Presentation is loading. Please wait.

Presentation is loading. Please wait.

GCSC August 2005. Backup Exec Critical Vulnerability Cannot offer tcp/6101, tcp/6106 & tcp/10000 to offsite Will be scanning from offsite soon Strongly.

Published byMelissa Malone Modified over 8 years ago

Similar presentations

Presentation on theme: "GCSC August 2005. Backup Exec Critical Vulnerability Cannot offer tcp/6101, tcp/6106 & tcp/10000 to offsite Will be scanning from offsite soon Strongly."— Presentation transcript:

1 GCSC August 2005

2 Backup Exec Critical Vulnerability Cannot offer tcp/6101, tcp/6106 & tcp/10000 to offsite Will be scanning from offsite soon Strongly encouraged to limit access while onsite to only between the backup servers & clients Will be performing onsite scans in a few months

3 MS05-039 Critical Vulnerability 22 infections ~200 vulnerable machines Need better patching efforts across the Lab (DOE will be happy to do this for us) NIMI & SMS worked very well How can CST communicate better?

4 DOE wants our jobs Patching Virus Scanning Access Controls Baseline Configurations Versioning System Administration Inventory/Asset Management User tracking/authentication/identification

5 Penetration Testing Preparation Policies and Procedures C&A Package Security Plans Risk Assessments Self Assessments Network Diagrams Access Control Lists Firewall Rules Netblock Information Phone number blocks WLAN Access Points

6 Penetration Testing External: Footprinting NMAP Nessus Exploit Wardialing

7 Penetration Testing cont Internal: Very loud/no masking/no IDS evasion Wardriving NMAP Nessus/ISS/SAINT CANVAS/Metasploit/Custom Exploits Exploit misconfigurations Last resort: ARP poisoning/AP impersonation No intentional DoS, but may crash services

8 Penetration Testing cont Social Engineering: Opt-in for the ASSIST, required for Red Team Call helpdesks to get passwords reset/given over phone Crafted/directed emails Driveby emails Plants

9 Penetration Testing cont Reports: Big stack of open ports/reachable hosts Nessus/ISS canned reports Evaluated vulnerability reports

Download ppt "GCSC August 2005. Backup Exec Critical Vulnerability Cannot offer tcp/6101, tcp/6106 & tcp/10000 to offsite Will be scanning from offsite soon Strongly."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Vulnerability and Configuration Management Best Practices for State and Local Governments Jonathan Trull, CISO, Qualys, Inc.

Vulnerability and Configuration Management Best Practices for State and Local Governments Jonathan Trull, CISO, Qualys, Inc.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.

Information Technology Audit Process Business Practices Seminar Paul Toffenetti, CISA Internal Audit 29 February 2008.
Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.

Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.
University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.

Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.
Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.

Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services.

OUHSC Information Security Update IT, Information Security Services Randy Moore Mike Waller Nathan Gibson Greg Bostic IT, Information Security Services.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Similar presentations

Ads by Google