Stronghold to Strengthen: Advanced Windows Server Hardening
•Descargar como PPTX, PDF•
0 recomendaciones•635 vistas
More info on http://www.techdays.be
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (18)
Destacado
Destacado (20)
Similar a Stronghold to Strengthen: Advanced Windows Server Hardening
Similar a Stronghold to Strengthen: Advanced Windows Server Hardening (20)
Más de Microsoft TechNet - Belgium and Luxembourg
Más de Microsoft TechNet - Belgium and Luxembourg (20)
Último
Último (20)
Stronghold to Strengthen: Advanced Windows Server Hardening
- 3. Planning, Deploying and Managing Microsoft Forefront Threat Management Gateway 2010 Available for online purchase: http://www.mvp-press.com Follow us on: http://facebook.com/MVPpress http://twitter.com/MVPpress
- 4. Intruduction Summary 1 2 3 Hardening Techiques
- 5. Introduction Managed Service Accounts IPSec Implementation Group Policy Failures Offline Access Technology Replacement Security Configuration Wizard BackupRead/BackupWrite File Classification Infrastructure Debugging External Treatment Summary
- 9. Introduction Managed Service Accounts IPSec Implementation Group Policy Failures Offline Access Technology Replacement Security Configuration Wizard BackupRead/BackupWrite File Classification Infrastructure Debugging External Treatment Summary
- 10. Demo
- 11. Introduction Managed Service Accounts IPSec Implementation Group Policy Failures Offline Access Technology Replacement Security Configuration Wizard BackupRead/BackupWrite File Classification Infrastructure Debugging External Treatment Summary
- 12. Demo
- 13. Introduction Managed Service Accounts IPSec Implementation Group Policy Failures Offline Access Technology Replacement Security Configuration Wizard BackupRead/BackupWrite File Classification Infrastructure Debugging External Treatment Summary
- 15. Demo
- 17. Demo
- 18. Introduction Managed Service Accounts IPSec Implementation Group Policy Failures Offline Access Technology Replacement Security Configuration Wizard BackupRead/BackupWrite File Classification Infrastructure Debugging External Treatment Summary
- 21. Demo
- 22. Introduction Managed Service Accounts IPSec Implementation Group Policy Failures and Updates Offline Access Technology Replacement Security Configuration Wizard BackupRead/BackupWrite File Classification Infrastructure Debugging External Treatment Summary
- 23. Demo
- 24. Introduction Managed Service Accounts IPSec Implementation Group Policy Failures Offline Access Technology Replacement Security Configuration Wizard BackupRead/BackupWrite File Classification Infrastructure Debugging External Treatment Summary
- 25. Introduction Managed Service Accounts IPSec Implementation Group Policy Failures Offline Access Technology Replacement Security Configuration Wizard BackupRead/BackupWrite File Classification Infrastructure Debugging External Treatment Summary
- 27. Demo
- 28. Introduction Managed Service Accounts IPSec Implementation Group Policy Failures Offline Access Technology Replacement Security Configuration Wizard BackupRead/BackupWrite File Classification Infrastructure Debugging External Treatment Summary
- 30. Introduction Managed Service Accounts IPSec Implementation Group Policy Failures Offline Access Technology Replacement Security Configuration Wizard BackupRead/BackupWrite File Classification Infrastructure Debugging External Treatment Summary
- 32. Demo
- 33. Introduction Managed Service Accounts IPSec Implementation Group Policy Failures Offline Access Technology Replacement Security Configuration Wizard BackupRead/BackupWrite File Classification Infrastructure Debugging External Treatment Summary
- 34. Demo
- 35. Introduction Managed Service Accounts IPSec Implementation Group Policy Failures Offline Access Technology Replacement Security Configuration Wizard BackupRead/BackupWrite File Classification Infrastructure Debugging External Treatment Summary
- 38. paula@cqure.pl
- 45. Size 40pt for the main topics Size 40pt for the main topics
- 46. Text goes here Text goes here
- 47. Text goes here Text goes here Text goes here
- 49. Simple, clean, & impactful text here.
Notas del editor
- mbsa
- Dzięki hakerom developerzy starają się bardziej. Używam dwóch pojec, które są zbliżone, but zależy mi żeby umieli rozróżniać, bo im to pomoże. Habits są w głowie techniques są w palcach. Habit: hasło dłuższe niż. Technique: accountenumeration.TCP/IP zaprijektowane, kiedy komputerów na świecie było kilkanaście – a potem przyszli goście, którzy powiedzieli: a co będzie kiedy podmienię numery sekwencyjne pakietów. Balancebetweenusage and Security comfort. It isbuild in the humannature. Teardrop (changes to the sequentialnumber). 2Hackers have been assigned a fundamental role in software development. Morality and being against the law are not effective deterrents. Many systems are built with immature and insecure technology making them susceptible to a wide range of attacks.NT Security.nu
- SIR
- mbsa
- mbsa
- mbsa
- Useful not only for bad admins
- What was changed in a file? When vulnerability is unknown and the details (after the patch is released) are unclear it is worth checking what was changed in the operating system by looking into the patch.Najpóźniej patchowanesaklastry.OBAMAwusa <update> /extact:C:\\MSU
- mbsa
- Hakerzy uzywają dlatego, że nie mają żadnego dostępu do systemu. Administratorzy zapomnieli o tej możliwości.Nie dajcie się zwiesć temu, że jak macie prawa admina to macie wszystko – uczmy się dobrych rzeczy od tych, którzy jego nie mają. Istnieja sytuacje, w których system sie tak broni, że nawet admin nie ma dostępu – bluescreen jak wstaje system.Openfiles: pagefile.sysWatchdogs:Csrss.exe (whenyoukillyoureceivethebluescreen)Picturesource: junius.blogspot.com
- For more information please see the demo.
- SERVICES!
- mbsa
- mbsa
- mbsa
- PowershellBackReadWriteBarta DLL
- mbsa
- mbsa
- Administrators do not need to know what is inside their programs. Blue screen always causes the big grin on Administrators’ faces, but in fact only couple of them know what is the blue screen and what is the reason it appeared. With Windows Debugger it is possible to analyze the real reason of such operating system behavior. 1. coś się stało, wiemy co. 2. coś się stało - zauwazyliśmy to w naszym systemie monitorowaniaDwa typy crashdumpów:
- 16:00Time: 10 minutes3. Alt+7 offset: Poi(@$peb+0x8)+36FA4. ==>MOV BYTE PTR [EAX], 8Ah. 5. eb poi(@$peb+8)+36FA C6 00 8A Summary: Demo is about the possibility of the „blue screen” debugging, just to know that „blue screen” can be valuable information what is actually going wrong in the operating system. Windows Debugger and Process Explorer are being used. In Process Explorer there will be shown example how to use symbols and why they are useful.Action: In Windows Debugger there will be shown 2 or 3 crash dumps related to the „blue screens”, analyze the reason of such O.S. behavior. Then in PE I will connect the debugger library.Ifyou want to „cause” bluescreenkillthecsrss.exeprocess. Bluescreen will appear Minidump file (*.DMP) will appearin C:\\Windows\\Minidump\\.In the PE replacethedebugginglibrarywiththelibrarydbghelpfromthe Windows Debugger folder. Enter alsothepath for theSymbols, for example: srv*c:\\mysymbols*http://msdl.microsoft.com/download/symbolsTo checkifsymbolsin PE are OK., opencmd and type: dir /s. Go to Processin PE Properties\\Threads\\, openStack and checkifthereisWalkTree action inthethread.
- mbsa
- mbsa
- Thebestmandatorysourse of knowlegeis Microsoft Securitybuiletin. Trulyitis! Microsoft Security team doesitsjobperfectly – theyreleasehotfixesveryquickly, they CARE and supportusersin security issues.
- If we could learn from the hackers we were faster then some of them – start today preparing yourself for the greater maturity of your network, be aware of the threats, do the demos !Do youthinkthathackersarebetterthenyou? I don’tthink so!
- GPDisable – by Russinovich – nowunavailable – to bypass software restrictionpolicies.Znikają narzędzia. Montowanie toolkita. Guideline – excludeitfromthe list anty-virus. Zbierając powinni zachować ostrożność i zbierac i używać tylko te do których sa 100% pewni co robią.In every hacker's tool bag are a variety of free system probing and fingerprinting tools, the purpose of which is to identify specifics about your hardware and software configurations. Some of these tools will undoubtedly check for open ports on routers and firewalls and identify what system services are available for exploitation. To get an idea of what a hacker would see, download and run some of these tools against your own network. Be sure to let your staff know when these tools are being run, in case there are performance issues when certain scans are launched, and always test them against a few non-critical machines first.