Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Info sec is not daunting v1.0

532 Aufrufe

Veröffentlicht am

Information Security may seem like a daunting task for SMB's, but if you do some basic things and know when to seek help, you can succeed!

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Info sec is not daunting v1.0

  1. 1. Information Security may seem like a daunting task for SMB's, but if you do some basic things and know when to seek help, you can succeed! Michael Gough – Founder MalwareArchaeology.com MalwareArchaeology.com
  2. 2. Who am I • Blue Team Defender Ninja, Malware Archaeologist, Logoholic • I am the one you call when $*!+ hits the fan • I love logs – they tell us Who, What, Where, When and hopefully How • Creator of the “Windows Logging Cheat Sheet” • Creator of the “Malware Management Framework” • @HackerHurricane also my Blog MalwareArchaeology.com
  3. 3. Goal • Interaction – Don’t be a Ding Dong and NOT ask a question… you WILL be rewarded • Learn some basics • Top 10 things everyone must do well MalwareArchaeology.com
  4. 4. • We discovered this May 2012 • Met with the Feds ;-) Why listen to me MalwareArchaeology.com
  5. 5. Yup, our PII is gone MalwareArchaeology.com
  6. 6. Of course you can… MalwareArchaeology.com
  7. 7. Step 1 Think about recovery MalwareArchaeology.com
  8. 8. Recovery – Your Backups • No matter what might happen, a hardware failure, theft, natural disaster or hackers with malware or worse a breach, recovery is your #1 goal • This means backups are key to your continued success • Organize the software you use, the data you have as that will aid in recovery IF, I mean WHEN something bad happens • Why? Because malware is software and you usually do not know it is on your system until something bad happens or AV goes off or someone calls you (the suits) and tells you that you have been breached. ;-( MalwareArchaeology.com
  9. 9. Backups • For desktops data should be stored on a server that is backed up • If you must store data on your desktop or laptop, then use a backup solution like Carbonite • Have your IT person, people or consultant validate the solution is working • Some solutions offer a boot disk to recover the entire system, OS and data • But how do you know when your system went bad? What backup do you recover the OS from? What if it was infected for weeks? • Why I prefer and recommend rebuilding the OS and Applications from scratch and then restore your data. MalwareArchaeology.com
  10. 10. Step 2 Rebuilding a system MalwareArchaeology.com
  11. 11. Rebuild a system quickly • Backups have your data • But the PC, MAC or Server OS needs to be built from scratch • Instructions, steps, special configurations • Make it easier for your IT person, people or consultant helping your organization to rebuild a dead or hacked system as fast as possible • Documentation for fast recovery is key MalwareArchaeology.com
  12. 12. Rebuilding is a good thing • It is the ONLY way you know your system is 100% clean! • Malware is written well to operate without detection for days, weeks or months • I rebuild my PC’s once or more per year • Patching takes the longest, takes me 2 hours to get up and running, 24 hours to finish patching • Restoring a backup of an OS will take about an hour, give or take, but how do you know it is clean? MalwareArchaeology.com
  13. 13. Step 3 Data and OS should be seperate MalwareArchaeology.com
  14. 14. Your Data and OS should not mix • One of the worst things I see is where people store data on the same drive as their operating system • If you want easier backups, keep data on a drive that does NOT contain the operating system to make it easier to rebuild a system and restore data • Only the OS and applications should be on the drive that boots the operating system • I prefer using a server share for your data that gets backed up, but we have laptops with one drive, so partition it into two parts; OS and Data MalwareArchaeology.com
  15. 15. Your data and OS should not mix • If you don’t use it, uninstall it • Less is more as far as Apps • Only install what you need and take an inventory • Please don’t store data in My Document ;-( – User space is first to be hit in a RansomWare event MalwareArchaeology.com
  16. 16. Step 4 Don’t be an Administrator MalwareArchaeology.com
  17. 17. Verizon DBIR How you get owned MalwareArchaeology.com
  18. 18. You are just a user • PLEASE… Don’t run as Administrator • “But I have an application that must run as Admin…” Fine, there is “Run As Administrator” for this, enter these credentials as needed • IF you have to because of a poorly written or old application, then NO SURFING THE INTERNET !!!! Or opening email attachments! Consider isolating this system • 90% of vulnerabilities will fail exploitation if you are a General User MalwareArchaeology.com
  19. 19. Step 5 Patch !!! MalwareArchaeology.com
  20. 20. Patching is crucial • Windows and Apple can auto update • PLEASE make sure this is happening • Let it interrupt your day • Do NOT fall behind • Malware takes advantage of what we call “ZERO DAYS” or “0-Day” vulnerabilities and patching breaks their exploit within 2 weeks of discovery, your patches come monthly ! MalwareArchaeology.com
  21. 21. Step 6 Anti-Virus or Anti-Malware MalwareArchaeology.com
  22. 22. Anti-Virus is useful • Everyone should know that Anti-Virus is no longer what it use to be • But it does catch older (1 year+) emailed malware or older malware found on compromised websites • It does NOT do a good job on newly crafted Phishing Email SPAM campaigns or newly compromised websites • So don’t spend a lot on this, free solutions are almost as good as paid solutions • Windows Security Essentials (Windows 7 - Free) • Windows Defender (Windows 8 - Free) • Sophos (MAC OS – Free) • Install only ONE AV solution • Do not install Anti-Spyware or other “Fear-ware” prevention • Stick to the big names MalwareArchaeology.com
  23. 23. Step 7 Update Apps!!! MalwareArchaeology.com
  24. 24. Update your Apps • Malwarians (the hackers) pick on your apps as a way in • Keep them up to date! • Install Secunia Personal Software Inspector (PSI) or the paid version for business • Better yet do NOT use applications that are exploited regularly • Any guesses? MalwareArchaeology.com
  25. 25. Update your Apps • Adobe anything – Bad – Use FoxIT, Sumatra or other PDF Reader – If required (Quickbooks)) install Adobe Reader and then install FoxIT and mke it your default PDF reader – Adobe Flash is builtin to Chrome • Java – Bad – Disable Java in your browser • Anything that is Browser launched or email attachment launched will be exploited ! • Don’t use Internet Explorer !!! Use Chrome and/or Firefox or Safari MalwareArchaeology.com
  26. 26. Step 8 Better Safer Browser MalwareArchaeology.com
  27. 27. Better Browser • Firefox – Use Security Plugins – No Script (blocks scripting on websites) – Ad Block (blocks ads used to spread malware) – Web of Trust (gives you an idea of good and bad websites when you search) • Chrome – Use Security plugins – Script Block (blocks scripting on websites) – Ad Block (blocks ads used to spread malware) – Web of Trust (gives you an idea of good and bad websites when you search) • Safari – For MAC lovers – Firefox and Chrome too, same above applies MalwareArchaeology.com
  28. 28. Step 9 Passwords MalwareArchaeology.com
  29. 29. Passwords are evil • Strong passwords • What do you think? • Long and random – How long? – But I can’t remember them? – There are so many accounts… • Password Managers are incredible !!! – LastPass is my favorite – Store all your passwords – NEVER store them in your browser! • Use 2-Factor authentication (Google Authenticator or a Yubikey) MalwareArchaeology.com
  30. 30. Step 10 Bookmarks MalwareArchaeology.com
  31. 31. Bookmarks • You need to save websites you visit often • LastPass will do most of this for you, not just ones with passwords • Another item that gets lost when your system crashes or is replaced • Remember that first goal? • Xmarks will synchronize your bookmarks to the Internet so you can easily restore them on rebuild. Just a plugin to your browser MalwareArchaeology.com
  32. 32. Extra Infrastructure MalwareArchaeology.com
  33. 33. Verizon DBIR – Top Remediation items MalwareArchaeology.com
  34. 34. What if you are big enough for in house infrastructure? • Outsource these functions – Email – Email protection – Web Surfing protection – Endpoint protection (Malware detection and prevention) • Use a consultant to set these up, less for you to maintain • Think about the data you are storing with cloud services (ADP, Salesforce, Amazon, Google) and use ones that are trustworthy and well known MalwareArchaeology.com
  35. 35. Use the Security features the OS has • Whitelisting – Windows – Software Policy Restrictions – Windows Ultimate or Enterprise – AppLocker • Logging – Can do SO much to detect bad things, needs to be enabled and configured – Splunk #1 – Loggly #2 – You outsource this unless you have staff – #1 thing I will ask for and do if you need someone like me MalwareArchaeology.com
  36. 36. Safer Web Surfing • OpenDNS • Inexpensive way to reduce bad sites being visited MalwareArchaeology.com
  37. 37. In Summary • Ten things you CAN do to help reduce damage caused by one of many outages • Know when to ask for help implementing these items by asking your IT person, people or consultant to do these often and well • All these items are basically FREE or very low cost and yes, people time • You don’t need to pay me to delete malware on a PC or two, just rebuild them and move on at the speed of business MalwareArchaeology.com
  38. 38. Resources • My Website – MalwareArchaeology.com • This presentation – SlideShare.com – Search for Malware Archaeology • Attend training or a conference – Bsides - SecurityBSides.org MalwareArchaeology.com
  39. 39. Questions? • You can find me at: • @HackerHurricane • MalwareArchaeologist.com • HackerHurricane.com MalwareArchaeology.com