strong as your weakest link.

Q&AQuestions & Answers

Resources

Email: e.sarabadani@gmail.com

Blog: http://esihere.wordpress.com/

Useful websites: http://technet.microsoft.com/ http://www.insecuremag.com/http://technet.microsoft.com/en-us/edge/ff524488

Twitter: http://www.twitter.com/esmaeils

Win Cool Prizes!!!Required slide

Complete the Tech Insights contests and stand a chance to win many cool prizes…

Look in your conference bags NOW!!

We value your feedback!Required slide

Please remember to complete the overall conference evaluation form (in your bag) and return it to the Registration Counter on the last day in return for a Limited Edition Gift