Finding Exploitable Admin Systems A “How To” Guide for SecurityCenter.

Slides:

Advertisements

Similar presentations

WordPress Installation for Beginners Sheila Bergman

Advertisements

3D Tool Examples Dave Breslin Tenable Discussions Forum)

29 Oded Moshe, VP Products & IT Official Release May 24, 2011 SysAid 8.0.

Managing Your Organisation’s Portal Team Account Tutorial 7.

Breaking Kill Chains A “How To” Guide for SecurityCenter.

{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 

SecurityCenter Reporting Nessus Scan Report. SecurityCenter Reports For customers who use Nessus for vulnerability scanning and then move to SecurityCenter,

Create trial invitations Create purchase offers Create delegated admin requests Search for customers (by domain) Perform delegated admin tasks All previous.

System and Network Security Practices COEN 351 E-Commerce Security.

Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Web UI and BrightAuthor networking features

User Responsibility A “How To” Guide for SecurityCenter.

SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Creating Online Class Communities Jennifer Dorman Discovery Education

PROACTIS: Supplier User Guide Contract Management.

Vulnerability Types And How to Use Them.

BOLD 2.0 Login and Access Help Guide Note: BOLD will be inaccessible from 9:00 pm ET on Friday, June 1, to 7:00 am ET on Monday, June 4, so that the upgrade.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Norman SecureSurf Protect your users when surfing the Internet.

Using Iterators in Reports

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

© 2010 VMware Inc. All rights reserved Access Control Module 8.

Access Control Module 8. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A vSphere Environment Introduction to VMware.

Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in We create innovative software solutions for SharePoint,

Linux Operations and Administration

Copyright Justin C. Klein HECTOR Security Intelligence Platform Developed for: University of Pennsylvania School of Arts & Science.

Malware Hunter How To Guide for SecurityCenter Continuous View™

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

DocuShare Training Welcome to DocuShare Training.

The Asset Inventory Management module assists with data collection and discovery management processes. Collected information is interpreted and automatically.

Overview AdministrationEmployeeCustomerWaiting Screen.

Zscaler New Interface and Reporting From Saturday 8 th June 2013.

1 What’s the difference between DocuShare 3.1 and 4.0?

Using Assets with Dashboards A Guide. About this Guide This guide shows how to create, export, and load a dashboard that requires an asset This guide.

Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.

1 Chapter Overview Understanding User Accounts Planning New User Accounts Creating, Modifying, and Deleting User Accounts Setting Properties for User Accounts.

Metalib Categories Administration. 2 The MetaLib Management interface is used for set up procedures relating to categories. Using the Categories Administration.

South Dakota Library Network MetaLib Management Basics Categories Administration South Dakota Library Network 1200 University, Unit 9672 Spearfish, SD.

TCOM Information Assurance Management System Hacking.

Customer Hub Protect Your Content. What We’ll Be Talking About Customer Hub is a powerful content management system that is fully integrated with Infusionsoft.

SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.

Module 10: Implementing Administrative Templates and Audit Policy.

Using Find / Update in SecurityCenter Reports A “How To” Guide for SecurityCenter.

January 30, 2016 Sub-Office Access to COM. Lesson Overview: Sub-Office Access to COM  In this lesson we will cover:  Edit Office Logo  TaxWise Updates.

Operating Systems Concepts 1/e Ruth Watson Chapter 9 Chapter 9 Accounts and Groups Ruth Watson.

Adxstudio Portals Training

1 Chapter Overview Monitoring Access to Shared Folders Creating and Sharing Local and Remote Folders Monitoring Network Users Using Offline Folders and.

IPT – Organisational Structures June Structural Scenarios Administer IPT – Endorsement Workflow Manage Resources Demonstration Organisational Structures.

Portal Offline Duncan Grey, Portal Manager What’s it for? The Education Portal is intended to provide information from Cambridgeshire CC Services to.

© CGI Group Inc. User Guide PrimePortal – General.

How Magento eCommerce Enterprises Works and Manage Zaptech Solutions.

17 Copyright © 2006, Oracle. All rights reserved. Information Publisher.

Securing Privileged Identities Joseph Dadzie, Principal PM Manager, Microsoft 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 James Cowling,

Kevin Watson and Ammar Ammar IT Asset Visibility.

Xxx Presentation, No 1 Copyright © TAC AB Engineering Classic Networks1.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

C IBM Security QRadar SIEM V7.2.6 Associate Analyst

Automating Security Frameworks

12 | Monitoring Office 365 Anthony Steven | Principal Technologist, Content Master Martin Coetzer | Portfolio Architect, Microsoft.

WordPress Development Company It is open source content management (CMS) system based on PHP and MySQL. Wordpress have highly competition in the website.

CIT 480: Securing Computer Systems

BrightSign Network Secure, scalable and affordable cloud-based digital sign network service.

Navigating through TIDE

Activating your account and navigating through TIDE

Windows Active Directory Environment

Presentation transcript:

Finding Exploitable Admin Systems A “How To” Guide for SecurityCenter

Exploitable Admin Systems If the hosts used to administer the network are vulnerable, then a malicious entity can exploit them to compromise the entire network! How can SecurityCenter be used to find hosts that are used to administer other systems AND that also have exploitable vulnerabilities?

Find Administrative Systems Plugin , User Source Summary o Plugin output gives list of user accounts that have logged into remote systems from this host o If output contains 'root', 'Administrator', or another Windows management account name, then it is likely that this host was used to administer other systems on the network

Find Administrative Systems Admin SystemsUse dynamic asset: Admin Systems o Available in feed by selecting category Collected Data, and then selecting tags admin or root

Find Administrative Systems If the Windows management account has been renamed from ‘Administrator’ to something else, text search clauses can be added in the asset.

Find Exploitable Systems Hosts that for at least one vulnerability detected, plugin text indicates that an exploit is available for the vulnerability, or that an exploit framework (such as Metasploit) can exploit the vulnerability.

Find Exploitable Systems Exploitable (Generic)Use dynamic asset: Exploitable (Generic) o Available in feed by selecting category Vulnerabilities, and then selecting tag exploitable

Find Exploitable Admin Systems combination assetNow use a combination asset to find systems that are both administrative AND exploitable

Find Exploitable Admin Systems This new combination asset can be used in dashboards and reports, to display for example: o Top vulnerabilities on admin systems (Vulnerability Summary) o Top exploitable admin systems (IP Summary) o Top remediations for admin systems (Remediation Summary) o And more!

Combination Assets Combination assets (assets of assets) can be used to locate systems that belong to both one group AND another group, or that belong to one group OR another group o For example, the Exploitable (Generic) asset could be combined with other dynamic assets to find the systems in those groups that are exploitable Combination assets are dynamically updated, so any network changes are immediately reflected

For Questions Contact Tenable Customer Support Portal