SlideShare a Scribd company logo

ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security Audit

Download as PPTX, PDF
R
Robert Conti Jr.

This document summarizes the results of a security audit conducted by Martinez Technology Consulting for COVERT Security Systems. The audit included assessing physical security, wireless networks, servers, workstations, and policies. Wireless networks were found to use outdated and insecure encryption methods. Servers had weak password policies and lacked patching. The network used an unsegmented flat design without central management. Several recommendations were provided to address issues, including implementing Active Directory, wireless encryption upgrades, firewalls, logging, backup solutions, and physical access controls. The findings highlighted the need for COVERT to continually evolve their security practices.

1 of 48
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Martinez Technology Consulting Security Audit COVERT Security Systems
Who Are We? • IT Security Audit Firm • Since June 2011 • Corporate Headquarters located in Milwaukee, WI • Privately held and operated • Specializing in logical and physical security audits
Mission Statement Our mission is simple: We want to make your company’s security an enhancement, not a hindrance. Unlike other IT firms, COVERT will only recommend solutions that are appropriate for the specific client while keeping business operations in mind. We work with our clients to provide the best possible support, training, documentation, policies and plans to ensure the utmost security.
Security Audit Department Staff Lane Salmon Joseph Finn Robert Conti Ryan Urban Jason Leitner Matthew Wiza Ronald Cox Project Lead Project Manager Security Staff
Security Industry As A Whole 2011 Cloud Security
Largest Threats Graph from Infoweek.com article (see Sited Sources)
Scope Security Audit Primary • Audit security functions already in place • Physical and virtual audit including penetration testing • Of both MTC as well as the housing Church (Cedar Hills Church) The Three - P’s Review Secondary • Review already in place: • Policies, Processes and Procedures Recommendations and Reports Final • Create final analysis reports • Create updated polies, processes and procedures
RFP (Request)
RFP (Response)
Our Process Data Gathering •Interviewed MCT Staff •Internet and public record searches Verification •Verified data collected Security Audit •Physical, Logical and Social Policy Review and Creation Information Consolidation and Review • Review policies currently in place, expand upon or create
Data Gathering Physical Mapping Interview Server/Workstation Audit
Physical Floor Plan
Current Network Diagram
Interview – Key Findings Joe Cindy • CEO of MTC • Specialize in SAP cloud services and training • Recently terminated an employee • Does not regularly check logs of any kind • No Disaster Recovery Plan in place • Time Warner is the ISP • Rents a firewall from them • Company web pages are not hosted locally • Remote access via RDP using open ports and basic Windows authentication
Social Engineering Exploit Create Story A and B Created Credentials Verified Info Took Known Info
Verification Cross Reference Interview Questions Web search
Security Audit Network Audit Wireless Audit Software and Hardware Audit
• 802.11G • WEP Pinks • 802.11N • WPA2 Kitty • 802.11N • WPA2 PK Fire • 802.11G • WPA2 2Wire243 • 802.11G • WPA2 2Wire160 • 802.11G • Open Bad Rocket • 802.11G • WEP FinalApproach • 802.11N • WPA2 Pegassus3 • 801.11G • WEP The430 • 802.11N • WPA2 2Wire157 • 802.11G • WPA Belkin.5284 • 802.11G • WPA2 Pegasus2 Wireless Audit 13% 59% 13% 15% Wireless Encryption Types Within 1 Block WEP WPA2 Open WPA 52 Access Points Total
Wireless Audit
Wireless Audit Tools Backtrack 5 Airodump -ng Airplay -ng Airmon -ng Wireless Adapter (monitor) ScreenRec
Scanning and Enumeration MTC Network IP Schema Ping Sweeps Fingerprinting (Limited) Cedar Hills Network IP Schema Ping Sweeps Fingerprinting Port Scanning Enumeration
Tools Used for Scanning Process • NMAP • Hping • Tracert • Dsniff • DFI LANguard
Fingerprint of Server CCI-SAP14 • Server DataWin AuditCCI-SAP14CCI- SAP14.html • A few security flaws that were found. Item Name Setting Screen Saver Enabled Yes Screen Saver Timeout 9999 Minutes Screen Saver Password Protected No All Accounts Minimum Password Length 0 Characters All Accounts Maximum Password Age Forever All Accounts Historical Passwords 0 remembered All Accounts Lockout Threshold 0 Attempts Automatic Updates Update Status Disabled Automatic Updates Update Schedule Every day Internet Explorer Download Files Allow
Fingerprint of Server CCI-SAP17B • Server DataWin AuditCCI-SAP17BCCI- SAP17B.html Item Name Setting Screen Saver Enabled Yes Screen Saver Timeout 10 Minutes Screen Saver Password Protected Yes All Accounts Minimum Password Length 0 Characters All Accounts Maximum Password Age 42 Days All Accounts Historical Passwords 0 remembered All Accounts Lockout Threshold 0 Attempts Automatic Updates Update Status Notify before installation Automatic Updates Update Schedule Every day Internet Explorer Download Files Not allowed
Fingerprint of Server ECC6C2 • Server DataWin AuditECC6C2ECC6C2.html Item Name Setting AutoLogon Enabled No Screen Saver Enabled Yes Screen Saver Timeout 0 Seconds Screen Saver Password Protected No All Accounts Force Network Logoff Never All Accounts All Accounts All Accounts All Accounts Automatic Updates Automatic Updates Internet Explorer Internet Explorer Internet Explorer Internet Explorer Internet Explorer Internet Explorer Minimum Password Length 0 Characters Maximum Password Age Forever Historical Passwords 0 remembered Lockout Threshold 0 Attempts Update Status Disabled Update Schedule Every day Run Script Allow Run ActiveX Allow Run Java Allow Download Files Allow Install Desktop Items Prompt user Launch Applications Prompt user
Fingerprint of Server SVCTAG-2KXKWC1 • Server DataWin AuditSVCTAG- 2KXKWC1SVCTAG-2KXKWC1.html Item Name Setting Screen Saver Enabled Yes Screen Saver Timeout 10 Minutes Screen Saver Password Protected Yes All Accounts Minimum Password Length 0 Characters All Accounts Maximum Password Age 42 Days All Accounts Historical Passwords 0 remembered All Accounts Lockout Threshold 0 Attempts Automatic Updates Update Status NotConfigured Automatic Updates Update Schedule Every day Internet Explorer Download Files Allow
Fingerprint of Server SVCTAG-5KXKWC1 • Server DataWin AuditSVCTAG- 5KXKWC1SVCTAG-5KXKWC1.html Item Name Setting Screen Saver Enabled Yes Screen Saver Timeout 10 Minutes Screen Saver Password Protected Yes All Accounts Minimum Password Length 0 Characters All Accounts Maximum Password Age 42 Days All Accounts Historical Passwords 0 remembered All Accounts Lockout Threshold 0 Attempts Automatic Updates Update Status NotConfigured Automatic Updates Update Schedule Every day Internet Explorer Download Files Allow
Fingerprint of Server SVCTAG-CJXKWC1 • Server DataWin AuditSVCTAG- CJXKWC1SVCTAG-CJXKWC1.html Item Name Setting Screen Saver Enabled Yes Screen Saver Timeout 10 Minutes Screen Saver Password Protected Yes All Accounts Minimum Password Length 0 Characters All Accounts Maximum Password Age 42 Days All Accounts Historical Passwords 0 remembered All Accounts Lockout Threshold 0 Attempts Automatic Updates Update Status Scheduled installation Automatic Updates Update Schedule Every day Internet Explorer Download Files Allow
Win Audit • WinAudit is a software program that audits Windows based personal computers. Just about every aspect of computer inventory is examined. The report is displayed as a web page, which can be saved in a number of standard formats. You can e-mail it to your technical support or even post the audit to a database for archiving. When used in conjunction with its command line functionality, you can automate inventory administration at the network level. http://www.pxserver.com/WinAudit.htm
System Information for Windows (SIW) • SIW is an advanced System Information for Windows tool that analyzes your computer and gathers detailed information about system properties and settings and displays it in an extremely comprehensible manner. http://www.gtopala.com/
SIW Continued • The System Information is divided into few major categories: • Software Information: Operating System, Software Licenses (Product Keys / Serial Numbers / CD Key), Installed Software and Hot fixes, Processes, Services, Users, Open Files, System Uptime, Installed Codec's, Passwords Recovery, Server Configuration. • Hardware Information: Motherboard, CPU, Sensors, BIOS, chipset, PCI/AGP, USB and ISA/PnP Devices, Memory, Video Card, Monitor, Disk Drives, CD/DVD Devices, SCSI Devices, S.M.A.R.T., Ports, Printers. • Network Information: Network Cards, Network Shares, currently active Network Connections, Open Ports. • Network Tools: MAC Address Changer, Neighborhood Scan, Ping, Trace, Statistics, Broadband Speed Test • Miscellaneous Tools: Eureka! (Reveal lost passwords hidden behind asterisks), Monitor Test, Shutdown / Restart. • Real-time monitors: CPU, Memory, Page File usage and Network Traffic.
Microsoft Baseline Security Analyzer • Microsoft Baseline Security Analyzer (MBSA) is an easy- to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. http://technet.microsoft.com/en-us/security/cc184924
SIW Audit of Server CCISAPECC6C2 • Server DataSIWECC6siwReport.html SIW Audit of Server CCI-SAP14 • Server DataSIWSIW_FREEWARE_CCI- SAP14_20110718_192250.html SIW Audit of Server CCI-SAP17B • Server DataSIWSIW_FREEWARE_CCI- SAP17B_20110718_194229.html Analyzer Audit of Server CCISAPECC6C2 • Server DataAnalyzerECC6.xps Analyzer Audit of Server WORKGROUPSVCTAG-2KXKWC1 • Server DataAnalyzerubuntu.mht
SIW Audit of Server CCISAPECC6C2 • Server DataSIWSIW_FREEWARE_ECC6C2_20110718_192841.html SIW Audit of Server WORKGROUPSVCTAG-5KXKWC1 • Server DataSIWSIW_FREEWARE_SVCTAG- 5KXKWC1_20110718_192726.html SIW Audit of Server WORKGROUPSVCTAG-CJXKWC1 • Server DataSIWSIW_FREEWARE_SVCTAG- CJXKWC1_20110718_184840.html Analyzer Audit of Server WORKGROUPSVCTAG-CJXKWC1 • Server DataAnalyzerC4.xps Analyzer Audit of Server WORKGROUPSVCTAG-5KXKWC1 • Server DataAnalyzerc3ecc6.mht
Physical Site Security Fire Suppressions Power Issues Access Control Door & Window Reinforcement Site Monitoring
Policy Review and Creation Review Current Polices & Procedures Update Existing Create New
Acceptable Use Policy Define Responsibility System And Network Activates Communications Remote Connection Proprietary Information Enforcement
Business Continuity Plan 1. Know the Business 2. Assess the Risks 3. Formulate the Plan 4. Implement 5. Test
Disaster Recovery Policy Current Policy Current Threats Acceptable Risk Assessment Update
Information Consolidation and Review Audit Overview Recommendations Suggested Network Diagram
Audit Findings Summery Wireless • Cedar Hills WEP -> WPA2 • Cedar Hills wireless and LAN same network Network • Flat Network • Lack of central management (AD) • Lack of enforced network security policy • Windows Updates Physical • Social Engineering successful • Power Issues • High Availability and Redundancy • Cooling • Fire Suppression • Battery backup • Backup process • Security Camera
Recommendations Specifics • Implement AD system • This will allow constant server hardening and polies to be pushed to all machines • IDS • Logging • Wireless change to WPA2 • Change password to complex on all networking devices • Including church router and printer • Backup system • High Availability • Switches, routers, ISP, Important servers • Redundancy • Switches, routers, ISP, UPS, Cooling • Possibly Hot or Cold site • Inventory Control
Recommendations Specifics (Continued) • Physical Security • Camera and access controls • Must include logging capabilities • Reinforced doors and walls • Glass into server room - remove • Fire suppression • Seal Server room for better cooling • Power issues • Extension cord • Encryption on Laptops • More Secure method of Remote Access
Final suggested network diagram
Cost Analysis
Continually Evolving By Incident
Questions? Thank You For Your Time
References

More Related Content

PDF
Ch 6: Attacking Authentication
Sam Bowne
 
PDF
Defcon 22-tim-mcguffin-one-man-shop
Priyanka Aash
 
PPTX
Oracle database threats - LAOUC Webinar
Osama Mustafa
 
PDF
Security events in 2014
Chong-Kuan Chen
 
PDF
Malware collection and analysis
Chong-Kuan Chen
 
PPTX
5 Under-utilized PCI Requirements and how you can leverage them
Praveen Vackayil
 
PDF
Zeronights 2015 - Big problems with big data - Hadoop interfaces security
Jakub Kałużny
 
PDF
Defcon 22-gregory-pickett-abusing-software-defined-networks
Priyanka Aash
 
Ch 6: Attacking Authentication
Sam Bowne
 
Defcon 22-tim-mcguffin-one-man-shop
Priyanka Aash
 
Oracle database threats - LAOUC Webinar
Osama Mustafa
 
Security events in 2014
Chong-Kuan Chen
 
Malware collection and analysis
Chong-Kuan Chen
 
5 Under-utilized PCI Requirements and how you can leverage them
Praveen Vackayil
 
Zeronights 2015 - Big problems with big data - Hadoop interfaces security
Jakub Kałużny
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Priyanka Aash
 

What's hot (20)

PDF
Windows Service Hardening
Digital Bond
 
PDF
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
Sam Bowne
 
PPTX
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Jakub Kałużny
 
PPTX
Lateral Movement - Phreaknik 2016
Xavier Ashe
 
PDF
CIS Controls - Windows Built-In and Open Source Tools to The Rescue
Bashar Shamma
 
PDF
Lateral Movement: How attackers quietly traverse your Network
EC-Council
 
PPTX
BSides London 2015 - Proprietary network protocols - risky business on the wire.
Jakub Kałużny
 
PDF
3. Security Engineering
Sam Bowne
 
PDF
Addios!
Chong-Kuan Chen
 
PDF
CNIT 152: 10 Enterprise Services
Sam Bowne
 
PDF
2012 S&P Paper Reading Session1
Chong-Kuan Chen
 
PDF
Attacker's Perspective of Active Directory
Sunny Neo
 
PDF
Defcon 22-david-wyde-client-side-http-cookie-security
Priyanka Aash
 
PDF
H@dfex 2015 malware analysis
Charles Lim
 
PDF
Android Application Security
Chong-Kuan Chen
 
PDF
WTF is Penetration Testing
NetSPI
 
PDF
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beau Bullock
 
PPTX
Havex Deep Dive (English)
Digital Bond
 
PPTX
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
Jason Trost
 
PPTX
Novetta Cyber Analytics
Novetta
 
Windows Service Hardening
Digital Bond
 
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
Sam Bowne
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Jakub Kałużny
 
Lateral Movement - Phreaknik 2016
Xavier Ashe
 
CIS Controls - Windows Built-In and Open Source Tools to The Rescue
Bashar Shamma
 
Lateral Movement: How attackers quietly traverse your Network
EC-Council
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
Jakub Kałużny
 
3. Security Engineering
Sam Bowne
 
Addios!
Chong-Kuan Chen
 
CNIT 152: 10 Enterprise Services
Sam Bowne
 
2012 S&P Paper Reading Session1
Chong-Kuan Chen
 
Attacker's Perspective of Active Directory
Sunny Neo
 
Defcon 22-david-wyde-client-side-http-cookie-security
Priyanka Aash
 
H@dfex 2015 malware analysis
Charles Lim
 
Android Application Security
Chong-Kuan Chen
 
WTF is Penetration Testing
NetSPI
 
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show Tru...
Beau Bullock
 
Havex Deep Dive (English)
Digital Bond
 
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
Jason Trost
 
Novetta Cyber Analytics
Novetta
 
Ad

Viewers also liked (20)

PPTX
Facebook for Churches
crossoveraustralia
 
PPTX
Social media for churches
Wendy Bailey
 
PPT
Nccym tech pre con slideshare
chrisweber
 
PPTX
Importance of Church Web Strategy
Stephen Morrissey
 
PPTX
Social success - the keys to engaging people on Twitter and Facebook 28 April...
Bryony Taylor
 
PPTX
The Web is Your Church's New Front Door
churchjuice
 
PPTX
Instagram
susannaferrara
 
PDF
Security Trends for Churches
Vulcan Security Systems
 
PDF
Facebook for churches five top tips
Interactive Church
 
PPTX
Cafe Alive at Grange URC
Interactive Church
 
PPTX
10 conseils pour optimiser sa transfo
Olivier Sauvage
 
PPTX
Shepherding Your Team
Darryl Matthews
 
PPT
Dc08 Joe Suh
guesta35f31
 
PDF
10 Essential Twitter Stats
HubSpot
 
PPTX
Technology In Ministry 2016
Darryl Matthews
 
PDF
2014 church-and-social-media-issachar-conference
Jason Kyle Scott
 
PDF
Casting Our Nets Into Digital Waters
Caroline Cerveny
 
PPTX
The state of twitter 2016
Philip Oakley
 
PPT
The Impact of the Internet on the Church - PowerPoint
John Brooks
 
PDF
Social Media for Churches
Corinne Weisgerber
 
Facebook for Churches
crossoveraustralia
 
Social media for churches
Wendy Bailey
 
Nccym tech pre con slideshare
chrisweber
 
Importance of Church Web Strategy
Stephen Morrissey
 
Social success - the keys to engaging people on Twitter and Facebook 28 April...
Bryony Taylor
 
The Web is Your Church's New Front Door
churchjuice
 
Instagram
susannaferrara
 
Security Trends for Churches
Vulcan Security Systems
 
Facebook for churches five top tips
Interactive Church
 
Cafe Alive at Grange URC
Interactive Church
 
10 conseils pour optimiser sa transfo
Olivier Sauvage
 
Shepherding Your Team
Darryl Matthews
 
Dc08 Joe Suh
guesta35f31
 
10 Essential Twitter Stats
HubSpot
 
Technology In Ministry 2016
Darryl Matthews
 
2014 church-and-social-media-issachar-conference
Jason Kyle Scott
 
Casting Our Nets Into Digital Waters
Caroline Cerveny
 
The state of twitter 2016
Philip Oakley
 
The Impact of the Internet on the Church - PowerPoint
John Brooks
 
Social Media for Churches
Corinne Weisgerber
 
Ad

Similar to ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security Audit (20)

PPTX
Securitytools
Richmond Adebiaye
 
PDF
Ch 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
PDF
CNIT 123 Ch 8: OS Vulnerabilities
Sam Bowne
 
PDF
CNIT 123: 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
PDF
CNIT 123 8: Desktop and Server OS Vulnerabilities
Sam Bowne
 
PPT
Microsoft Operating System Vulnerabilities
Information Technology
 
PPT
Microsoft OS Vulnerabilities
SecurityTube.Net
 
PPT
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
PPTX
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Eric Vanderburg
 
PPT
Free tools for win server administration
Concentrated Technology
 
PPT
Top Five Internal Security Vulnerabilities
Peter Wood
 
PPTX
Dncybersecurity
Anne Starr
 
PDF
5 howtomitigate
richarddxd
 
PPTX
Delivering Security with GFI MAX - Mark Petrie
MAXfocus
 
PDF
SIEM evolution
Stijn Vande Casteele
 
PPTX
Prevent Getting Hacked by Using a Network Vulnerability Scanner
GFI Software
 
PDF
The Security Of Information Security
Rachel Phillips
 
PDF
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
Chris Gates
 
PPTX
Cryptography and system security
Gary Mendonca
 
PPTX
Network Monitoring Basics
Rob Dunn
 
Securitytools
Richmond Adebiaye
 
Ch 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
CNIT 123 Ch 8: OS Vulnerabilities
Sam Bowne
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
Sam Bowne
 
CNIT 123 8: Desktop and Server OS Vulnerabilities
Sam Bowne
 
Microsoft Operating System Vulnerabilities
Information Technology
 
Microsoft OS Vulnerabilities
SecurityTube.Net
 
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Eric Vanderburg
 
Free tools for win server administration
Concentrated Technology
 
Top Five Internal Security Vulnerabilities
Peter Wood
 
Dncybersecurity
Anne Starr
 
5 howtomitigate
richarddxd
 
Delivering Security with GFI MAX - Mark Petrie
MAXfocus
 
SIEM evolution
Stijn Vande Casteele
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
GFI Software
 
The Security Of Information Security
Rachel Phillips
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
Chris Gates
 
Cryptography and system security
Gary Mendonca
 
Network Monitoring Basics
Rob Dunn
 

ISS Capstone - Martinez Technology Consulting and Cedar Hills Church Security Audit

  • 1. Martinez Technology Consulting Security Audit COVERT Security Systems
  • 2. Who Are We? • IT Security Audit Firm • Since June 2011 • Corporate Headquarters located in Milwaukee, WI • Privately held and operated • Specializing in logical and physical security audits
  • 3. Mission Statement Our mission is simple: We want to make your company’s security an enhancement, not a hindrance. Unlike other IT firms, COVERT will only recommend solutions that are appropriate for the specific client while keeping business operations in mind. We work with our clients to provide the best possible support, training, documentation, policies and plans to ensure the utmost security.
  • 4. Security Audit Department Staff Lane Salmon Joseph Finn Robert Conti Ryan Urban Jason Leitner Matthew Wiza Ronald Cox Project Lead Project Manager Security Staff
  • 5. Security Industry As A Whole 2011 Cloud Security
  • 6. Largest Threats Graph from Infoweek.com article (see Sited Sources)
  • 7. Scope Security Audit Primary • Audit security functions already in place • Physical and virtual audit including penetration testing • Of both MTC as well as the housing Church (Cedar Hills Church) The Three - P’s Review Secondary • Review already in place: • Policies, Processes and Procedures Recommendations and Reports Final • Create final analysis reports • Create updated polies, processes and procedures
  • 10. Our Process Data Gathering •Interviewed MCT Staff •Internet and public record searches Verification •Verified data collected Security Audit •Physical, Logical and Social Policy Review and Creation Information Consolidation and Review • Review policies currently in place, expand upon or create
  • 11. Data Gathering Physical Mapping Interview Server/Workstation Audit
  • 14. Interview – Key Findings Joe Cindy • CEO of MTC • Specialize in SAP cloud services and training • Recently terminated an employee • Does not regularly check logs of any kind • No Disaster Recovery Plan in place • Time Warner is the ISP • Rents a firewall from them • Company web pages are not hosted locally • Remote access via RDP using open ports and basic Windows authentication
  • 15. Social Engineering Exploit Create Story A and B Created Credentials Verified Info Took Known Info
  • 17. Security Audit Network Audit Wireless Audit Software and Hardware Audit
  • 18. • 802.11G • WEP Pinks • 802.11N • WPA2 Kitty • 802.11N • WPA2 PK Fire • 802.11G • WPA2 2Wire243 • 802.11G • WPA2 2Wire160 • 802.11G • Open Bad Rocket • 802.11G • WEP FinalApproach • 802.11N • WPA2 Pegassus3 • 801.11G • WEP The430 • 802.11N • WPA2 2Wire157 • 802.11G • WPA Belkin.5284 • 802.11G • WPA2 Pegasus2 Wireless Audit 13% 59% 13% 15% Wireless Encryption Types Within 1 Block WEP WPA2 Open WPA 52 Access Points Total
  • 20. Wireless Audit Tools Backtrack 5 Airodump -ng Airplay -ng Airmon -ng Wireless Adapter (monitor) ScreenRec
  • 21. Scanning and Enumeration MTC Network IP Schema Ping Sweeps Fingerprinting (Limited) Cedar Hills Network IP Schema Ping Sweeps Fingerprinting Port Scanning Enumeration
  • 22. Tools Used for Scanning Process • NMAP • Hping • Tracert • Dsniff • DFI LANguard
  • 23. Fingerprint of Server CCI-SAP14 • Server DataWin AuditCCI-SAP14CCI- SAP14.html • A few security flaws that were found. Item Name Setting Screen Saver Enabled Yes Screen Saver Timeout 9999 Minutes Screen Saver Password Protected No All Accounts Minimum Password Length 0 Characters All Accounts Maximum Password Age Forever All Accounts Historical Passwords 0 remembered All Accounts Lockout Threshold 0 Attempts Automatic Updates Update Status Disabled Automatic Updates Update Schedule Every day Internet Explorer Download Files Allow
  • 24. Fingerprint of Server CCI-SAP17B • Server DataWin AuditCCI-SAP17BCCI- SAP17B.html Item Name Setting Screen Saver Enabled Yes Screen Saver Timeout 10 Minutes Screen Saver Password Protected Yes All Accounts Minimum Password Length 0 Characters All Accounts Maximum Password Age 42 Days All Accounts Historical Passwords 0 remembered All Accounts Lockout Threshold 0 Attempts Automatic Updates Update Status Notify before installation Automatic Updates Update Schedule Every day Internet Explorer Download Files Not allowed
  • 25. Fingerprint of Server ECC6C2 • Server DataWin AuditECC6C2ECC6C2.html Item Name Setting AutoLogon Enabled No Screen Saver Enabled Yes Screen Saver Timeout 0 Seconds Screen Saver Password Protected No All Accounts Force Network Logoff Never All Accounts All Accounts All Accounts All Accounts Automatic Updates Automatic Updates Internet Explorer Internet Explorer Internet Explorer Internet Explorer Internet Explorer Internet Explorer Minimum Password Length 0 Characters Maximum Password Age Forever Historical Passwords 0 remembered Lockout Threshold 0 Attempts Update Status Disabled Update Schedule Every day Run Script Allow Run ActiveX Allow Run Java Allow Download Files Allow Install Desktop Items Prompt user Launch Applications Prompt user
  • 26. Fingerprint of Server SVCTAG-2KXKWC1 • Server DataWin AuditSVCTAG- 2KXKWC1SVCTAG-2KXKWC1.html Item Name Setting Screen Saver Enabled Yes Screen Saver Timeout 10 Minutes Screen Saver Password Protected Yes All Accounts Minimum Password Length 0 Characters All Accounts Maximum Password Age 42 Days All Accounts Historical Passwords 0 remembered All Accounts Lockout Threshold 0 Attempts Automatic Updates Update Status NotConfigured Automatic Updates Update Schedule Every day Internet Explorer Download Files Allow
  • 27. Fingerprint of Server SVCTAG-5KXKWC1 • Server DataWin AuditSVCTAG- 5KXKWC1SVCTAG-5KXKWC1.html Item Name Setting Screen Saver Enabled Yes Screen Saver Timeout 10 Minutes Screen Saver Password Protected Yes All Accounts Minimum Password Length 0 Characters All Accounts Maximum Password Age 42 Days All Accounts Historical Passwords 0 remembered All Accounts Lockout Threshold 0 Attempts Automatic Updates Update Status NotConfigured Automatic Updates Update Schedule Every day Internet Explorer Download Files Allow
  • 28. Fingerprint of Server SVCTAG-CJXKWC1 • Server DataWin AuditSVCTAG- CJXKWC1SVCTAG-CJXKWC1.html Item Name Setting Screen Saver Enabled Yes Screen Saver Timeout 10 Minutes Screen Saver Password Protected Yes All Accounts Minimum Password Length 0 Characters All Accounts Maximum Password Age 42 Days All Accounts Historical Passwords 0 remembered All Accounts Lockout Threshold 0 Attempts Automatic Updates Update Status Scheduled installation Automatic Updates Update Schedule Every day Internet Explorer Download Files Allow
  • 29. Win Audit • WinAudit is a software program that audits Windows based personal computers. Just about every aspect of computer inventory is examined. The report is displayed as a web page, which can be saved in a number of standard formats. You can e-mail it to your technical support or even post the audit to a database for archiving. When used in conjunction with its command line functionality, you can automate inventory administration at the network level. http://www.pxserver.com/WinAudit.htm
  • 30. System Information for Windows (SIW) • SIW is an advanced System Information for Windows tool that analyzes your computer and gathers detailed information about system properties and settings and displays it in an extremely comprehensible manner. http://www.gtopala.com/
  • 31. SIW Continued • The System Information is divided into few major categories: • Software Information: Operating System, Software Licenses (Product Keys / Serial Numbers / CD Key), Installed Software and Hot fixes, Processes, Services, Users, Open Files, System Uptime, Installed Codec's, Passwords Recovery, Server Configuration. • Hardware Information: Motherboard, CPU, Sensors, BIOS, chipset, PCI/AGP, USB and ISA/PnP Devices, Memory, Video Card, Monitor, Disk Drives, CD/DVD Devices, SCSI Devices, S.M.A.R.T., Ports, Printers. • Network Information: Network Cards, Network Shares, currently active Network Connections, Open Ports. • Network Tools: MAC Address Changer, Neighborhood Scan, Ping, Trace, Statistics, Broadband Speed Test • Miscellaneous Tools: Eureka! (Reveal lost passwords hidden behind asterisks), Monitor Test, Shutdown / Restart. • Real-time monitors: CPU, Memory, Page File usage and Network Traffic.
  • 32. Microsoft Baseline Security Analyzer • Microsoft Baseline Security Analyzer (MBSA) is an easy- to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. http://technet.microsoft.com/en-us/security/cc184924
  • 33. SIW Audit of Server CCISAPECC6C2 • Server DataSIWECC6siwReport.html SIW Audit of Server CCI-SAP14 • Server DataSIWSIW_FREEWARE_CCI- SAP14_20110718_192250.html SIW Audit of Server CCI-SAP17B • Server DataSIWSIW_FREEWARE_CCI- SAP17B_20110718_194229.html Analyzer Audit of Server CCISAPECC6C2 • Server DataAnalyzerECC6.xps Analyzer Audit of Server WORKGROUPSVCTAG-2KXKWC1 • Server DataAnalyzerubuntu.mht
  • 34. SIW Audit of Server CCISAPECC6C2 • Server DataSIWSIW_FREEWARE_ECC6C2_20110718_192841.html SIW Audit of Server WORKGROUPSVCTAG-5KXKWC1 • Server DataSIWSIW_FREEWARE_SVCTAG- 5KXKWC1_20110718_192726.html SIW Audit of Server WORKGROUPSVCTAG-CJXKWC1 • Server DataSIWSIW_FREEWARE_SVCTAG- CJXKWC1_20110718_184840.html Analyzer Audit of Server WORKGROUPSVCTAG-CJXKWC1 • Server DataAnalyzerC4.xps Analyzer Audit of Server WORKGROUPSVCTAG-5KXKWC1 • Server DataAnalyzerc3ecc6.mht
  • 35. Physical Site Security Fire Suppressions Power Issues Access Control Door & Window Reinforcement Site Monitoring
  • 36. Policy Review and Creation Review Current Polices & Procedures Update Existing Create New
  • 37. Acceptable Use Policy Define Responsibility System And Network Activates Communications Remote Connection Proprietary Information Enforcement
  • 38. Business Continuity Plan 1. Know the Business 2. Assess the Risks 3. Formulate the Plan 4. Implement 5. Test
  • 39. Disaster Recovery Policy Current Policy Current Threats Acceptable Risk Assessment Update
  • 40. Information Consolidation and Review Audit Overview Recommendations Suggested Network Diagram
  • 41. Audit Findings Summery Wireless • Cedar Hills WEP -> WPA2 • Cedar Hills wireless and LAN same network Network • Flat Network • Lack of central management (AD) • Lack of enforced network security policy • Windows Updates Physical • Social Engineering successful • Power Issues • High Availability and Redundancy • Cooling • Fire Suppression • Battery backup • Backup process • Security Camera
  • 42. Recommendations Specifics • Implement AD system • This will allow constant server hardening and polies to be pushed to all machines • IDS • Logging • Wireless change to WPA2 • Change password to complex on all networking devices • Including church router and printer • Backup system • High Availability • Switches, routers, ISP, Important servers • Redundancy • Switches, routers, ISP, UPS, Cooling • Possibly Hot or Cold site • Inventory Control
  • 43. Recommendations Specifics (Continued) • Physical Security • Camera and access controls • Must include logging capabilities • Reinforced doors and walls • Glass into server room - remove • Fire suppression • Seal Server room for better cooling • Power issues • Extension cord • Encryption on Laptops • More Secure method of Remote Access

Editor's Notes

  • #4: I don’t think we should read this mission statement but just a quick summery of our key beliefs. -don’t interrupt the normal business procedures. -focus on security -only recommend applicable and necessary upgrades/changes
  • #6: -With our network infrastructures going into the cloud along follow our security. With all the benefits and increased functionality that the cloud can bring, it also offers many security related challenges. -This new horizon has proven a challenge for many companies so far this year. Including Sony, RSA and wordpress Add more specificis http://mobile.eweek.com/c/a/Security/10-Biggest-Data-Breaches-of-2011-So-Far-175567/
  • #7: http://www.informationweek.com/news/security/229401787 We put our best efforts into securing from the most common to the least to ensure your getting the most out of your investment.
  • #9: Update with exact
  • #10: I need the Gant chart in another form that PDF
  • #11: Make sure this format is followed thought the PPT Plan and organize Implement Operate and maintain Monitor and evaluate
  • #13: Make sure these diag.’s get updated before presentation for the larger text Also make sure you say which floor plan is which.
  • #14: Have to enlarge text and add diagram
  • #15: Have to enlarge text and add diagram Ron has the interview notes from Cindy
  • #16: Exploiting human vulnerably. The weakest link are untrained employees. We took advantage of this Recommend the social eng. Toolkit Outline our steps -> in the way outlined in slide
  • #19: Include Diagrams/SSIDS list/WEP Cracking The main purpose of this audit procedure was to show how many people were around. If we can see their wireless they can see MCT
  • #20: Video inserted here. Will not show until presentation because it isn't embedded. Explain what is going on along with it
  • #22: Note that this is a list of discoverable network devices. Define discoverable. Fingerprinting Don’t go into detail about pen testing them NOTE: that we were not allowed to attack the MTC Network Enumeration occurs after scanning and is the process of gathering and comiling user names, machines names, network resources, shares and services
  • #23: Note that this is a list of discoverable network devices. Define discoverable. Don’t go into detail about pen testing them
  • #24: Define fingerprinting
  • #28: May want to take this out, duplicate as info before it
  • #29: May want to take this out, duplicate as info before it
  • #33: Create a section of all tools and resources used in this audit Figure out where this should go. Before all audit finds or after (one of the last)
  • #34: Make sure addition of server function is done We may not want to use these in presentation
  • #35: Make sure addition of server function is done We may not want to use these in presentation
  • #36: Explain what it is: How to stay in business in the even of a disaster Why we need it. Go over the steps and then go into the DR plan This plan also has to include things like state of current Fire suppression, power issues, UPS and then suggestions to fix We could do tour here
  • #38: Ethics Policy Defines the means to establish a culture of openness, trust and integrity in business practices. Dial-in Access Policy Defines appropriate dial-in access and its use by authorized personnel.
  • #39: Explain what it is: How to stay in business in the even of a disaster Why we need it. Go over the steps and then go into the DR plan This plan also has to include things like state of current Fire suppression, power issues, UPS and then suggestions to fix
  • #40: We need to upgrade or DR plan to include HA and redundancy. Possibly the option of a hot/cold site This plan also has to include things like state of current Fire suppression, power issues, UPS and then suggestions to fix This has got to relate to $$ but from lost and cost of creation
  • #42: Do not define solutions to these just identify the vulnerabilities Define flat network
  • #43: Create more slides here such as backups/compliance Make sure we put together training materials for employees and clients who have access to system.
  • #44: Create more slides here such as backups/compliance Make sure we put together training materials for employees and clients who have access to system.
  • #45: Have to enlarge text and add diagram
  • #46: Break up into current cost monthly and one time costs including a total for one year
  • #47: Explain the graph – businesses which reported incidents to law enforcement within the US Sales pitch: As technology evolves so does the work places network infrastructure. This evolution unfortunately brings more security vulnerabilities into the work place to keep updated and tested. Network security audits should not be a one time test but ongoing process to be done at set intervals throughout the year. We hope you will think of us again next time that date pops onto your calendars. Thanks you
  • #49: Still compiling