Ok, what would be your list? Op 31 okt. 2012 13:34 schreef "Ken Schaefer" <[email protected]> het volgende:
> Thanks for the response.**** > > ** ** > > From what I’ve seen in NIPS only finds “low hanging fruit” attacks – not > actual compromises. I suspect this is because most NIPS are only able to > detect these reasonably well known attacks, and not the more customised > stuff. Anything a NIPS picks up is probably not a successful attack – just > an attempted attack. It doesn’t mean that the org is vulnerable per se.*** > * > > ** ** > > IMHO, things like “default passwords not changed” and similar items are > things that smaller orgs and home users face. Larger orgs have better > policies around this, plus audits that should pick up these types of issues. > **** > > ** ** > > Cheers**** > > Ken**** > > ** ** > > *From:* Ziots, Edward [mailto:[email protected]] > *Sent:* Wednesday, 31 October 2012 11:09 PM > *To:* NT System Admin Issues > *Subject:* RE: 7 shortcuts To Get Your Network Hacked (huh?)**** > > ** ** > > Personal experience, Professional conferences ( SANS, ISC, ISACA > otherwise) plus threat intelligence I get from legit sources and from the > underground. When you are looking at packets and traffic from IDS/IPS’s > all day you tend to see similarities in things. Plus when you are doing a > lot of Incident response, the same root causes tend to show up when you > look at the evidence time and time again. **** > > ** ** > > Z**** > > ** ** > > Edward E. Ziots, CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* Ken Schaefer [mailto:[email protected] <[email protected]>] > *Sent:* Wednesday, October 31, 2012 7:16 AM > *To:* NT System Admin Issues > *Subject:* RE: 7 shortcuts To Get Your Network Hacked (huh?)**** > > ** ** > > If people are not reporting the hacks on their own network, then my > question is, again: how are people determining what goes on their lists? > “The media” was just an example on my part.**** > > ** ** > > Secondly, how do you know that “a lot of times the biggest breaches are > because the basics are being done from the start”? Is this from your > personal experience? From reading things on the internet? From professional > conferences? Some other reason? My follow-up question would be: why do you > think that the sample size that you have seen is representative?**** > > ** ** > > My questions are purely academic – I’m interesting in knowing more. My > experience is different to many of the items so far offered, and I’d like > to know whether it’s because my experience isn’t representative, people are > in different environments, people read different things to me, etc.**** > > ** ** > > FWIW, I note that you still don’t answer the question**** > > ** ** > > Cheers**** > > Ken**** > > ** ** > > *From:* Ziots, Edward [mailto:[email protected] <[email protected]>] > *Sent:* Wednesday, 31 October 2012 7:38 PM > *To:* NT System Admin Issues > *Subject:* RE: 7 shortcuts To Get Your Network Hacked (huh?)**** > > ** ** > > I can say this:**** > > ** ** > > **1) **People aren’t going to talk about internal hacks on their > networks (Op-Sec is in effect from my military days), so why even ask?**** > > **2) **Media sometimes is about as trustworthy as snake-oil potion > from back in the 1800’s. I feel that a lot of vulnerabilities that are > discussed are sensationalized, and sometimes created to enhance FUD in the > consumer base to boost sales of security “solutions” to pad companies > bottom line. **** > > ** ** > > But a lot of times the biggest breaches in security is because the basic’s > aren’t being done correctly from the start, and the can is getting “kicked > down the road” for a better term, until something bad happens, a lot are > turning a blind eye to the aspect rather than meeting the challenge head-on > and working towards a solution and improving their processes so that the > risk that was identify and rememdiated does not crop up again in the > configuration of systems. (This is where I do a lot of my current work in > the %day-job%)**** > > ** ** > > Z**** > > ** ** > > Edward E. Ziots, CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* Ken Schaefer [mailto:[email protected] <[email protected]>] > *Sent:* Wednesday, October 31, 2012 4:10 AM > *To:* NT System Admin Issues > *Subject:* RE: 7 shortcuts To Get Your Network Hacked (huh?)**** > > ** ** > > I agree with the statement below. But it’s not an answer to my question.** > ** > > ** ** > > ** ** > > *From:* Ziots, Edward [mailto:[email protected] <[email protected]>] > *Sent:* Wednesday, 31 October 2012 6:51 PM > *To:* NT System Admin Issues > *Subject:* RE: 7 shortcuts To Get Your Network Hacked (huh?)**** > > ** ** > > Ken everyone’s experiences are different, depends on where they work, > which industry and what they are a target from. I am sure in healthcare I > have a different risk profile as compared to the Banking industry, as > compared to the retail industry. **** > > ** ** > > Z**** > > ** ** > > Edward E. Ziots, CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* Ken Schaefer [mailto:[email protected] <[email protected]>] > *Sent:* Wednesday, October 31, 2012 3:39 AM > *To:* NT System Admin Issues > *Subject:* RE: 7 shortcuts To Get Your Network Hacked (huh?)**** > > ** ** > > I’m curious to know how people are coming up with these lists. Are they > based on personal experience of hacks in your own workplace? Or what you > are seeing/reading “in the media”?**** > > ** ** > > My experience is a fair bit different to most of the responses so far.**** > > ** ** > > Cheers**** > > Ken**** > > ** ** > > *From:* Ziots, Edward [mailto:[email protected] <[email protected]>] > *Sent:* Wednesday, 31 October 2012 6:29 PM > *To:* NT System Admin Issues > *Subject:* RE: 7 shortcuts To Get Your Network Hacked (huh?)**** > > ** ** > > **1) **Failure to properly harden their systems from attack. ( > Patching, Access-lists, Firewall settings)**** > > **2) **Using unapproved software on systems that introduces malware, > or Trojan backdoors on systems.**** > > **3) **Failure to properly use least privilege and separation of > duties, to limit exposure to systems and processes. **** > > **4) **Using vulnerable database/Web applications which are exposed > to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) > **** > > **5) **Lack of proper ingress and egress filtering at firewall/VPN > access into and out of the corporate network, DMZ and otherwise. **** > > **6) **Failure to use Antivirus or out of date signatures for > AV/HIPS to detect common known malware/Trojans ( Again getting less > effective by the day since a lot of malware these days is custom and it is > used to bypass AV detection. **** > > **7) **Giving users admin privileges and not controlling code > execution on endpoint systems (Again this is how most of the > malware/malcode is getting on the systems in the first place ( drive by > downloads, etc etc)**** > > ** ** > > Z**** > > ** ** > > Edward E. Ziots, CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* Stu Sjouwerman > [mailto:[email protected]<[email protected]>] > > *Sent:* Tuesday, October 30, 2012 1:39 PM > *To:* NT System Admin Issues > *Subject:* 7 shortcuts To Get Your Network Hacked (huh?)**** > > ** ** > > Hi Guys,**** > > ** ** > > Yes, that was on purpose. In your opinion, what are the most gruesome > errors a system admin can make**** > > which will result in getting their network hacked? Just jot down a few and > reply to the list, I will tabulate**** > > and come up with the 7 most mentioned sorted by importance. This should > be fun. **** > > ** ** > > Have at it !!**** > > ** ** > > Warm regards,**** > > ** ** > > Stu **** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
