Honestly, what I have seen from audits, they don't always catching these type of things. Again you basically need to do your own Controls Self Assessment on your systems and doing the proper risk management of your systems.
Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Ken Schaefer [mailto:[email protected]] Sent: Wednesday, October 31, 2012 8:32 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Thanks for the response. >From what I've seen in NIPS only finds "low hanging fruit" attacks - not actual compromises. I suspect this is because most NIPS are only able to detect these reasonably well known attacks, and not the more customised stuff. Anything a NIPS picks up is probably not a successful attack - just an attempted attack. It doesn't mean that the org is vulnerable per se. IMHO, things like "default passwords not changed" and similar items are things that smaller orgs and home users face. Larger orgs have better policies around this, plus audits that should pick up these types of issues. Cheers Ken From: Ziots, Edward [mailto:[email protected]] Sent: Wednesday, 31 October 2012 11:09 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Personal experience, Professional conferences ( SANS, ISC, ISACA otherwise) plus threat intelligence I get from legit sources and from the underground. When you are looking at packets and traffic from IDS/IPS's all day you tend to see similarities in things. Plus when you are doing a lot of Incident response, the same root causes tend to show up when you look at the evidence time and time again. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Ken Schaefer [mailto:[email protected]] Sent: Wednesday, October 31, 2012 7:16 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) If people are not reporting the hacks on their own network, then my question is, again: how are people determining what goes on their lists? "The media" was just an example on my part. Secondly, how do you know that "a lot of times the biggest breaches are because the basics are being done from the start"? Is this from your personal experience? From reading things on the internet? From professional conferences? Some other reason? My follow-up question would be: why do you think that the sample size that you have seen is representative? My questions are purely academic - I'm interesting in knowing more. My experience is different to many of the items so far offered, and I'd like to know whether it's because my experience isn't representative, people are in different environments, people read different things to me, etc. FWIW, I note that you still don't answer the question Cheers Ken From: Ziots, Edward [mailto:[email protected]] Sent: Wednesday, 31 October 2012 7:38 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I can say this: 1) People aren't going to talk about internal hacks on their networks (Op-Sec is in effect from my military days), so why even ask? 2) Media sometimes is about as trustworthy as snake-oil potion from back in the 1800's. I feel that a lot of vulnerabilities that are discussed are sensationalized, and sometimes created to enhance FUD in the consumer base to boost sales of security "solutions" to pad companies bottom line. But a lot of times the biggest breaches in security is because the basic's aren't being done correctly from the start, and the can is getting "kicked down the road" for a better term, until something bad happens, a lot are turning a blind eye to the aspect rather than meeting the challenge head-on and working towards a solution and improving their processes so that the risk that was identify and rememdiated does not crop up again in the configuration of systems. (This is where I do a lot of my current work in the %day-job%) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Ken Schaefer [mailto:[email protected]] Sent: Wednesday, October 31, 2012 4:10 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I agree with the statement below. But it's not an answer to my question. From: Ziots, Edward [mailto:[email protected]] Sent: Wednesday, 31 October 2012 6:51 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Ken everyone's experiences are different, depends on where they work, which industry and what they are a target from. I am sure in healthcare I have a different risk profile as compared to the Banking industry, as compared to the retail industry. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Ken Schaefer [mailto:[email protected]] Sent: Wednesday, October 31, 2012 3:39 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I'm curious to know how people are coming up with these lists. Are they based on personal experience of hacks in your own workplace? Or what you are seeing/reading "in the media"? My experience is a fair bit different to most of the responses so far. Cheers Ken From: Ziots, Edward [mailto:[email protected]] Sent: Wednesday, 31 October 2012 6:29 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) 1) Failure to properly harden their systems from attack. ( Patching, Access-lists, Firewall settings) 2) Using unapproved software on systems that introduces malware, or Trojan backdoors on systems. 3) Failure to properly use least privilege and separation of duties, to limit exposure to systems and processes. 4) Using vulnerable database/Web applications which are exposed to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) 5) Lack of proper ingress and egress filtering at firewall/VPN access into and out of the corporate network, DMZ and otherwise. 6) Failure to use Antivirus or out of date signatures for AV/HIPS to detect common known malware/Trojans ( Again getting less effective by the day since a lot of malware these days is custom and it is used to bypass AV detection. 7) Giving users admin privileges and not controlling code execution on endpoint systems (Again this is how most of the malware/malcode is getting on the systems in the first place ( drive by downloads, etc etc) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Stu Sjouwerman [mailto:[email protected]] Sent: Tuesday, October 30, 2012 1:39 PM To: NT System Admin Issues Subject: 7 shortcuts To Get Your Network Hacked (huh?) Hi Guys, Yes, that was on purpose. In your opinion, what are the most gruesome errors a system admin can make which will result in getting their network hacked? Just jot down a few and reply to the list, I will tabulate and come up with the 7 most mentioned sorted by importance. This should be fun. Have at it !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
