SlideShare una empresa de Scribd logo

TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment

Descargar como PPT, PDF
Dawn Yankeelov
Dawn Yankeelov

"Case Studies in Network Vulnerability Assessments" was presented by Chris Goggans, PatchAdvisor at the TALK Cybersecurity Summit 2017.

Tecnología
1 de 17
Case Studies in Network Vulnerability Assessments
About Chris  I am a VP and a Senior Security Engineer at PatchAdvisor  In 1991 I started one of the first companies to ever provide comprehensive penetration testing/vulnerability assessment services  I’ve examined networks in every industry sector, in dozens of countries
Industry Expertise
Network Vulnerability Assessments  Internal and external reviews  Validation of existing security mechanisms  Detailed analysis of networked devices and services  Not merely running a commercial scanning tool  Audit for policy compliance  Prioritized recommendations for improving security posture
Vulnerability Assessments: WHY?  Only realistic way to determine vulnerabilities  Get a baseline of vulnerability state  Prioritize remedial actions  Correct serious problems quickly  Assure that policies address real vulnerabilities  Industry best practice
Vulnerability Assessments: HOW?  Internet-based attack  Preferably, should include in-depth web application assessments  On-site engagement  Internal attacks  Simultaneous war dialing / wireless / partner connections  Initial out-briefing  Report delivery  Executive briefing
Web Application Assessments  Comprehensive evaluation of application  Network perspective  Server configuration  Software settings  Authenticated and Unauthenticated attacks  Emulate both internet-based attacker, and valid user exceeding authorized access  Examine applications for all types of security issues  SQL Injection  XSS/CSRF  Buffer Overflows  Cookie Manipulation  URL Replay attacks  Denials of Service
How PatchAdvisor Sees A Network
The Most Common Issues  Patch management  Nearly every organization I have examined has been woefully behind in patches, especially on Non-OS/3rd party applications  Misconfigured Services  Insecure file shares, poor access control, default settings  Poor Coding  Vulnerable web applications, desktop applications & mobile apps  Passwords  Weak passwords and poor password discipline are still the number one mechanism used by attackers to gain access
Attacks Can Start Anywhere…  Unpassworded TELNET access into print server  SNMP Read/Write community string exposed in printer configuration menu  Community string also used on devices such as routers, switches, etc.  “Level 7” hashes in Cisco config files exposed the password “mbhafnitsoscar”  This password also used by a Windows Domain Administrator  Windows Domain also tied to NetWare eDirectory  In total, compromise of nearly 15,000 accounts and 99.99% of all systems and network devices…all from one insecure printer
Real War Stories – Healthcare  Internet scans found a SharePoint Server with some limited unauthenticated access  Search queries exposed numerous documents with “password”  One was a set of instructions for training new users on electronic medical records application  This included a Windows domain account and password  This account and password gave access through a Citrix remote desktop server  This gave us access to the organization’s Internal network  NOTE: I have followed this same attack path to compromise other entities, including banks, law firms, and insurance companies
Real War Stories – Hedge Fund  During internal network assessment, NetBIOS name spoofing exposed numerous accounts  System Administrators appeared to be remotely connecting to Windows-based systems as the Administrator account  Password was quickly cracked  Same local administrator password was used on EVERY workstation and server
Real War Stories – Government Agency  On the internal network several Isilon file servers were found  HDFS was running without any access control restrictions set  One directory on the file server had virtual machine images  Pulled down copies and loaded them under local VMware workstation on our attacker laptops  Extracted usernames and passwords from the virtual machine by first booting to virtual CD image of kon-boot and bypassing local login  Could have also gained access by replacing “sticky keys app”, copying SAM and SYSTEM files, etc.  Local administrator-level accounts recovered worked on numerous other servers  Used Mimikatz to recover accounts from each of the additional systems and exposed numerous Domain Administrator-level accounts  This led to the compromise of several thousand Windows-based systems
Real War Stories - Financial Industry  On the internal network there were numerous systems running server-based JAVA applications  Many were commercial applications from major industry leaders (IBM, HP, VMware, etc.)  Numerous attacks over JavaRMI led to remote code execution  Missing patches, insecure libraries, unauthenticated access to JMX consoles, etc.  Extracted cached accounts and plaintext passwords using Mimikatz program including Domain Administrator-level accounts
The Inevitable Conclusion It’s not about perfect security; it’s about DUE DILIGENCE. “Given the inevitability of computer losses, you’ll be judged not by whether you were the victim of an attack, but by how well you planned for it." - Computer Security Institute
In Closing…  Due diligence requires a full spectrum of countermeasures  Vulnerability assessments are a critical component of successful security programs  Understand that your organization is not as unique as you think it is
PatchAdvisor, Inc 703-256-0156 5510 Cherokee Ave Suite 120 Alexandria, VA. 22312

Recomendados

Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
 
Ch09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsCh09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsInformation Technology
 
SWITZ Business Security. Official presentation!
SWITZ Business Security. Official presentation!SWITZ Business Security. Official presentation!
SWITZ Business Security. Official presentation!Maxim Sidorenko
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and RisksInformation Technology
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
Secure Code Warrior - Logging
Secure Code Warrior - LoggingSecure Code Warrior - Logging
Secure Code Warrior - LoggingSecure Code Warrior
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
Secure Code Warrior - Defense in depth
Secure Code Warrior - Defense in depthSecure Code Warrior - Defense in depth
Secure Code Warrior - Defense in depthSecure Code Warrior
 

Recomendados

Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkataamiyadutta
 
Ch09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsCh09 Performing Vulnerability Assessments
Ch09 Performing Vulnerability AssessmentsInformation Technology
 
SWITZ Business Security. Official presentation!
SWITZ Business Security. Official presentation!SWITZ Business Security. Official presentation!
SWITZ Business Security. Official presentation!Maxim Sidorenko
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and RisksInformation Technology
 
Best practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresBest practices to secure Windows10 with already included features
Best practices to secure Windows10 with already included featuresAlexander Benoit
 
Secure Code Warrior - Logging
Secure Code Warrior - LoggingSecure Code Warrior - Logging
Secure Code Warrior - LoggingSecure Code Warrior
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
Secure Code Warrior - Defense in depth
Secure Code Warrior - Defense in depthSecure Code Warrior - Defense in depth
Secure Code Warrior - Defense in depthSecure Code Warrior
 
Ch03 Protecting Systems
Ch03 Protecting SystemsCh03 Protecting Systems
Ch03 Protecting SystemsInformation Technology
 
Android security
Android securityAndroid security
Android securityKrazy Koder
 
VSEC LAN Security Assessment Service Profile
VSEC LAN Security Assessment Service ProfileVSEC LAN Security Assessment Service Profile
VSEC LAN Security Assessment Service ProfileVietnamese Network Security J.S.C
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinderObserveIT
 
"EL ATAQUE INTERNO"
"EL ATAQUE INTERNO""EL ATAQUE INTERNO"
"EL ATAQUE INTERNO"Jose Luis Balbiano
 
Security & Protection in Operating System
Security & Protection in Operating SystemSecurity & Protection in Operating System
Security & Protection in Operating SystemMeghaj Mallick
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Securityxsy
 
NetGains Infrastructure Security
NetGains Infrastructure SecurityNetGains Infrastructure Security
NetGains Infrastructure SecurityNetGains Technologies Pvt. Ltd.
 
www.more.net | University of Missouri
www.more.net | University of Missouriwww.more.net | University of Missouri
www.more.net | University of Missouriwebhostingguy
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkMark Jayson Fuentes
 
Windows Security in Operating System
Windows Security in Operating SystemWindows Security in Operating System
Windows Security in Operating SystemMeghaj Mallick
 
Fighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityFighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityDavid Zaizar
 
Client /server security overview
Client /server security overviewClient /server security overview
Client /server security overviewMohamed Sayed
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security RiskDedi Dwianto
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0Ayed Al Qartah
 
Industry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksIndustry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksMarcelo Silva
 
September 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionSeptember 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionKaseya
 
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008ClubHack
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testingankitmehta21
 

Más contenido relacionado

La actualidad más candente

Android security
Android securityAndroid security
Android securityKrazy Koder
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinderObserveIT
 
Security & Protection in Operating System
Security & Protection in Operating SystemSecurity & Protection in Operating System
Security & Protection in Operating SystemMeghaj Mallick
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Securityxsy
 
www.more.net | University of Missouri
www.more.net | University of Missouriwww.more.net | University of Missouri
www.more.net | University of Missouriwebhostingguy
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkMark Jayson Fuentes
 
Windows Security in Operating System
Windows Security in Operating SystemWindows Security in Operating System
Windows Security in Operating SystemMeghaj Mallick
 
Fighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityFighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityDavid Zaizar
 
Client /server security overview
Client /server security overviewClient /server security overview
Client /server security overviewMohamed Sayed
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security RiskDedi Dwianto
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0Ayed Al Qartah
 
Industry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksIndustry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksMarcelo Silva
 
September 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionSeptember 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionKaseya
 

La actualidad más candente (20)

Ch03 Protecting Systems
Ch03 Protecting SystemsCh03 Protecting Systems
Ch03 Protecting Systems
 
Android security
Android securityAndroid security
Android security
 
VSEC LAN Security Assessment Service Profile
VSEC LAN Security Assessment Service ProfileVSEC LAN Security Assessment Service Profile
VSEC LAN Security Assessment Service Profile
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder
 
"EL ATAQUE INTERNO"
"EL ATAQUE INTERNO""EL ATAQUE INTERNO"
"EL ATAQUE INTERNO"
 
Security & Protection in Operating System
Security & Protection in Operating SystemSecurity & Protection in Operating System
Security & Protection in Operating System
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Security
 
NetGains Infrastructure Security
NetGains Infrastructure SecurityNetGains Infrastructure Security
NetGains Infrastructure Security
 
www.more.net | University of Missouri
www.more.net | University of Missouriwww.more.net | University of Missouri
www.more.net | University of Missouri
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment framework
 
Windows Security in Operating System
Windows Security in Operating SystemWindows Security in Operating System
Windows Security in Operating System
 
Fighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud CybersecurityFighting The Top 7 Threats to Cloud Cybersecurity
Fighting The Top 7 Threats to Cloud Cybersecurity
 
Client /server security overview
Client /server security overviewClient /server security overview
Client /server security overview
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security Risk
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating system
 
Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0
 
Industry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksIndustry Best Practice against DDoS Attacks
Industry Best Practice against DDoS Attacks
 
September 2012 Security Vulnerability Session
September 2012 Security Vulnerability SessionSeptember 2012 Security Vulnerability Session
September 2012 Security Vulnerability Session
 

Similar a TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment

Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008ClubHack
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testingankitmehta21
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptxVIRAJDEY1
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
Cybersecurity Goes Mainstream
Cybersecurity Goes MainstreamCybersecurity Goes Mainstream
Cybersecurity Goes MainstreamRob Marson
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?Osei Fortune
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Sreerag cs network security
Sreerag cs network securitySreerag cs network security
Sreerag cs network securitySreerag Gopinath
 
The Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iThe Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iPrecisely
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?Peter Wood
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09technext1
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec TrainingMike Spaulding
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 

Similar a TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment (20)

Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptx
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
Cybersecurity Goes Mainstream
Cybersecurity Goes MainstreamCybersecurity Goes Mainstream
Cybersecurity Goes Mainstream
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
AW-Infs201101067.pptx
AW-Infs201101067.pptxAW-Infs201101067.pptx
AW-Infs201101067.pptx
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Sreerag cs network security
Sreerag cs network securitySreerag cs network security
Sreerag cs network security
 
The Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iThe Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM i
 
Network security, seriously?
Network security, seriously?Network security, seriously?
Network security, seriously?
 
Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09Protecting Windows Networks From Malware 31 Jan09
Protecting Windows Networks From Malware 31 Jan09
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec Training
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 

Más de Dawn Yankeelov

TALK Public Policy 2022
TALK Public Policy 2022TALK Public Policy 2022
TALK Public Policy 2022Dawn Yankeelov
 
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021Dawn Yankeelov
 
Discussing Guidance & Liabilities Regarding Reopening
Discussing Guidance & Liabilities Regarding ReopeningDiscussing Guidance & Liabilities Regarding Reopening
Discussing Guidance & Liabilities Regarding ReopeningDawn Yankeelov
 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDawn Yankeelov
 
Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Dawn Yankeelov
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
The Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitThe Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitDawn Yankeelov
 
Cyber Security Resilience by KY CISO David Carter
Cyber Security Resilience by KY CISO David CarterCyber Security Resilience by KY CISO David Carter
Cyber Security Resilience by KY CISO David CarterDawn Yankeelov
 
Cyber Security Resilience from Metro Louisville Govt.
Cyber Security Resilience from Metro Louisville Govt. Cyber Security Resilience from Metro Louisville Govt.
Cyber Security Resilience from Metro Louisville Govt. Dawn Yankeelov
 
Cybersecurity Information From KY's CISO
Cybersecurity Information From KY's CISOCybersecurity Information From KY's CISO
Cybersecurity Information From KY's CISODawn Yankeelov
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachDawn Yankeelov
 
Kentucky's Cyber Enclave
Kentucky's Cyber EnclaveKentucky's Cyber Enclave
Kentucky's Cyber EnclaveDawn Yankeelov
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Dawn Yankeelov
 
RCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in HealthcareRCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in HealthcareDawn Yankeelov
 
Kentucky's Cyber Engineering Pathway for Teens By Scott U'Sellis
Kentucky's Cyber Engineering Pathway for Teens By Scott U'SellisKentucky's Cyber Engineering Pathway for Teens By Scott U'Sellis
Kentucky's Cyber Engineering Pathway for Teens By Scott U'SellisDawn Yankeelov
 
PSST: Seamless Data Solutions
PSST: Seamless Data Solutions PSST: Seamless Data Solutions
PSST: Seamless Data Solutions Dawn Yankeelov
 
RCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in Healthcare RCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in Healthcare Dawn Yankeelov
 
Cybersecurity Trends & Startups by Gula Tech Adventures
Cybersecurity Trends & Startups by Gula Tech AdventuresCybersecurity Trends & Startups by Gula Tech Adventures
Cybersecurity Trends & Startups by Gula Tech AdventuresDawn Yankeelov
 
Understanding Research & Development Tax Credits in KY
Understanding Research & Development Tax Credits in KYUnderstanding Research & Development Tax Credits in KY
Understanding Research & Development Tax Credits in KYDawn Yankeelov
 

Más de Dawn Yankeelov (20)

TALK Public Policy 2022
TALK Public Policy 2022TALK Public Policy 2022
TALK Public Policy 2022
 
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
 
Discussing Guidance & Liabilities Regarding Reopening
Discussing Guidance & Liabilities Regarding ReopeningDiscussing Guidance & Liabilities Regarding Reopening
Discussing Guidance & Liabilities Regarding Reopening
 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber Resilience
 
Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
 
The Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your ToolkitThe Case for EDR: What's In Your Toolkit
The Case for EDR: What's In Your Toolkit
 
Cyber Security Resilience by KY CISO David Carter
Cyber Security Resilience by KY CISO David CarterCyber Security Resilience by KY CISO David Carter
Cyber Security Resilience by KY CISO David Carter
 
Cyber Security Resilience from Metro Louisville Govt.
Cyber Security Resilience from Metro Louisville Govt. Cyber Security Resilience from Metro Louisville Govt.
Cyber Security Resilience from Metro Louisville Govt.
 
Cybersecurity Information From KY's CISO
Cybersecurity Information From KY's CISOCybersecurity Information From KY's CISO
Cybersecurity Information From KY's CISO
 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
 
Kentucky's Cyber Enclave
Kentucky's Cyber EnclaveKentucky's Cyber Enclave
Kentucky's Cyber Enclave
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
 
RCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in HealthcareRCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in Healthcare
 
Kentucky's Cyber Engineering Pathway for Teens By Scott U'Sellis
Kentucky's Cyber Engineering Pathway for Teens By Scott U'SellisKentucky's Cyber Engineering Pathway for Teens By Scott U'Sellis
Kentucky's Cyber Engineering Pathway for Teens By Scott U'Sellis
 
PSST: Seamless Data Solutions
PSST: Seamless Data Solutions PSST: Seamless Data Solutions
PSST: Seamless Data Solutions
 
RCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in Healthcare RCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in Healthcare
 
Cybersecurity Trends & Startups by Gula Tech Adventures
Cybersecurity Trends & Startups by Gula Tech AdventuresCybersecurity Trends & Startups by Gula Tech Adventures
Cybersecurity Trends & Startups by Gula Tech Adventures
 
How I Will Phish You
How I Will Phish You How I Will Phish You
How I Will Phish You
 
Understanding Research & Development Tax Credits in KY
Understanding Research & Development Tax Credits in KYUnderstanding Research & Development Tax Credits in KY
Understanding Research & Development Tax Credits in KY
 

Último

Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Último (20)

Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment

  • 1. Case Studies in Network Vulnerability Assessments
  • 2. About Chris  I am a VP and a Senior Security Engineer at PatchAdvisor  In 1991 I started one of the first companies to ever provide comprehensive penetration testing/vulnerability assessment services  I’ve examined networks in every industry sector, in dozens of countries
  • 4. Network Vulnerability Assessments  Internal and external reviews  Validation of existing security mechanisms  Detailed analysis of networked devices and services  Not merely running a commercial scanning tool  Audit for policy compliance  Prioritized recommendations for improving security posture
  • 5. Vulnerability Assessments: WHY?  Only realistic way to determine vulnerabilities  Get a baseline of vulnerability state  Prioritize remedial actions  Correct serious problems quickly  Assure that policies address real vulnerabilities  Industry best practice
  • 6. Vulnerability Assessments: HOW?  Internet-based attack  Preferably, should include in-depth web application assessments  On-site engagement  Internal attacks  Simultaneous war dialing / wireless / partner connections  Initial out-briefing  Report delivery  Executive briefing
  • 7. Web Application Assessments  Comprehensive evaluation of application  Network perspective  Server configuration  Software settings  Authenticated and Unauthenticated attacks  Emulate both internet-based attacker, and valid user exceeding authorized access  Examine applications for all types of security issues  SQL Injection  XSS/CSRF  Buffer Overflows  Cookie Manipulation  URL Replay attacks  Denials of Service
  • 9. The Most Common Issues  Patch management  Nearly every organization I have examined has been woefully behind in patches, especially on Non-OS/3rd party applications  Misconfigured Services  Insecure file shares, poor access control, default settings  Poor Coding  Vulnerable web applications, desktop applications & mobile apps  Passwords  Weak passwords and poor password discipline are still the number one mechanism used by attackers to gain access
  • 10. Attacks Can Start Anywhere…  Unpassworded TELNET access into print server  SNMP Read/Write community string exposed in printer configuration menu  Community string also used on devices such as routers, switches, etc.  “Level 7” hashes in Cisco config files exposed the password “mbhafnitsoscar”  This password also used by a Windows Domain Administrator  Windows Domain also tied to NetWare eDirectory  In total, compromise of nearly 15,000 accounts and 99.99% of all systems and network devices…all from one insecure printer
  • 11. Real War Stories – Healthcare  Internet scans found a SharePoint Server with some limited unauthenticated access  Search queries exposed numerous documents with “password”  One was a set of instructions for training new users on electronic medical records application  This included a Windows domain account and password  This account and password gave access through a Citrix remote desktop server  This gave us access to the organization’s Internal network  NOTE: I have followed this same attack path to compromise other entities, including banks, law firms, and insurance companies
  • 12. Real War Stories – Hedge Fund  During internal network assessment, NetBIOS name spoofing exposed numerous accounts  System Administrators appeared to be remotely connecting to Windows-based systems as the Administrator account  Password was quickly cracked  Same local administrator password was used on EVERY workstation and server
  • 13. Real War Stories – Government Agency  On the internal network several Isilon file servers were found  HDFS was running without any access control restrictions set  One directory on the file server had virtual machine images  Pulled down copies and loaded them under local VMware workstation on our attacker laptops  Extracted usernames and passwords from the virtual machine by first booting to virtual CD image of kon-boot and bypassing local login  Could have also gained access by replacing “sticky keys app”, copying SAM and SYSTEM files, etc.  Local administrator-level accounts recovered worked on numerous other servers  Used Mimikatz to recover accounts from each of the additional systems and exposed numerous Domain Administrator-level accounts  This led to the compromise of several thousand Windows-based systems
  • 14. Real War Stories - Financial Industry  On the internal network there were numerous systems running server-based JAVA applications  Many were commercial applications from major industry leaders (IBM, HP, VMware, etc.)  Numerous attacks over JavaRMI led to remote code execution  Missing patches, insecure libraries, unauthenticated access to JMX consoles, etc.  Extracted cached accounts and plaintext passwords using Mimikatz program including Domain Administrator-level accounts
  • 15. The Inevitable Conclusion It’s not about perfect security; it’s about DUE DILIGENCE. “Given the inevitability of computer losses, you’ll be judged not by whether you were the victim of an attack, but by how well you planned for it." - Computer Security Institute
  • 16. In Closing…  Due diligence requires a full spectrum of countermeasures  Vulnerability assessments are a critical component of successful security programs  Understand that your organization is not as unique as you think it is
  • 17. PatchAdvisor, Inc 703-256-0156 5510 Cherokee Ave Suite 120 Alexandria, VA. 22312