SlideShare a Scribd company logo

Scrapping for Pennies: How to implement security without a budget

Download as PPTX, PDF
R
Ryan Wisniewski

The document discusses the implementation of the CIS Top 20 cybersecurity controls with limited resources, outlining a step-by-step approach starting from device discovery to enforcement. It emphasizes the importance of risk management and investment in cybersecurity tools while providing practical examples and strategies for improving security posture. Key steps include discovering network devices, defining policies for privileged accounts, and enforcing security measures like firewalls and data encryption.

Technology
Related topics:
Blue Team Information Security
1 of 65
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Scrapping for Pennies Implementing CIS Top 20 with no budget Ryan Wisniewski Principle Security Consultant Active Defense, LLC March 1, 2019 ©2018 Active Defense, LLC. All rights reserved
SECURITY IMPLEMENTATION TALKS: AN ACTIVE DEFENSE SERIES ©2018 Active Defense, LLC. All rights reserved 2 Starting from Scratch 0Day to HeroDay Starting from Basic IT Implementations Scrapping for Pennies Maturing to a Scalable Operation Scaling the Mountain
©2018 Active Defense, LLC. All rights reserved 3
EXECUTIVE PERSPECTIVE ©2018 Active Defense, LLC. All rights reserved 4 SALES R&D FINANCE IT SECURITY - Advertising - Sales Growth ? - New Products - New Efficiencies - New Investments - New Efficiencies - ???
©2018 Active Defense, LLC. All rights reserved 5 MORE INVESTMENT = PREVENT ATTACKS! Spending on cybersecurity in the United States from 2010 to 2018 (in billion $) Global number of cyber security incidents from 2009 to 2015 (in millions)
©2018 Active Defense, LLC. All rights reserved 6 MORE INVESTMENT = PREVENT ATTACKS! Due to investments in infrastructure for growth and spending to bolster security, Facebook CFO Dave Wehner said capital expenditures in 2018 are forecast to double from $7 billion to $14 billion NOVEMBER 1, 2017 On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts SEPTEMBER 28, 2018
©2018 Active Defense, LLC. All rights reserved 7
©2018 Active Defense, LLC. All rights reserved 8
©2018 Active Defense, LLC. All rights reserved 9
SPEAK THEIR LANGUAGE! ©2018 Active Defense, LLC. All rights reserved 10 EXECUTIVES UNDERSTAND RISK! WE MITIGATE RISK! EXAMPLE: Incidents/week 650 We investigate Incidents/week 950 We encounter To keep up with demand, we need to spend $15,000 on a new tool that will allow for 300 Incidents/week If we choose not to, we will allow 300 incidents per day, increasing our probability for breach by 33%. We estimate an average breach would cost $1.5mil. The increase of 33% risk is equal to $495k/year.
PROBLEM IS… ©2018 Active Defense, LLC. All rights reserved 11 Incidents/year 650 We investigate Incidents/day 950 We encounter To keep up with demand, we need to spend $15,000 on a new tool that will allow for 150 Incidents/day If we choose not to, we will allow 300 incidents per day, increasing our probability for breach by 33%. We estimate an average breach would cost $1.5mil. The increase of 33% risk is equal to $495k/year. THIS IS VERY HARD TO GET AT!!!
©2018 Active Defense, LLC. All rights reserved 12
©2018 Active Defense, LLC. All rights reserved 13
Implementation of the CIS Top 20 ©2018 Active Defense, LLC. All rights reserved 14 Step 1: Discover Step 2: Define Step 3: Enforce Step 4: Monitor
©2018 Active Defense, LLC. All rights reserved 15
©2018 Active Defense, LLC. All rights reserved 16 Functionality Systems do things for us Security Systems protect us Convenience Systems make our life easier It is Security’s job to ensure the ball stays balanced, NOT JUST DRIFT THE BALL TOWARDS SECURITY
Step 1: Discover ©2018 Active Defense, LLC. All rights reserved 17 What are my devices? What is running on my devices? 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
©2018 Active Defense, LLC. All rights reserved 18 Step 1: Discover  List all devices on the network
©2018 Active Defense, LLC. All rights reserved 19 Pingsweep: nmap –sP 10.10.10.0/24 –oA output Scan Top 100 ports from list: nmap -F -iL list-of-ips.txt –oA output Scan Specific Port (ie 22): nmap –p 22 -iL list-of-ips.txt –oA output https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.0.pdf Pingsweep: masscan 10.0.0.0/8 --ping –oL ips.txt Scan Specific Port (ie 22): masscan 10.0.0.0/8 –p 22 –oX output.xml https://github.com/robertdavidgraham/masscan https://www.youtube.com/watch?v=nX9JXI4l3-E Step 1: Discover
©2018 Active Defense, LLC. All rights reserved 20 Step 1: Discover
©2018 Active Defense, LLC. All rights reserved 21 Step 1: Discover Get-ItemProperty HKLM:SoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize  List all software installed on a client machine
Step 2: Define ©2018 Active Defense, LLC. All rights reserved 22 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Hardened Image for Clients and Servers Network Security Framework Data Classification and Access Policy Hardened Image for Network Devices
©2018 Active Defense, LLC. All rights reserved 23 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20  No administration from non-admin accounts  No administration from non-admin workstations  No default admin passwords  No Domain Admins  Implement LAPS Step 2: Define
©2018 Active Defense, LLC. All rights reserved 24 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Step 2: Define  No administration from non-admin accounts  No administration from non-admin workstations John.Smith@ecorp.com RDP ecorpJohn.Smith.Admin Admin Interface Database.Server Firewalls MUST BE TIGHT! JUMP
©2018 Active Defense, LLC. All rights reserved 25 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Step 2: Define Scan  No default admin passwords Change nmap -p80 --script http- default-accounts 10.0.0.0/8 https://nmap.org/nsedoc/scripts/http-default-accounts.html Vault Long and complex Don't forget your printers!
©2018 Active Defense, LLC. All rights reserved 26 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Step 2: Define  No Domain Admins • net group "Domain Admins" /domain • dsget group "CN=Domain Admins,CN=Users,DC=ecorp,DC=com" -members
©2018 Active Defense, LLC. All rights reserved 27 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Step 2: Define https://github.com/BloodHoundAD
©2018 Active Defense, LLC. All rights reserved 28 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20  Implement LAPS (Local Admin Password Solution) Step 2: Define https://www.microsoft.com/en-us/download/details.aspx?id=46899 1. Push install .msi to clients through GPO 2. Modify AD schema with .ps script from Microsoft 3. Enable LAPS GPO 4. Remove any custom local admins you have
©2018 Active Defense, LLC. All rights reserved 29 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Hardened Image for Clients and Servers Step 2: Define Free SCAP Compliance Audit Hardened Image for Network Devices
©2018 Active Defense, LLC. All rights reserved 30 NIST Checklists - https://nvd.nist.gov/ncp/repository
©2018 Active Defense, LLC. All rights reserved 31 NIST Checklists - https://nvd.nist.gov/ncp/repository GPOs Root Reports GPOs
©2018 Active Defense, LLC. All rights reserved 32 NIST Checklists - https://nvd.nist.gov/ncp/repository GPO Reports
©2018 Active Defense, LLC. All rights reserved 33 OpenSCAP - https://www.open-scap.org/getting-started/ https://www.open-scap.org/tools/scap-workbench/download-win32 apt-get install scap-workbench yum install scap-workbench https://www.open-scap.org/tools/scap-workbench/download-osx 1. Download and install
©2018 Active Defense, LLC. All rights reserved 34 OpenSCAP - https://www.open-scap.org/getting-started/ 2. Load the STIG SCAP contents 3. Scan! *Limited to only *nix machines…
©2018 Active Defense, LLC. All rights reserved 35 Qualys FreeScan SCAP Audit - https://www.qualys.com/forms/freescan/scap/
©2018 Active Defense, LLC. All rights reserved 36 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Network Security Framework Step 2: Define Servers InternetUsers System-Conentric View
©2018 Active Defense, LLC. All rights reserved 37 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Network Security Framework Step 2: Define InternetFinance HR IT Sales User-Conentric View
©2018 Active Defense, LLC. All rights reserved 38 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Network Security Framework Step 2: Define RBAC in Network Security 1. Categorize people, systems, applications, websites, etc. by functional role 2. Allow access to those systems, apps, sites to roles 3. Move people into those roles 4. Deny all other access Role Department Internal Access External Access Stock Market Analyst Finance US-SAP-FI-001:8505 US-APP-STOCK-001:900 … Fidelity.com/stocks Robinhood.com IT SysAdmin IT ALL (Challenge this) Google.com Reddit.com
©2018 Active Defense, LLC. All rights reserved 39 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Network Security Framework Step 2: Define  Turn on client-side firewalls  Don't allow peer connections
Step 2: Define ©2018 Active Defense, LLC. All rights reserved 40 Data Classification and Access Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 IT Admin Financial Records System Configurations John's Files
Step 2: Define ©2018 Active Defense, LLC. All rights reserved 41 Data Classification and Access Policy RBAC in Data 1. Categorize people, systems, applications, websites, etc. By functional role 2. Allow access to those systems, apps, sites to roles 3. Move people into those roles 4. Deny all other access Role Department Data Location Stock Market Analyst Finance Historic Purchases Current Bank Accounts US-STOCKhist001.xls US-BANKaccttoday.xls IT SysAdmin IT Configuration database Documentation Archive US-ITconfigs US-ITdocs 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 42 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Implement firewalls on trust boundaries Encrypt drives and disable writeable USBs Ensure Secure Wireless Deployments Ensure Backups Ensure your AV Implement DNS Filtering
Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 43 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Implement firewalls on trust boundaries 1. Define your boundaries from your RBAC policy 2. Build a PFSense VM 3. Build the PFSense policy based on your RBAC policy A firewall is simply a technical implementation of your written policy. No more, no less
Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 44 Implement firewalls on trust boundaries 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 InternetFinance HR IT Sales
PFSENSE - https://www.pfsense.org/ ©2018 Active Defense, LLC. All rights reserved 45 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 1. Download ISO https://www.pfsense.org/download/
PFSENSE - https://www.pfsense.org/ ©2018 Active Defense, LLC. All rights reserved 46 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 2. Install ESX Guide https://docs.netgate.com/pfsense/en/late st/virtualization/virtualizing-pfsense-with- vmware-vsphere-esxi.html Hyper-V Guide https://docs.netgate.com/pfsense/en/late st/virtualization/virtualizing-pfsense-with- hyper-v.html Bare Metal Guide https://docs.netgate.com/pfsense/en/late st/install/installing-pfsense.html
PFSENSE - https://www.pfsense.org/ ©2018 Active Defense, LLC. All rights reserved 47 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 3. Configure - https://docs.netgate.com/pfsense/en/latest/config/
Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 48 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Encrypt drives and disable writeable USBs  Encrypt client hard drives  No writing to external drives
Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 49  Encrypt client hard drives GPO: Computer Configuration > Policies > Administrative Templates > Windows Components > BitLocker Drive Encryption 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 50  No writing to external drives GPO: Computer Configuration > Policies > Administrative Templates > System > Removable Storage Access 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 51 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Implement DNS Filtering Pi-hole
Pi-Hole - https://pi-hole.net/ ©2018 Active Defense, LLC. All rights reserved 52 1. Install with this command curl -sSL https://install.pi-hole.net | bash 2. Configure blocklists https://raw.githubusercontent.com/setoptz/sysadmin/master/blocklist.txt 3. Update your DHCP to point users to your DNS server 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 53 Ensure Secure Wireless Deployments*Ensure Backups* Ensure your AV*  No WEP, Use WPA2  Segment Guest Network from Corporate LAN 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
Step 4: Monitor ©2018 Active Defense, LLC. All rights reserved 54 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
Step 4: Monitor ©2018 Active Defense, LLC. All rights reserved 55 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
Step 4: Monitor ©2018 Active Defense, LLC. All rights reserved 56 http://www.openvas.org/ 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
Step 4: Monitor ©2018 Active Defense, LLC. All rights reserved 57 https://www.tenable.com/products/ nessus/nessus-professional 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
Step 4: Monitor ©2018 Active Defense, LLC. All rights reserved 58 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
©2018 Active Defense, LLC. All rights reserved 59 Full PCAP NIDS/HIDS Analysis/Presentation Step 4: Monitor 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
©2018 Active Defense, LLC. All rights reserved 60 1. Download ISO https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md Step 4: Monitor 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
©2018 Active Defense, LLC. All rights reserved 61 2. Install Full Deployment Guide https://securityonion.readthedocs.i o/en/latest/ProductionDeployment Quick Install https://securityonion.readthedocs.io /en/latest/QuickISOImage Step 4: Monitor 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
©2018 Active Defense, LLC. All rights reserved 62 3. HAVE FUN! Step 4: Monitor Kibana Sguil ELSA Snorby 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
©2018 Active Defense, LLC. All rights reserved 63 3. HAVE FUN! Step 4: Monitor …and many more (+60 tools) 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 https://onlinetraining.securityonionso lutions.com/p/security-onion-101
©2018 Active Defense, LLC. All rights reserved 64 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Step 5: Homework
65 ©2018 Active Defense, LLC. All rights reserved 65 QUESTIONS? @RY_WIZ RYAN@ACTIVEDEFENSE.US THANK YOU!

More Related Content

PPTX
0Day to HeroDay: Surviving an Attack and Establishing a Security Organization
Ryan Wisniewski
 
PDF
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
SecPod Technologies
 
PPTX
Security Kung Fu: Security vs. Compliance
Joshua Berman
 
PDF
THE ESSENTIAL ELEMENT OF YOUR SECURITY
ETDAofficialRegist
 
PPTX
Continuous Compliance Monitoring
ControlCase
 
PDF
The Seven Deadly Sins of Incident Response
Lancope, Inc.
 
PDF
Cost effective cyber security
임채호 박사님
 
PPTX
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Ulf Mattsson
 
0Day to HeroDay: Surviving an Attack and Establishing a Security Organization
Ryan Wisniewski
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
SecPod Technologies
 
Security Kung Fu: Security vs. Compliance
Joshua Berman
 
THE ESSENTIAL ELEMENT OF YOUR SECURITY
ETDAofficialRegist
 
Continuous Compliance Monitoring
ControlCase
 
The Seven Deadly Sins of Incident Response
Lancope, Inc.
 
Cost effective cyber security
임채호 박사님
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Ulf Mattsson
 

What's hot (20)

PDF
Cyber-risk Oversight Handbook for Corporate Boards
Cheffley White
 
PPTX
CRI Cyber Board Briefing
OCTF Industry Engagement
 
PDF
Cyber Security for Oil and Gas
mariaidga
 
PDF
Next generation security analytics
Christian Have
 
PPTX
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
 
PDF
Leveraging Log Management to provide business value
Enterprise Technology Management (ETM)
 
PDF
Cyber security: Five leadership issues worthy of board and executive attention
Ramón Gómez de Olea y Bustinza
 
PPTX
Security Kung Fu: Active Directory Changes
Joshua Berman
 
PPTX
New CISO - The First 90 Days
Resilient Systems
 
PDF
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec
 
PPTX
Unrestricted - Complex Regulation Practical Security FINAL
Wayne Anderson
 
PDF
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec
 
PDF
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Precisely
 
PPTX
CNL Software - PSIM for Energy, Oil & Gas
Adlan Hussain
 
PPTX
Building securable infrastructures
Steven Aiello
 
PDF
The Dynamic Nature of Virtualization Security
Rapid7
 
PDF
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec
 
PPTX
Stay Ahead of Threats with Advanced Security Protection - Fortinet
MarcoTechnologies
 
PDF
30 Minute Release11i Security
SecureDBA
 
PPTX
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye, Inc.
 
Cyber-risk Oversight Handbook for Corporate Boards
Cheffley White
 
CRI Cyber Board Briefing
OCTF Industry Engagement
 
Cyber Security for Oil and Gas
mariaidga
 
Next generation security analytics
Christian Have
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
 
Leveraging Log Management to provide business value
Enterprise Technology Management (ETM)
 
Cyber security: Five leadership issues worthy of board and executive attention
Ramón Gómez de Olea y Bustinza
 
Security Kung Fu: Active Directory Changes
Joshua Berman
 
New CISO - The First 90 Days
Resilient Systems
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec
 
Unrestricted - Complex Regulation Practical Security FINAL
Wayne Anderson
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Precisely
 
CNL Software - PSIM for Energy, Oil & Gas
Adlan Hussain
 
Building securable infrastructures
Steven Aiello
 
The Dynamic Nature of Virtualization Security
Rapid7
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
MarcoTechnologies
 
30 Minute Release11i Security
SecureDBA
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye, Inc.
 
Ad

Similar to Scrapping for Pennies: How to implement security without a budget (20)

PDF
Infosecurity - CDMX 2018
Miguel Hernández y López
 
PPTX
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
African Cyber Security Summit
 
PPTX
Kba talk track 2018
Greg Wartes, MCP
 
PDF
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
OSIsoft, LLC
 
PPTX
Ga society of cpa's 2018 coastal chapter
Greg Wartes, MCP
 
PPTX
Martin Huddleston: No Service Management, No Security
itSMF UK
 
PDF
PIONEERING GEN V SECURITY WITH CHECK POINT
Technofutur TIC
 
PPTX
Automate compliance with cloud guard dome9
John Varghese
 
PPTX
The Jisc vulnerability assessment management service – part 2: how to avoid t...
Jisc
 
PDF
Content is King - Symantec
Harry Gunns
 
PDF
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec
 
PDF
Security as an Accelerator for Cloud Adoption
MarketingArrowECS_CZ
 
PPTX
Pgatss slide deck june 7, 2018
Greg Wartes, MCP
 
PDF
ICS Cyber Security Effectiveness Measurement
Aleksey Lukatskiy
 
PDF
End to End Security - Check Point
Harry Gunns
 
PDF
AI : Animal Like Abilities in Applied AI, What can go wrong?
Jari Koister
 
PDF
Don’t Be Left in the Dark: Secure Critical Infrastructure Systems to Defend A...
Bomgar
 
PPTX
Automation: Embracing the Future of SecOps
IBM Security
 
PDF
Emerging Trends in Application Security
Synopsys Software Integrity Group
 
PDF
2018 06 Presentation Cloudguard SaaS de Checkpoint
e-Xpert Solutions SA
 
Infosecurity - CDMX 2018
Miguel Hernández y López
 
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
African Cyber Security Summit
 
Kba talk track 2018
Greg Wartes, MCP
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
OSIsoft, LLC
 
Ga society of cpa's 2018 coastal chapter
Greg Wartes, MCP
 
Martin Huddleston: No Service Management, No Security
itSMF UK
 
PIONEERING GEN V SECURITY WITH CHECK POINT
Technofutur TIC
 
Automate compliance with cloud guard dome9
John Varghese
 
The Jisc vulnerability assessment management service – part 2: how to avoid t...
Jisc
 
Content is King - Symantec
Harry Gunns
 
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...
Symantec
 
Security as an Accelerator for Cloud Adoption
MarketingArrowECS_CZ
 
Pgatss slide deck june 7, 2018
Greg Wartes, MCP
 
ICS Cyber Security Effectiveness Measurement
Aleksey Lukatskiy
 
End to End Security - Check Point
Harry Gunns
 
AI : Animal Like Abilities in Applied AI, What can go wrong?
Jari Koister
 
Don’t Be Left in the Dark: Secure Critical Infrastructure Systems to Defend A...
Bomgar
 
Automation: Embracing the Future of SecOps
IBM Security
 
Emerging Trends in Application Security
Synopsys Software Integrity Group
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
e-Xpert Solutions SA
 
Ad

Recently uploaded (20)

PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
August Patch Tuesday
Ivanti
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
August Patch Tuesday
Ivanti
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Modernising the Digital Integration Hub
Daniel Toomey
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 

Scrapping for Pennies: How to implement security without a budget

  • 1. Scrapping for Pennies Implementing CIS Top 20 with no budget Ryan Wisniewski Principle Security Consultant Active Defense, LLC March 1, 2019 ©2018 Active Defense, LLC. All rights reserved
  • 2. SECURITY IMPLEMENTATION TALKS: AN ACTIVE DEFENSE SERIES ©2018 Active Defense, LLC. All rights reserved 2 Starting from Scratch 0Day to HeroDay Starting from Basic IT Implementations Scrapping for Pennies Maturing to a Scalable Operation Scaling the Mountain
  • 3. ©2018 Active Defense, LLC. All rights reserved 3
  • 4. EXECUTIVE PERSPECTIVE ©2018 Active Defense, LLC. All rights reserved 4 SALES R&D FINANCE IT SECURITY - Advertising - Sales Growth ? - New Products - New Efficiencies - New Investments - New Efficiencies - ???
  • 5. ©2018 Active Defense, LLC. All rights reserved 5 MORE INVESTMENT = PREVENT ATTACKS! Spending on cybersecurity in the United States from 2010 to 2018 (in billion $) Global number of cyber security incidents from 2009 to 2015 (in millions)
  • 6. ©2018 Active Defense, LLC. All rights reserved 6 MORE INVESTMENT = PREVENT ATTACKS! Due to investments in infrastructure for growth and spending to bolster security, Facebook CFO Dave Wehner said capital expenditures in 2018 are forecast to double from $7 billion to $14 billion NOVEMBER 1, 2017 On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts SEPTEMBER 28, 2018
  • 7. ©2018 Active Defense, LLC. All rights reserved 7
  • 8. ©2018 Active Defense, LLC. All rights reserved 8
  • 9. ©2018 Active Defense, LLC. All rights reserved 9
  • 10. SPEAK THEIR LANGUAGE! ©2018 Active Defense, LLC. All rights reserved 10 EXECUTIVES UNDERSTAND RISK! WE MITIGATE RISK! EXAMPLE: Incidents/week 650 We investigate Incidents/week 950 We encounter To keep up with demand, we need to spend $15,000 on a new tool that will allow for 300 Incidents/week If we choose not to, we will allow 300 incidents per day, increasing our probability for breach by 33%. We estimate an average breach would cost $1.5mil. The increase of 33% risk is equal to $495k/year.
  • 11. PROBLEM IS… ©2018 Active Defense, LLC. All rights reserved 11 Incidents/year 650 We investigate Incidents/day 950 We encounter To keep up with demand, we need to spend $15,000 on a new tool that will allow for 150 Incidents/day If we choose not to, we will allow 300 incidents per day, increasing our probability for breach by 33%. We estimate an average breach would cost $1.5mil. The increase of 33% risk is equal to $495k/year. THIS IS VERY HARD TO GET AT!!!
  • 12. ©2018 Active Defense, LLC. All rights reserved 12
  • 13. ©2018 Active Defense, LLC. All rights reserved 13
  • 14. Implementation of the CIS Top 20 ©2018 Active Defense, LLC. All rights reserved 14 Step 1: Discover Step 2: Define Step 3: Enforce Step 4: Monitor
  • 15. ©2018 Active Defense, LLC. All rights reserved 15
  • 16. ©2018 Active Defense, LLC. All rights reserved 16 Functionality Systems do things for us Security Systems protect us Convenience Systems make our life easier It is Security’s job to ensure the ball stays balanced, NOT JUST DRIFT THE BALL TOWARDS SECURITY
  • 17. Step 1: Discover ©2018 Active Defense, LLC. All rights reserved 17 What are my devices? What is running on my devices? 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 18. ©2018 Active Defense, LLC. All rights reserved 18 Step 1: Discover  List all devices on the network
  • 19. ©2018 Active Defense, LLC. All rights reserved 19 Pingsweep: nmap –sP 10.10.10.0/24 –oA output Scan Top 100 ports from list: nmap -F -iL list-of-ips.txt –oA output Scan Specific Port (ie 22): nmap –p 22 -iL list-of-ips.txt –oA output https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.0.pdf Pingsweep: masscan 10.0.0.0/8 --ping –oL ips.txt Scan Specific Port (ie 22): masscan 10.0.0.0/8 –p 22 –oX output.xml https://github.com/robertdavidgraham/masscan https://www.youtube.com/watch?v=nX9JXI4l3-E Step 1: Discover
  • 20. ©2018 Active Defense, LLC. All rights reserved 20 Step 1: Discover
  • 21. ©2018 Active Defense, LLC. All rights reserved 21 Step 1: Discover Get-ItemProperty HKLM:SoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize  List all software installed on a client machine
  • 22. Step 2: Define ©2018 Active Defense, LLC. All rights reserved 22 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Hardened Image for Clients and Servers Network Security Framework Data Classification and Access Policy Hardened Image for Network Devices
  • 23. ©2018 Active Defense, LLC. All rights reserved 23 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20  No administration from non-admin accounts  No administration from non-admin workstations  No default admin passwords  No Domain Admins  Implement LAPS Step 2: Define
  • 24. ©2018 Active Defense, LLC. All rights reserved 24 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Step 2: Define  No administration from non-admin accounts  No administration from non-admin workstations John.Smith@ecorp.com RDP ecorpJohn.Smith.Admin Admin Interface Database.Server Firewalls MUST BE TIGHT! JUMP
  • 25. ©2018 Active Defense, LLC. All rights reserved 25 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Step 2: Define Scan  No default admin passwords Change nmap -p80 --script http- default-accounts 10.0.0.0/8 https://nmap.org/nsedoc/scripts/http-default-accounts.html Vault Long and complex Don't forget your printers!
  • 26. ©2018 Active Defense, LLC. All rights reserved 26 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Step 2: Define  No Domain Admins • net group "Domain Admins" /domain • dsget group "CN=Domain Admins,CN=Users,DC=ecorp,DC=com" -members
  • 27. ©2018 Active Defense, LLC. All rights reserved 27 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Step 2: Define https://github.com/BloodHoundAD
  • 28. ©2018 Active Defense, LLC. All rights reserved 28 Privledged Account Usage Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20  Implement LAPS (Local Admin Password Solution) Step 2: Define https://www.microsoft.com/en-us/download/details.aspx?id=46899 1. Push install .msi to clients through GPO 2. Modify AD schema with .ps script from Microsoft 3. Enable LAPS GPO 4. Remove any custom local admins you have
  • 29. ©2018 Active Defense, LLC. All rights reserved 29 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Hardened Image for Clients and Servers Step 2: Define Free SCAP Compliance Audit Hardened Image for Network Devices
  • 30. ©2018 Active Defense, LLC. All rights reserved 30 NIST Checklists - https://nvd.nist.gov/ncp/repository
  • 31. ©2018 Active Defense, LLC. All rights reserved 31 NIST Checklists - https://nvd.nist.gov/ncp/repository GPOs Root Reports GPOs
  • 32. ©2018 Active Defense, LLC. All rights reserved 32 NIST Checklists - https://nvd.nist.gov/ncp/repository GPO Reports
  • 33. ©2018 Active Defense, LLC. All rights reserved 33 OpenSCAP - https://www.open-scap.org/getting-started/ https://www.open-scap.org/tools/scap-workbench/download-win32 apt-get install scap-workbench yum install scap-workbench https://www.open-scap.org/tools/scap-workbench/download-osx 1. Download and install
  • 34. ©2018 Active Defense, LLC. All rights reserved 34 OpenSCAP - https://www.open-scap.org/getting-started/ 2. Load the STIG SCAP contents 3. Scan! *Limited to only *nix machines…
  • 35. ©2018 Active Defense, LLC. All rights reserved 35 Qualys FreeScan SCAP Audit - https://www.qualys.com/forms/freescan/scap/
  • 36. ©2018 Active Defense, LLC. All rights reserved 36 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Network Security Framework Step 2: Define Servers InternetUsers System-Conentric View
  • 37. ©2018 Active Defense, LLC. All rights reserved 37 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Network Security Framework Step 2: Define InternetFinance HR IT Sales User-Conentric View
  • 38. ©2018 Active Defense, LLC. All rights reserved 38 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Network Security Framework Step 2: Define RBAC in Network Security 1. Categorize people, systems, applications, websites, etc. by functional role 2. Allow access to those systems, apps, sites to roles 3. Move people into those roles 4. Deny all other access Role Department Internal Access External Access Stock Market Analyst Finance US-SAP-FI-001:8505 US-APP-STOCK-001:900 … Fidelity.com/stocks Robinhood.com IT SysAdmin IT ALL (Challenge this) Google.com Reddit.com
  • 39. ©2018 Active Defense, LLC. All rights reserved 39 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Network Security Framework Step 2: Define  Turn on client-side firewalls  Don't allow peer connections
  • 40. Step 2: Define ©2018 Active Defense, LLC. All rights reserved 40 Data Classification and Access Policy 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 IT Admin Financial Records System Configurations John's Files
  • 41. Step 2: Define ©2018 Active Defense, LLC. All rights reserved 41 Data Classification and Access Policy RBAC in Data 1. Categorize people, systems, applications, websites, etc. By functional role 2. Allow access to those systems, apps, sites to roles 3. Move people into those roles 4. Deny all other access Role Department Data Location Stock Market Analyst Finance Historic Purchases Current Bank Accounts US-STOCKhist001.xls US-BANKaccttoday.xls IT SysAdmin IT Configuration database Documentation Archive US-ITconfigs US-ITdocs 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 42. Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 42 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Implement firewalls on trust boundaries Encrypt drives and disable writeable USBs Ensure Secure Wireless Deployments Ensure Backups Ensure your AV Implement DNS Filtering
  • 43. Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 43 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Implement firewalls on trust boundaries 1. Define your boundaries from your RBAC policy 2. Build a PFSense VM 3. Build the PFSense policy based on your RBAC policy A firewall is simply a technical implementation of your written policy. No more, no less
  • 44. Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 44 Implement firewalls on trust boundaries 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 InternetFinance HR IT Sales
  • 45. PFSENSE - https://www.pfsense.org/ ©2018 Active Defense, LLC. All rights reserved 45 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 1. Download ISO https://www.pfsense.org/download/
  • 46. PFSENSE - https://www.pfsense.org/ ©2018 Active Defense, LLC. All rights reserved 46 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 2. Install ESX Guide https://docs.netgate.com/pfsense/en/late st/virtualization/virtualizing-pfsense-with- vmware-vsphere-esxi.html Hyper-V Guide https://docs.netgate.com/pfsense/en/late st/virtualization/virtualizing-pfsense-with- hyper-v.html Bare Metal Guide https://docs.netgate.com/pfsense/en/late st/install/installing-pfsense.html
  • 47. PFSENSE - https://www.pfsense.org/ ©2018 Active Defense, LLC. All rights reserved 47 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 3. Configure - https://docs.netgate.com/pfsense/en/latest/config/
  • 48. Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 48 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Encrypt drives and disable writeable USBs  Encrypt client hard drives  No writing to external drives
  • 49. Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 49  Encrypt client hard drives GPO: Computer Configuration > Policies > Administrative Templates > Windows Components > BitLocker Drive Encryption 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 50. Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 50  No writing to external drives GPO: Computer Configuration > Policies > Administrative Templates > System > Removable Storage Access 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 51. Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 51 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Implement DNS Filtering Pi-hole
  • 52. Pi-Hole - https://pi-hole.net/ ©2018 Active Defense, LLC. All rights reserved 52 1. Install with this command curl -sSL https://install.pi-hole.net | bash 2. Configure blocklists https://raw.githubusercontent.com/setoptz/sysadmin/master/blocklist.txt 3. Update your DHCP to point users to your DNS server 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 53. Step 3: Enforcement ©2018 Active Defense, LLC. All rights reserved 53 Ensure Secure Wireless Deployments*Ensure Backups* Ensure your AV*  No WEP, Use WPA2  Segment Guest Network from Corporate LAN 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 54. Step 4: Monitor ©2018 Active Defense, LLC. All rights reserved 54 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 55. Step 4: Monitor ©2018 Active Defense, LLC. All rights reserved 55 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 56. Step 4: Monitor ©2018 Active Defense, LLC. All rights reserved 56 http://www.openvas.org/ 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 57. Step 4: Monitor ©2018 Active Defense, LLC. All rights reserved 57 https://www.tenable.com/products/ nessus/nessus-professional 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 58. Step 4: Monitor ©2018 Active Defense, LLC. All rights reserved 58 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 59. ©2018 Active Defense, LLC. All rights reserved 59 Full PCAP NIDS/HIDS Analysis/Presentation Step 4: Monitor 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 60. ©2018 Active Defense, LLC. All rights reserved 60 1. Download ISO https://github.com/Security-Onion-Solutions/security-onion/blob/master/Verify_ISO.md Step 4: Monitor 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 61. ©2018 Active Defense, LLC. All rights reserved 61 2. Install Full Deployment Guide https://securityonion.readthedocs.i o/en/latest/ProductionDeployment Quick Install https://securityonion.readthedocs.io /en/latest/QuickISOImage Step 4: Monitor 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 62. ©2018 Active Defense, LLC. All rights reserved 62 3. HAVE FUN! Step 4: Monitor Kibana Sguil ELSA Snorby 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20
  • 63. ©2018 Active Defense, LLC. All rights reserved 63 3. HAVE FUN! Step 4: Monitor …and many more (+60 tools) 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 https://onlinetraining.securityonionso lutions.com/p/security-onion-101
  • 64. ©2018 Active Defense, LLC. All rights reserved 64 1 3 5 7 2 4 6 8 9 10 11 12 13 14 15 16 17 18 19 20 Step 5: Homework
  • 65. 65 ©2018 Active Defense, LLC. All rights reserved 65 QUESTIONS? @RY_WIZ RYAN@ACTIVEDEFENSE.US THANK YOU!

Editor's Notes

  • #7: https://venturebeat.com/2017/11/01/zuckerberg-facebooks-security-investments-will-significantly-impact-profitability/
  • #17: Don't make people angry - sheriff attitudes don’t work