Embed Size (px)
DESCRIPTION
More info on http://www.techdays.be
Citation preview
10 Deadly Sinsof Administrators about Windows Security
PaulaJanuszkiewiczCQURE: IT Security Auditor, MVP: Enterprise Security, MCThttp://blogs.technet.com/plwit/ [email protected]
http://facebook.com/MVPpress
http://twitter.com/MVPpress
Follow us on:
MVP-Press Training Course
Planning, Deploying and Managing Microsoft Forefront Threat Management Gateway 2010
Available for online purchase: http://www.mvp-press.com
Agenda
1 2 3
Intruduction
Top 10 Sins: From bottom to top
Summary
Agenda
1 2 3
Intruduction
Top 10 Sins: From bottom to top
Summary
10. Weak
DemoWeak Password or… No Password
9. Insecure Internet Browsing
DemoIf you pay peanuts, you get monkeys…?
8. Lack of updates
7. Lack of Encryption
DemoHTTPS Traffic
DemoOffline Access
6. WYSI (NOT) WYG
DemoExplorer.exe
5. Network Monitoring
DemoEvil Website & Sniffing
4. Pirated Software
DemoMalware on Board
3. Lack of Backup Mechanisms
DemoEntryTTL
Entry TTL!
Ouch!
2. Lack of Training
DemoImage Hijacks
1. Lack
of
Documentation
DemoAutoruns
Life without passwords…
10. Weak Passwords
Summary
9. Insecure Internet Browsing
8. Lack of Regular Updates
7. Lack of Encryption
6. WUSI (NOT) WUG
5. Lack of Network Monitoring
4. Using Pirated Software
Top 10 List
3. Lack of Backup Mechanisms
2. Lack of Training
1. Lack of Documentation
Be Proactive!• Infrastructure must be well documented• Split and rotate tasks between admins• Use the legal code
• Perform periodical checks• Autoruns• Kernel Level Files• Network Traffic• Processes
Sourc
e:
Heard
.Typ
ePa
d.c
om
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
