29. • Open System Administration Channels
• Default and Weak Passwords
• End-user has Administrator Privileges
• Outdated Software Versions
• Non-hardened Configurations
=> Flaws in System Administration
VZ DBIR Background Info
30. “We were getting owned through
our users that were running IE with
admin privileges”
48. • About 5000 seats
• Data Breach
• 6 month security project
• Fully Patched in 2 weeks
• Admin rights controlled
• Whitelisting
• No Additional Software purchased
• No Enduser Impact
DIISRTE
Department of Industry, Innovation, Science, Research and Tertiary Education