SlideShare una empresa de Scribd logo

Hardening as a Part of a holistic Security Strategy (UPDATE)

N
NoCodeHardening

Why are IT Forensic and System Hardening so important for your company? How can you significantly increase the level of your IT Security? This presentation gives you the answers.

Software
1 de 62
Descargar para leer sin conexión
HARDENING AS PART OF A HOLISTIC SECURITY STRATEGY
Who is talking to you? Fabian Böhm CEO & Founder @ TEAL Florian Bröder CEO & Founder @ FB Pro GmbH https://www.fb-pro.com/ LinkedIn https://www.teal-consulting.de/ LinkedIn Volker Wassermann CEO & Founder @ bridge4IT® https://www.bridge4it.de/ LinkedIn
Agenda ••• networker.NRW ••• IT Forensics ••• Hardening – the why ••• Hardening – the what ••• Hardening – tool based ••• Hardening – how hard can it be? ••• Q&A
Networker NRW – short facts Your advantages ••• ​Expand competencies ••• Promote cooperation potential ••• free initial telephone consultation ••• by lawyers specializing in IT law Other competencies ••• Vocational training in the industrial-technical field ••• Graphic design ••• IT Consulting ••• IT Marketing ••• IT Legal Advice ••• Knowledge Management ••• Qualification and Training ••• Quality Management Systems ••• Environmental Management Systems ••• Advertising and advertising design Key areas of expertise ••• Cloud Computing/Internet ••• Information Security ••• IT Infrastructure ••• Software Contact for media, companies and individuals seeking advice
System hardening and IT forensics? ••• Attackers leave more traces, as they can only attack via detours, e. g. private escalation ••• Investigation / preservation of evidence requires less effort / time and money ••• Hardening makes it possible to trace whether the incident occurred before or after the attack ••• What is switched off no longer needs to be checked in the incident ••• Backdoors are closed before attacks will find them to be used ••• No cross-effects from running services or software during analysis ••• Data outflow is condensed to only a few services ••• Number of log entries is reduced, what is not logged does not need to be analyzed ••• Operating system updates do not reopen the gap if security configuration is controlled and monitored
HARDENING – THE WHY
Real life examples Fritzmeier Group: Hacker legen deutschen Fahrzeugzulieferer lahm - cio.de Fahrradbauer Prophete: Erste Details zum Cyber-Angriff | heise online
Real life examples Bericht des "Handelsblatt": Gehackte Daten von Continental im Darknet | tagesschau.de Nach Cyberangriff auf Continental: Hacker veröffentlichen Liste mit erbeuteten Daten (handelsblatt.com) Medibank hack: Email reveals staff details compromised by data breach | news.com.au — Australia’s leading news site
Real life examples PrintNightmare: Schon wieder eine Drucker-Lücke in Windows ohne Patch | heise online
Real life examples Top 5 AWS Misconfigurations That Led to Data Leaks in 2021 | Spiceworks It Security Clear statement  99% of cloud breaches can be traced to “misconfigurations”  Missing secure configuration  Missing “hardening”  No control  No process / no checks Clear statement  80% percent of ransomware can be traced to common configuration errors  Missing secure configuration  Missing “hardening”  No control  No process / no checks Extortion Economics | Security Insider (microsoft.com)
Questions
HARDENING – THE WHAT
Real life demonstrates the inadequacy of the classic "detect and respond" pattern. It seems that this pattern is no longer sufficient!
Shifting the responsibility for IT security and asset protection to back-office, accounting, and "non-IT" people seems like a very strange approach.
Definition In computing, hardening is usually the process of securing a system by reducing its surface area of vulnerability, which is greater as a system performs more functions. Hardening …considers information security as well as data protection …is one of several technical measures' organizations may adopt Legal requirements are in place  …GDPR enforce “state of technology” (Art. 32 “security of processing”)  “State of the art” is defined (see Teletrust e.V.)  Several industry specific requirements enforce more detailed configuration (e. g. VAIT for insurances, IT- Sicherheitsgesetz for KRITIS relevant organizations, ISO 27001:2022, B3S "Medizinische Versorgung", e.g.)
It is necessary Product law in America Designed to make “everything” work to avoid legal impacts  “Dry the guinea in a microwave oven”  …other stories Vendors recommend hardening Microsoft: “We recommend that you implement an industry-standard configuration that is broadly known and well-tested, such as Microsoft security baselines, as opposed to creating a baseline yourself. This helps increase flexibility and reduce costs.” How critical is secure configuration?  A running print spooler service was considered uncritical until printer nightmare end of 2021.  Using SMBv1 was uncritical until WannaCry Ransomware used EternalBlue exploit in 2017  Using Kerberos tickets based on RC4 encryption is outdated since 2015 – why is it still activated?  A “non configured” Office installation is again target of an attack - so is “non configuration” of Office uncritical? …an open door in your house is uncritical until somebody walks in who is not allowed to do so? Security baselines guide - Windows security | Microsoft Docs
It is necessary The NIST Cyber Security Framework covers five critical functions where the marked ones are most relevant for securing (known) endpoints. PROTECT DETECT RESPOND RECOVER IDENTIFY Technology PROTECT DETECT RESPOND Anti-Malware solutions X X Threat-Intel solutions X X EDR/XDR solutions X X MDR solutions X X Vulnerability scanner X SIEM solutions X X (SOC, IM process) Compromise Assessment X X Hardening X Enforce Administrator X X IM process What does make more sense? Have a 24/7 team monitoring the door or just close the door and lock it?
Frameworks and legal: System hardening is widely mentioned (some examples) https://www.cisecurity.org/controls/ https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kom pendium/IT_Grundschutz_Kompendium_Edition2020.pdf?__blob=publication File&v=6 https://www.teletrust.de/publikationen/broschueren/stand-der- technik/?tx_reintdownloadmanager_reintdlm%5Bdownloaduid%5D=10505& cHash=f39d74868a8b38e98e6cc09b0ab16f6f
Frameworks and legal Extract from SWIFT questionnaire (end 2021) BAFIN for banking and insurance sector (03/2022) Cyber risk insurance questionaire (2022) Questions for companies starting with 50.000.000 € revenue up to 150.000.000 €. “Hardening” is first questions in sector “basic”.
Frameworks and legal: System hardening (“secure configuration”) in ISO 27001(2):2022 ISO 27001:2022 is updated and published!
System hardening - strategical part NIST defines it as… “The management and control of configurations for an information system to enable security and facilitate the management of risk.” NIST also published a… Guide for Security-Focused Configuration Management of Information Systems | NIST SecCM consists of four phases: Security Configuration Management (SecCM) - Glossary | CSRC (nist.gov) Guide for Security-Focused Configuration Management of Information Systems (nist.gov) Planning Identifying and Implementing Configurations Controlling Configuration Changes Monitoring Figure 2-1 – Security-focused Configuration Management Phases
Hardening in context of a security landscape Infrastructure Security Endpoint Security Application Security Managed Security Service Provider Messaging Security Web Security IoT Security Security Operations & Incident Response Threat Intelligence Mobile Security Data Security Cloud Security Identity & Access Management Risk & Compliance Specialized Threat Analysis & Protection Transaction Security
Hardening in context of a security landscape Infrastructure Security Endpoint Security Application Security Messaging Security Web Security IoT Security Security Operations & Incident Response Threat Intelligence Risk & Compliance Specialized Threat Analysis & Protection Transaction Security Mobile Security Data Security Cloud Security Identity & Access Management Managed Security Service Provider
HARDENING – TOOL BASED
Enforce Administrator as „hardening tool“ Enforce Administrator With Enforce Suite, we offer you a comprehensive enterprise security solution for continuous monitoring of your clients and servers. With the central management tool Enforce Suite, you configure hardening policies according to common industry standards and monitor their compliance. We at TEAL Technology Consulting support you in the implementation of the Enforce Suite and optionally manage your Enforce solution professionally with our Managed Service offering. Your advantages  Automated optimization of your system configuration  Continuous monitoring of your security  Comprehensive and up-to-date system curing packages  Reduced operating costs through auto-optimization  Professional operation via the Teal Managed Service
High level architecture
System hardening – the benefits Security Configuration Management Raise efficiency and save (internal) resources Raise protection level Be compliant and transparent Security of investment A new insight? Detected mistakes fixed early in a chain reduce overhead and save money in the end. Conclusion: Hardening is cost effective! § €
Examples of rollout approaches Rollout approach depends on customers infrastructure and could controlled via several dimensions, for example:  Role oriented  Technology oriented (operating system, e.g.)  Location oriented  Rollout approach based, for example process integrated only targeting newly deployed systems Wave 1 • Domain Controllers Wave 2 • Member Servers (file, application) Wave 3 • Web, DB Servers Wave 4 • Clients of IT team • Clients org oriented Wave 1 • (NEW) Windows Server 2022 systems Wave 2 • Installed systems risk oriented Wave 3 • Client world starting with Windows 10 (not 7,8)
Why not via “Group Policy objects”? 1) How quickly are several hundred hardening settings implemented? We are ready to use after installation. 2) How is it controlled that all settings arrive on the target systems? 3) How is a "restore" of settings performed when an application is no longer functional due to hardening configurations? 4) How is the IT team notified if IT systems are suddenly no longer "compliant" with the specified settings? 5) How does meaningful process integration (incident management, ConfigMgmt) take place?
HARDENING – HOW HARD CAN IT BE?
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding CHALLENGE SMB v1 is outdated - still being used in customer environments Example: A board member used an unmanaged tablet to access an old NAS to view presentations stored there.
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding KNOWN ATTACKS https://www.golem.de/news/wannacry-nsa-exploits-legen- weltweit-windows-rechner-lahm-1705-127801.html
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding HOW TO VERIFY whether SMB v1 is still in use. enable auditing in smaller environments via PowerShell (Set- SmbServerConfiguration -AuditSmb1Access $true) or distribute the following registry key via GPO in larger environments. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanm anServerParameters- “AuditSmb1Access”=dword:00000001 Auditing should be performed at least on all domain controllers and file servers. The logs can either be collected via PowerShell or forwarded to a log collector via event log forwarding.
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding HOW TO SOLVE Either the systems can be configured for SMB v2 or v3, or they need to be replaced.
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding CHALLENGE SMB v1 is outdated - still being used in customer environments example: A board member used an unmanaged tablet to access an old NAS to view presentations stored there. KNOWN ATTACKS https://www.golem.de/news/wannacry-nsa-exploits-legen-weltweit-windows-rechner-lahm-1705-127801.html HOW TO SOLVE Either the systems can be configured for SMB v2 or v3, or they need to be replaced. HOW TO VERIFY whether SMB v1 is still in use. To do this, you can enable auditing in smaller environments via PowerShell (Set- SmbServerConfiguration -AuditSmb1Access $true) or distribute the following registry key via GPO in larger environments. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameter s “AuditSmb1Access”=dword:00000001 Auditing should be performed at least on all domain controllers and file servers. The logs can either be collected via PowerShell or forwarded to a log collector via event log forwarding.
CHALLENGE ntlm v1 is outdated - still being used in customer environments SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding KNOWN ATTACKS ProxyLogon (CVE-2021-28655 , CVE-2021-27065) and ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) Orange Tsai, PetitPotam (VDB-179650) from topotam, Active Directory Certificate Services (ADCS) from Will Schroeder and Lee Christensen
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding HOW TO VERIFY Audit ntlm v1 usage via a gpo setting Collect event: $Events = Get-WinEvent -Logname Security -FilterXPath “Event[System[(EventID=4624)]]and Event[EventData[Data[@Name=’LmPackageName’]=’NTLM V1′]]” | Select-Object ` @{Label=’Time’;Expression={$_.TimeCreated.ToString(‘g’)}}, @{Label=’UserName’;Expression={$_.Properties[5].Value}}, @{Label=’WorkstationName’;Expression={$_.Properties[11].Value}}, @{Label=’LogonType’;Expression={$_.properties[8].value}}, @{Label=’ImpersonationLevel’;Expression={$_.properties[20].value}}
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding HOW TO SOLVE Turn NTLM authentication off or enforce ntlm v2 only. If a system needs to be reconfigured anyway, this is a good time to move directly to Kerberos if the application supports it.
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding CHALLENGE ntlm v1 is outdated - still being used in customer environments KNOWN ATTACKS ProxyLogon (CVE-2021-28655 , CVE-2021-27065) and ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021- 31207) from Orange Tsai, PetitPotam (VDB-179650), topotam, Active Directory Certificate Services (ADCS) from Will Schroeder and Lee Christensen HOW TO SOLVE Turn NTLM authentication off or enforce ntlm v2 only. If a system needs to be reconfigured anyway, this is a good time to move directly to Kerberos if the application supports it. HOW TO VERIFY Audit ntlm v1 usage via a gpo setting Collect event: $Events = Get-WinEvent -Logname Security -FilterXPath “Event[System[(EventID=4624)]]and Event[EventData[Data[@Name=’LmPackageName’]=’NTLM V1′]]” | Select-Object ` @{Label=’Time’;Expression={$_.TimeCreated.ToString(‘g’)}}, @{Label=’UserName’;Expression={$_.Properties[5].Value}}, @{Label=’WorkstationName’;Expression={$_.Properties[11].Value}}, @{Label=’LogonType’;Expression={$_.properties[8].value}}, @{Label=’ImpersonationLevel’;Expression={$_.properties[20].value}}
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding CHALLENGE Microsoft already tried 3 years ago to force LDAP signing (ADV190023). This is essentially a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding KNOWN ATTACKS https://github.com/Dec0ne/KrbRelayUp
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding HOW TO VERIFY Enable logging via registry key on the DCs: Reg Add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDS Diagnostics /v “16 LDAP Interface Events” /t REG_DWORD /d 2 In addition, the Channel Binding Token (CBT) signing event 3041 should be generated. For this, the setting Domain controller: LDAP server channel binding token requirements must also be configured to “When Supported” on the domain controllers. Otherwise, only the general events 3040 and 3041 are generated, which indicate whether there were unsaved binds, but no details of which system triggered this.
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding HOW TO SOLVE Armed with the list of systems, you can now talk to the people responsible for the server and together find out which application establishes an LDAP connection. There is usually little you can do about the fact that the application does this without signing, but in our experience (almost) every application supports LDAPS. Thus it is usually done with a change of the configuration in the software. However, we have also had the case where the operating system (Linux, domain-joined) communicated via LDAP and it was not possible to change the configuration. Unfortunately, no OpenSSL package that supports signing was available in the manufacturer’s repository for the version of the operating system used. Thus, the server had to be reinstalled with a newer version of the operating system.
SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding CHALLENGE Microsoft already tried 3 years ago to force LDAP signing (ADV190023). This is essentially a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). KNOWN ATTACKS https://github.com/Dec0ne/KrbRelayUp HOW TO SOLVE After the list of servers which establishes an LDAP connection is generated, configure the application to use LDAPS. We had cases where the OpenSSL package used in the OS didn’t support LDAPS. Thus, the server had to be reinstalled with a newer version of the operating system. HOW TO VERIFY Enable logging via registry key on the DCs: Reg Add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSDiagnostics /v “16 LDAP Interface Events” /t REG_DWORD /d 2 Log CBT signing event 3041 by configuring “Domain controller: LDAP server channel binding token requirements” to “When supported”
SMBv1 NTLM v1 Client challenges Attack surface reduction rules LDAP signing / channel binding User rights assignment CHALLENGE Sometimes there are problems with the User Right Assignments. For example, both CIS and MS Baseline configure “Ensure ‘Access this computer from the network’ is set to ‘Administrators, Authenticated Users'”. However, when using Defender for Identity, it is necessary that the service account used has just this right.
SMBv1 NTLM v1 Client challenges Attack surface reduction rules LDAP signing / channel binding User rights assignment HOW TO VERIFY User Rights Assignments can be configured via GPO as well as locally, making it difficult to conclusively check the issue up front. If one uses the Enforce Administrator for hardening, then one can match the settings with GPOs when creating the hardening and at least check this way conclusively. To check locally configured settings, one could run a script like this on all systems and check the output.
SMBv1 NTLM v1 Client challenges Attack surface reduction rules LDAP signing / channel binding User rights assignment HOW TO SOLVE You need to verify the user rights assignments with the respective application owner and, if not documented properly, test it in a test environment upfront rolling it out completely.
SMBv1 NTLM v1 Client challenges Attack surface reduction rules LDAP signing / channel binding User rights assignment CHALLENGE Sometimes there are problems with the User Right Assignments. For example, both CIS and MS Baseline configure “Ensure ‘Access this computer from the network’ is set to ‘Administrators, Authenticated Users'”. However, when using Defender for Identity, it is necessary that the service account used has just this right. HOW TO SOLVE You need to verify the user rights assignments with the respective application owner and, if not not documented properly, test it in a test environment upfront rolling it out completely. HOW TO VERIFY User Rights Assignments can be configured via GPO as well as locally, making it difficult to conclusively check the issue up front. If one uses the Enforce Administrator for hardening, then one can match the settings with GPOs when creating the hardening and at least check this way conclusively. To check locally configured settings, one could run a script like this on all systems and check the output.
SMBv1 NTLM v1 Client challenges LDAP signing / channel binding User rights assignment Attack surface reduction rules CHALLENGE Attack Surface Reduction is a fairly new feature of Windows Defender. It is supposed to help prevent cyber attacks.
SMBv1 NTLM v1 Client challenges LDAP signing / channel binding User rights assignment Attack surface reduction rules HOW TO SOLVE To be on the safe side, it is advisable to first configure the rules in audit mode, check the messages in the event viewer and only when all problems have been solved, switch the rules to block mode. The common curing standards do not call for all ASR Rules to be turned on, however, we think it is a good idea, even if it is a little more work.
SMBv1 NTLM v1 Client challenges LDAP signing / channel binding User rights assignment Attack surface reduction rules CHALLENGE Attack Surface Reduction is a fairly new feature of Windows Defender. It is supposed to help prevent cyber attacks. HOW TO SOLVE To be on the safe side, it is advisable to first configure the rules in audit mode, check the messages in the event viewer and only when all problems have been solved, switch the rules to block mode. The common curing standards do not call for all ASR Rules to be turned on, however, we think it is a good idea, even if it is a little more work.
SMBv1 NTLM v1 LDAP signing / channel binding User rights assignment Attack surface reduction rules Client challenges CHALLENGE 1 - APPLICATIONS AND UNC PATHS Applications are often placed on network shares and launched from there via a UNC path to simplify application updates. After applying the Security Baseline for Windows in such cases, you may receive a popup with the security warning: “The publisher could not be verified. Are you sure you want to run the software”. By clicking Run, the user can still launch the application.
SMBv1 NTLM v1 LDAP signing / channel binding User rights assignment Attack surface reduction rules Client challenges HOW TO SOLVE This error message is annoying for the user, but can be disabled by adding the UNC path to the Intranet Zone file. For this purpose there is a so-called Site to Zone Mapping which is stored in the registry (the mapping can be set for the whole system or for the user): • HKLMSOFTWAREPoliciesMicrosoftWindowsCurrentVersionIntern et SettingsZoneMap • HKCUSOFTWAREPoliciesMicrosoftWindowsCurrentVersionIntern et SettingsZoneMapKey Both settings can also be configured via Group Policy configure: • Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page • User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page The name of the server is entered there, e.g. file://myserver1 with a value of 2, which stands for the intranet zone.
SMBv1 NTLM v1 LDAP signing / channel binding User rights assignment Attack surface reduction rules Client challenges CHALLENGE 2 - HTTP AUTHENTICATION SCHEMES The baseline for Microsoft Edge and the CIS Microsoft Edge benchmark disable Basic Authentication among the supported authentication schemes. Basic Authentication is an outdated and insecure authentication method and the clear recommendation here is to switch applications that require it to a more modern login method.
SMBv1 NTLM v1 LDAP signing / channel binding User rights assignment Attack surface reduction rules Client challenges HOW TO SOLVE For troubleshooting, Basic Authentication can be re-enabled using the following Group Policy setting: Computer Configuration > Administrative Templates > Microsoft Edge > HTTP authentication > Supported authentication schemes Append the value ‘basic’ to the comma-separated list (all values must be lowercase).
SMBv1 NTLM v1 LDAP signing / channel binding User rights assignment Attack surface reduction rules Client challenges CHALLENGE 3 – OFFICE FILE FORMAT A recurring theme in client hardening is the handling of older Office formats. The Microsoft 365 Apps for Enterprise Baseline and the CIS Microsoft Office Excel Benchmark are quite restrictive and disable all older Office formats. This affects all old binary formats of the Office version older than 2007, before Office had introduced modern file formats based on XML. Most companies still use older Office formats at least in some areas and therefore have to soften the Microsoft baseline again in this area.
SMBv1 NTLM v1 LDAP signing / channel binding User rights assignment Attack surface reduction rules Client challenges HOW TO SOLVE Verify which old office templates exists which cannot be renewed…. Unblock excel version via GPO User Configuration > Administrative Templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center > File Block Settings > Excel 97-2003 workbooks and templates. We provide here a small script that searches a certain directory incl. subdirectories for files with the extension . xls and determines the exact version. However, the script must open the file, so it must only be applied to trusted files, because macro code may be executed when the file is opened, and macros that start automatically and display a dialog box, for example, must be clicked away manually. After knowing which file formats are available, it should first be checked to what extent the older file formats can be converted into the current XML-based file formats of Office.
Q & A – What questions do you have?
Contact us for more information INFO PAGE https://aktionen.teal-consulting.de/ enforce-suite/ CONTACT US E-Mail: info@teal-consulting.de Phone: 0211/93675225
Thank you!

Recomendados

Präsentation: Wie Energieversorger ihre IT-Systeme durch Systemhärtung absich...
Präsentation: Wie Energieversorger ihre IT-Systeme durch Systemhärtung absich...Präsentation: Wie Energieversorger ihre IT-Systeme durch Systemhärtung absich...
Präsentation: Wie Energieversorger ihre IT-Systeme durch Systemhärtung absich...NoCodeHardening
 
IT-Security "Must Have": Hardening as Part of a holistic Security Strategy
IT-Security "Must Have": Hardening as Part of a holistic Security StrategyIT-Security "Must Have": Hardening as Part of a holistic Security Strategy
IT-Security "Must Have": Hardening as Part of a holistic Security StrategyNoCodeHardening
 
Hardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyHardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyNoCodeHardening
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsLabSharegroup
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 

Recomendados

Präsentation: Wie Energieversorger ihre IT-Systeme durch Systemhärtung absich...
Präsentation: Wie Energieversorger ihre IT-Systeme durch Systemhärtung absich...Präsentation: Wie Energieversorger ihre IT-Systeme durch Systemhärtung absich...
Präsentation: Wie Energieversorger ihre IT-Systeme durch Systemhärtung absich...NoCodeHardening
 
IT-Security "Must Have": Hardening as Part of a holistic Security Strategy
IT-Security "Must Have": Hardening as Part of a holistic Security StrategyIT-Security "Must Have": Hardening as Part of a holistic Security Strategy
IT-Security "Must Have": Hardening as Part of a holistic Security StrategyNoCodeHardening
 
Hardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyHardening as Part of a holistic Security Strategy
Hardening as Part of a holistic Security StrategyNoCodeHardening
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsLabSharegroup
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedTiffany Graham
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizonteam-WIBU
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
111.pptx
111.pptx111.pptx
111.pptxJESUNPK
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxlorainedeserre
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxjesusamckone
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedMatthew Moldvan
 
CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023Withum
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinCloud Expo
 
MEDS
MEDSMEDS
MEDSmielmarketing
 
Major Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | SysforeMajor Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | SysforeSysfore Technologies
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupCohesive Networks
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud servicesComarch_Services
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresIJRES Journal
 
Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Shawn Nutley
 
Trends in Cybersecurity - DNUG Stammtisch Wien
Trends in Cybersecurity - DNUG Stammtisch Wien Trends in Cybersecurity - DNUG Stammtisch Wien
Trends in Cybersecurity - DNUG Stammtisch Wien DNUG e.V.
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Virtual security is no less real
Virtual security is no less realVirtual security is no less real
Virtual security is no less realguest24ab95c
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesVictoriaMetrics
 

Más contenido relacionado

Similar a Hardening as a Part of a holistic Security Strategy (UPDATE)

Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizonteam-WIBU
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Ulf Mattsson
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
111.pptx
111.pptx111.pptx
111.pptxJESUNPK
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxlorainedeserre
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxjesusamckone
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedMatthew Moldvan
 
CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023Withum
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinCloud Expo
 
Major Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | SysforeMajor Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | SysforeSysfore Technologies
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupCohesive Networks
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud servicesComarch_Services
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresIJRES Journal
 
Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Shawn Nutley
 
Trends in Cybersecurity - DNUG Stammtisch Wien
Trends in Cybersecurity - DNUG Stammtisch Wien Trends in Cybersecurity - DNUG Stammtisch Wien
Trends in Cybersecurity - DNUG Stammtisch Wien DNUG e.V.
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Virtual security is no less real
Virtual security is no less realVirtual security is no less real
Virtual security is no less realguest24ab95c
 

Similar a Hardening as a Part of a holistic Security Strategy (UPDATE) (20)

Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizon
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
111.pptx
111.pptx111.pptx
111.pptx
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 
Automation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formattedAutomation alley day in the cloud presentation - formatted
Automation alley day in the cloud presentation - formatted
 
CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
 
MEDS
MEDSMEDS
MEDS
 
Major Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | SysforeMajor Cloud Security Challenges concerning the Enterprises | Sysfore
Major Cloud Security Challenges concerning the Enterprises | Sysfore
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud services
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
 
Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020
 
Trends in Cybersecurity - DNUG Stammtisch Wien
Trends in Cybersecurity - DNUG Stammtisch Wien Trends in Cybersecurity - DNUG Stammtisch Wien
Trends in Cybersecurity - DNUG Stammtisch Wien
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
 
Virtual security is no less real
Virtual security is no less realVirtual security is no less real
Virtual security is no less real
 

Último

Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesVictoriaMetrics
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shardsChristopher Curtin
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfmaor17
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfRTS corp
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto Pérez Alcolea
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jNeo4j
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 

Último (20)

Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 Updates
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdf
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 

Hardening as a Part of a holistic Security Strategy (UPDATE)

  • 1. HARDENING AS PART OF A HOLISTIC SECURITY STRATEGY
  • 2. Who is talking to you? Fabian Böhm CEO & Founder @ TEAL Florian Bröder CEO & Founder @ FB Pro GmbH https://www.fb-pro.com/ LinkedIn https://www.teal-consulting.de/ LinkedIn Volker Wassermann CEO & Founder @ bridge4IT® https://www.bridge4it.de/ LinkedIn
  • 3. Agenda ••• networker.NRW ••• IT Forensics ••• Hardening – the why ••• Hardening – the what ••• Hardening – tool based ••• Hardening – how hard can it be? ••• Q&A
  • 4. Networker NRW – short facts Your advantages ••• ​Expand competencies ••• Promote cooperation potential ••• free initial telephone consultation ••• by lawyers specializing in IT law Other competencies ••• Vocational training in the industrial-technical field ••• Graphic design ••• IT Consulting ••• IT Marketing ••• IT Legal Advice ••• Knowledge Management ••• Qualification and Training ••• Quality Management Systems ••• Environmental Management Systems ••• Advertising and advertising design Key areas of expertise ••• Cloud Computing/Internet ••• Information Security ••• IT Infrastructure ••• Software Contact for media, companies and individuals seeking advice
  • 5. System hardening and IT forensics? ••• Attackers leave more traces, as they can only attack via detours, e. g. private escalation ••• Investigation / preservation of evidence requires less effort / time and money ••• Hardening makes it possible to trace whether the incident occurred before or after the attack ••• What is switched off no longer needs to be checked in the incident ••• Backdoors are closed before attacks will find them to be used ••• No cross-effects from running services or software during analysis ••• Data outflow is condensed to only a few services ••• Number of log entries is reduced, what is not logged does not need to be analyzed ••• Operating system updates do not reopen the gap if security configuration is controlled and monitored
  • 7. Real life examples Fritzmeier Group: Hacker legen deutschen Fahrzeugzulieferer lahm - cio.de Fahrradbauer Prophete: Erste Details zum Cyber-Angriff | heise online
  • 8. Real life examples Bericht des "Handelsblatt": Gehackte Daten von Continental im Darknet | tagesschau.de Nach Cyberangriff auf Continental: Hacker veröffentlichen Liste mit erbeuteten Daten (handelsblatt.com) Medibank hack: Email reveals staff details compromised by data breach | news.com.au — Australia’s leading news site
  • 9. Real life examples PrintNightmare: Schon wieder eine Drucker-Lücke in Windows ohne Patch | heise online
  • 10. Real life examples Top 5 AWS Misconfigurations That Led to Data Leaks in 2021 | Spiceworks It Security Clear statement  99% of cloud breaches can be traced to “misconfigurations”  Missing secure configuration  Missing “hardening”  No control  No process / no checks Clear statement  80% percent of ransomware can be traced to common configuration errors  Missing secure configuration  Missing “hardening”  No control  No process / no checks Extortion Economics | Security Insider (microsoft.com)
  • 13. Real life demonstrates the inadequacy of the classic "detect and respond" pattern. It seems that this pattern is no longer sufficient!
  • 14. Shifting the responsibility for IT security and asset protection to back-office, accounting, and "non-IT" people seems like a very strange approach.
  • 15. Definition In computing, hardening is usually the process of securing a system by reducing its surface area of vulnerability, which is greater as a system performs more functions. Hardening …considers information security as well as data protection …is one of several technical measures' organizations may adopt Legal requirements are in place  …GDPR enforce “state of technology” (Art. 32 “security of processing”)  “State of the art” is defined (see Teletrust e.V.)  Several industry specific requirements enforce more detailed configuration (e. g. VAIT for insurances, IT- Sicherheitsgesetz for KRITIS relevant organizations, ISO 27001:2022, B3S "Medizinische Versorgung", e.g.)
  • 16. It is necessary Product law in America Designed to make “everything” work to avoid legal impacts  “Dry the guinea in a microwave oven”  …other stories Vendors recommend hardening Microsoft: “We recommend that you implement an industry-standard configuration that is broadly known and well-tested, such as Microsoft security baselines, as opposed to creating a baseline yourself. This helps increase flexibility and reduce costs.” How critical is secure configuration?  A running print spooler service was considered uncritical until printer nightmare end of 2021.  Using SMBv1 was uncritical until WannaCry Ransomware used EternalBlue exploit in 2017  Using Kerberos tickets based on RC4 encryption is outdated since 2015 – why is it still activated?  A “non configured” Office installation is again target of an attack - so is “non configuration” of Office uncritical? …an open door in your house is uncritical until somebody walks in who is not allowed to do so? Security baselines guide - Windows security | Microsoft Docs
  • 17. It is necessary The NIST Cyber Security Framework covers five critical functions where the marked ones are most relevant for securing (known) endpoints. PROTECT DETECT RESPOND RECOVER IDENTIFY Technology PROTECT DETECT RESPOND Anti-Malware solutions X X Threat-Intel solutions X X EDR/XDR solutions X X MDR solutions X X Vulnerability scanner X SIEM solutions X X (SOC, IM process) Compromise Assessment X X Hardening X Enforce Administrator X X IM process What does make more sense? Have a 24/7 team monitoring the door or just close the door and lock it?
  • 18. Frameworks and legal: System hardening is widely mentioned (some examples) https://www.cisecurity.org/controls/ https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kom pendium/IT_Grundschutz_Kompendium_Edition2020.pdf?__blob=publication File&v=6 https://www.teletrust.de/publikationen/broschueren/stand-der- technik/?tx_reintdownloadmanager_reintdlm%5Bdownloaduid%5D=10505& cHash=f39d74868a8b38e98e6cc09b0ab16f6f
  • 19. Frameworks and legal Extract from SWIFT questionnaire (end 2021) BAFIN for banking and insurance sector (03/2022) Cyber risk insurance questionaire (2022) Questions for companies starting with 50.000.000 € revenue up to 150.000.000 €. “Hardening” is first questions in sector “basic”.
  • 20. Frameworks and legal: System hardening (“secure configuration”) in ISO 27001(2):2022 ISO 27001:2022 is updated and published!
  • 21. System hardening - strategical part NIST defines it as… “The management and control of configurations for an information system to enable security and facilitate the management of risk.” NIST also published a… Guide for Security-Focused Configuration Management of Information Systems | NIST SecCM consists of four phases: Security Configuration Management (SecCM) - Glossary | CSRC (nist.gov) Guide for Security-Focused Configuration Management of Information Systems (nist.gov) Planning Identifying and Implementing Configurations Controlling Configuration Changes Monitoring Figure 2-1 – Security-focused Configuration Management Phases
  • 22. Hardening in context of a security landscape Infrastructure Security Endpoint Security Application Security Managed Security Service Provider Messaging Security Web Security IoT Security Security Operations & Incident Response Threat Intelligence Mobile Security Data Security Cloud Security Identity & Access Management Risk & Compliance Specialized Threat Analysis & Protection Transaction Security
  • 23. Hardening in context of a security landscape Infrastructure Security Endpoint Security Application Security Messaging Security Web Security IoT Security Security Operations & Incident Response Threat Intelligence Risk & Compliance Specialized Threat Analysis & Protection Transaction Security Mobile Security Data Security Cloud Security Identity & Access Management Managed Security Service Provider
  • 25. Enforce Administrator as „hardening tool“ Enforce Administrator With Enforce Suite, we offer you a comprehensive enterprise security solution for continuous monitoring of your clients and servers. With the central management tool Enforce Suite, you configure hardening policies according to common industry standards and monitor their compliance. We at TEAL Technology Consulting support you in the implementation of the Enforce Suite and optionally manage your Enforce solution professionally with our Managed Service offering. Your advantages  Automated optimization of your system configuration  Continuous monitoring of your security  Comprehensive and up-to-date system curing packages  Reduced operating costs through auto-optimization  Professional operation via the Teal Managed Service
  • 27. System hardening – the benefits Security Configuration Management Raise efficiency and save (internal) resources Raise protection level Be compliant and transparent Security of investment A new insight? Detected mistakes fixed early in a chain reduce overhead and save money in the end. Conclusion: Hardening is cost effective! § €
  • 28. Examples of rollout approaches Rollout approach depends on customers infrastructure and could controlled via several dimensions, for example:  Role oriented  Technology oriented (operating system, e.g.)  Location oriented  Rollout approach based, for example process integrated only targeting newly deployed systems Wave 1 • Domain Controllers Wave 2 • Member Servers (file, application) Wave 3 • Web, DB Servers Wave 4 • Clients of IT team • Clients org oriented Wave 1 • (NEW) Windows Server 2022 systems Wave 2 • Installed systems risk oriented Wave 3 • Client world starting with Windows 10 (not 7,8)
  • 29. Why not via “Group Policy objects”? 1) How quickly are several hundred hardening settings implemented? We are ready to use after installation. 2) How is it controlled that all settings arrive on the target systems? 3) How is a "restore" of settings performed when an application is no longer functional due to hardening configurations? 4) How is the IT team notified if IT systems are suddenly no longer "compliant" with the specified settings? 5) How does meaningful process integration (incident management, ConfigMgmt) take place?
  • 31. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding
  • 32. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding CHALLENGE SMB v1 is outdated - still being used in customer environments Example: A board member used an unmanaged tablet to access an old NAS to view presentations stored there.
  • 33. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding KNOWN ATTACKS https://www.golem.de/news/wannacry-nsa-exploits-legen- weltweit-windows-rechner-lahm-1705-127801.html
  • 34. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding HOW TO VERIFY whether SMB v1 is still in use. enable auditing in smaller environments via PowerShell (Set- SmbServerConfiguration -AuditSmb1Access $true) or distribute the following registry key via GPO in larger environments. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanm anServerParameters- “AuditSmb1Access”=dword:00000001 Auditing should be performed at least on all domain controllers and file servers. The logs can either be collected via PowerShell or forwarded to a log collector via event log forwarding.
  • 35. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding HOW TO SOLVE Either the systems can be configured for SMB v2 or v3, or they need to be replaced.
  • 36. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding CHALLENGE SMB v1 is outdated - still being used in customer environments example: A board member used an unmanaged tablet to access an old NAS to view presentations stored there. KNOWN ATTACKS https://www.golem.de/news/wannacry-nsa-exploits-legen-weltweit-windows-rechner-lahm-1705-127801.html HOW TO SOLVE Either the systems can be configured for SMB v2 or v3, or they need to be replaced. HOW TO VERIFY whether SMB v1 is still in use. To do this, you can enable auditing in smaller environments via PowerShell (Set- SmbServerConfiguration -AuditSmb1Access $true) or distribute the following registry key via GPO in larger environments. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameter s “AuditSmb1Access”=dword:00000001 Auditing should be performed at least on all domain controllers and file servers. The logs can either be collected via PowerShell or forwarded to a log collector via event log forwarding.
  • 37. CHALLENGE ntlm v1 is outdated - still being used in customer environments SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding
  • 38. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding KNOWN ATTACKS ProxyLogon (CVE-2021-28655 , CVE-2021-27065) and ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) Orange Tsai, PetitPotam (VDB-179650) from topotam, Active Directory Certificate Services (ADCS) from Will Schroeder and Lee Christensen
  • 39. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding HOW TO VERIFY Audit ntlm v1 usage via a gpo setting Collect event: $Events = Get-WinEvent -Logname Security -FilterXPath “Event[System[(EventID=4624)]]and Event[EventData[Data[@Name=’LmPackageName’]=’NTLM V1′]]” | Select-Object ` @{Label=’Time’;Expression={$_.TimeCreated.ToString(‘g’)}}, @{Label=’UserName’;Expression={$_.Properties[5].Value}}, @{Label=’WorkstationName’;Expression={$_.Properties[11].Value}}, @{Label=’LogonType’;Expression={$_.properties[8].value}}, @{Label=’ImpersonationLevel’;Expression={$_.properties[20].value}}
  • 40. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding HOW TO SOLVE Turn NTLM authentication off or enforce ntlm v2 only. If a system needs to be reconfigured anyway, this is a good time to move directly to Kerberos if the application supports it.
  • 41. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding CHALLENGE ntlm v1 is outdated - still being used in customer environments KNOWN ATTACKS ProxyLogon (CVE-2021-28655 , CVE-2021-27065) and ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021- 31207) from Orange Tsai, PetitPotam (VDB-179650), topotam, Active Directory Certificate Services (ADCS) from Will Schroeder and Lee Christensen HOW TO SOLVE Turn NTLM authentication off or enforce ntlm v2 only. If a system needs to be reconfigured anyway, this is a good time to move directly to Kerberos if the application supports it. HOW TO VERIFY Audit ntlm v1 usage via a gpo setting Collect event: $Events = Get-WinEvent -Logname Security -FilterXPath “Event[System[(EventID=4624)]]and Event[EventData[Data[@Name=’LmPackageName’]=’NTLM V1′]]” | Select-Object ` @{Label=’Time’;Expression={$_.TimeCreated.ToString(‘g’)}}, @{Label=’UserName’;Expression={$_.Properties[5].Value}}, @{Label=’WorkstationName’;Expression={$_.Properties[11].Value}}, @{Label=’LogonType’;Expression={$_.properties[8].value}}, @{Label=’ImpersonationLevel’;Expression={$_.properties[20].value}}
  • 42. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding CHALLENGE Microsoft already tried 3 years ago to force LDAP signing (ADV190023). This is essentially a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
  • 43. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding KNOWN ATTACKS https://github.com/Dec0ne/KrbRelayUp
  • 44. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding HOW TO VERIFY Enable logging via registry key on the DCs: Reg Add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDS Diagnostics /v “16 LDAP Interface Events” /t REG_DWORD /d 2 In addition, the Channel Binding Token (CBT) signing event 3041 should be generated. For this, the setting Domain controller: LDAP server channel binding token requirements must also be configured to “When Supported” on the domain controllers. Otherwise, only the general events 3040 and 3041 are generated, which indicate whether there were unsaved binds, but no details of which system triggered this.
  • 45. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding HOW TO SOLVE Armed with the list of systems, you can now talk to the people responsible for the server and together find out which application establishes an LDAP connection. There is usually little you can do about the fact that the application does this without signing, but in our experience (almost) every application supports LDAPS. Thus it is usually done with a change of the configuration in the software. However, we have also had the case where the operating system (Linux, domain-joined) communicated via LDAP and it was not possible to change the configuration. Unfortunately, no OpenSSL package that supports signing was available in the manufacturer’s repository for the version of the operating system used. Thus, the server had to be reinstalled with a newer version of the operating system.
  • 46. SMBv1 NTLM v1 Client challenges Attack surface reduction rules User rights assignment LDAP signing / channel binding CHALLENGE Microsoft already tried 3 years ago to force LDAP signing (ADV190023). This is essentially a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). KNOWN ATTACKS https://github.com/Dec0ne/KrbRelayUp HOW TO SOLVE After the list of servers which establishes an LDAP connection is generated, configure the application to use LDAPS. We had cases where the OpenSSL package used in the OS didn’t support LDAPS. Thus, the server had to be reinstalled with a newer version of the operating system. HOW TO VERIFY Enable logging via registry key on the DCs: Reg Add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSDiagnostics /v “16 LDAP Interface Events” /t REG_DWORD /d 2 Log CBT signing event 3041 by configuring “Domain controller: LDAP server channel binding token requirements” to “When supported”
  • 47. SMBv1 NTLM v1 Client challenges Attack surface reduction rules LDAP signing / channel binding User rights assignment CHALLENGE Sometimes there are problems with the User Right Assignments. For example, both CIS and MS Baseline configure “Ensure ‘Access this computer from the network’ is set to ‘Administrators, Authenticated Users'”. However, when using Defender for Identity, it is necessary that the service account used has just this right.
  • 48. SMBv1 NTLM v1 Client challenges Attack surface reduction rules LDAP signing / channel binding User rights assignment HOW TO VERIFY User Rights Assignments can be configured via GPO as well as locally, making it difficult to conclusively check the issue up front. If one uses the Enforce Administrator for hardening, then one can match the settings with GPOs when creating the hardening and at least check this way conclusively. To check locally configured settings, one could run a script like this on all systems and check the output.
  • 49. SMBv1 NTLM v1 Client challenges Attack surface reduction rules LDAP signing / channel binding User rights assignment HOW TO SOLVE You need to verify the user rights assignments with the respective application owner and, if not documented properly, test it in a test environment upfront rolling it out completely.
  • 50. SMBv1 NTLM v1 Client challenges Attack surface reduction rules LDAP signing / channel binding User rights assignment CHALLENGE Sometimes there are problems with the User Right Assignments. For example, both CIS and MS Baseline configure “Ensure ‘Access this computer from the network’ is set to ‘Administrators, Authenticated Users'”. However, when using Defender for Identity, it is necessary that the service account used has just this right. HOW TO SOLVE You need to verify the user rights assignments with the respective application owner and, if not not documented properly, test it in a test environment upfront rolling it out completely. HOW TO VERIFY User Rights Assignments can be configured via GPO as well as locally, making it difficult to conclusively check the issue up front. If one uses the Enforce Administrator for hardening, then one can match the settings with GPOs when creating the hardening and at least check this way conclusively. To check locally configured settings, one could run a script like this on all systems and check the output.
  • 51. SMBv1 NTLM v1 Client challenges LDAP signing / channel binding User rights assignment Attack surface reduction rules CHALLENGE Attack Surface Reduction is a fairly new feature of Windows Defender. It is supposed to help prevent cyber attacks.
  • 52. SMBv1 NTLM v1 Client challenges LDAP signing / channel binding User rights assignment Attack surface reduction rules HOW TO SOLVE To be on the safe side, it is advisable to first configure the rules in audit mode, check the messages in the event viewer and only when all problems have been solved, switch the rules to block mode. The common curing standards do not call for all ASR Rules to be turned on, however, we think it is a good idea, even if it is a little more work.
  • 53. SMBv1 NTLM v1 Client challenges LDAP signing / channel binding User rights assignment Attack surface reduction rules CHALLENGE Attack Surface Reduction is a fairly new feature of Windows Defender. It is supposed to help prevent cyber attacks. HOW TO SOLVE To be on the safe side, it is advisable to first configure the rules in audit mode, check the messages in the event viewer and only when all problems have been solved, switch the rules to block mode. The common curing standards do not call for all ASR Rules to be turned on, however, we think it is a good idea, even if it is a little more work.
  • 54. SMBv1 NTLM v1 LDAP signing / channel binding User rights assignment Attack surface reduction rules Client challenges CHALLENGE 1 - APPLICATIONS AND UNC PATHS Applications are often placed on network shares and launched from there via a UNC path to simplify application updates. After applying the Security Baseline for Windows in such cases, you may receive a popup with the security warning: “The publisher could not be verified. Are you sure you want to run the software”. By clicking Run, the user can still launch the application.
  • 55. SMBv1 NTLM v1 LDAP signing / channel binding User rights assignment Attack surface reduction rules Client challenges HOW TO SOLVE This error message is annoying for the user, but can be disabled by adding the UNC path to the Intranet Zone file. For this purpose there is a so-called Site to Zone Mapping which is stored in the registry (the mapping can be set for the whole system or for the user): • HKLMSOFTWAREPoliciesMicrosoftWindowsCurrentVersionIntern et SettingsZoneMap • HKCUSOFTWAREPoliciesMicrosoftWindowsCurrentVersionIntern et SettingsZoneMapKey Both settings can also be configured via Group Policy configure: • Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page • User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page The name of the server is entered there, e.g. file://myserver1 with a value of 2, which stands for the intranet zone.
  • 56. SMBv1 NTLM v1 LDAP signing / channel binding User rights assignment Attack surface reduction rules Client challenges CHALLENGE 2 - HTTP AUTHENTICATION SCHEMES The baseline for Microsoft Edge and the CIS Microsoft Edge benchmark disable Basic Authentication among the supported authentication schemes. Basic Authentication is an outdated and insecure authentication method and the clear recommendation here is to switch applications that require it to a more modern login method.
  • 57. SMBv1 NTLM v1 LDAP signing / channel binding User rights assignment Attack surface reduction rules Client challenges HOW TO SOLVE For troubleshooting, Basic Authentication can be re-enabled using the following Group Policy setting: Computer Configuration > Administrative Templates > Microsoft Edge > HTTP authentication > Supported authentication schemes Append the value ‘basic’ to the comma-separated list (all values must be lowercase).
  • 58. SMBv1 NTLM v1 LDAP signing / channel binding User rights assignment Attack surface reduction rules Client challenges CHALLENGE 3 – OFFICE FILE FORMAT A recurring theme in client hardening is the handling of older Office formats. The Microsoft 365 Apps for Enterprise Baseline and the CIS Microsoft Office Excel Benchmark are quite restrictive and disable all older Office formats. This affects all old binary formats of the Office version older than 2007, before Office had introduced modern file formats based on XML. Most companies still use older Office formats at least in some areas and therefore have to soften the Microsoft baseline again in this area.
  • 59. SMBv1 NTLM v1 LDAP signing / channel binding User rights assignment Attack surface reduction rules Client challenges HOW TO SOLVE Verify which old office templates exists which cannot be renewed…. Unblock excel version via GPO User Configuration > Administrative Templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center > File Block Settings > Excel 97-2003 workbooks and templates. We provide here a small script that searches a certain directory incl. subdirectories for files with the extension . xls and determines the exact version. However, the script must open the file, so it must only be applied to trusted files, because macro code may be executed when the file is opened, and macros that start automatically and display a dialog box, for example, must be clicked away manually. After knowing which file formats are available, it should first be checked to what extent the older file formats can be converted into the current XML-based file formats of Office.
  • 60. Q & A – What questions do you have?
  • 61. Contact us for more information INFO PAGE https://aktionen.teal-consulting.de/ enforce-suite/ CONTACT US E-Mail: info@teal-consulting.de Phone: 0211/93675225