SCUGBE_Lowlands_Unite_2017_Ransomware vs. SysAdmin

Post on 21-Jan-2018

64 views 1 download

Preview:

Click to see full reader
Report this document
SHARE

transcript

Ransomware vs. SysAdminERIK LOEF

B

Erik Loef@erikloef

CTO

2day• Ransomware general• DEMO

• Application Whitelisting• DEMO

• Fileserver Protection• DEMO

• Windows 10 Fall Creators Update• DEMO

• Recap

general

variants• Lockers• CryptersKnown variants• Aids virus (1989)• Police | Fake Anitvirus• Cryptolocker/TelsaCrypt/Wildfirelocker

DEMORansomware end user experience

the other side

Pay

Application Whitelisting

let‘s take a look at SRP

Application Whitelisting

Microsoft Options

• AppLocker/Device Guard

• Good – Old – SRP

Third Party solutions

• RES

• Lumension

• Symantec

• and many many others

SRP

Advantages

• Working since Windows XP / Server 2003

• You can put it in ‘monitoring mode’ as a start

• Easy, everybody can do this

• Free

• Many examples and tools, I advise take a look at CryptoPrevent

DEMORansomware & SRP

File Server Resource Manager

• Quota Management

• File Screening Management

• Storage Reports Management

• Classification Management

File Screening Management

• unauthenticated API

• active vs. passive

• command execution

SEE https://fsrm.experiant.ca/

https://fsrm.experiant.ca/

DEMORansomware & FSRM

DEMOControlled Folder AccessAttack Surface Reduction Rules

RECAP

• Ransomware still has the attention!

• You can fix this! (without high investments)

• Windows 10 Fall Creators Update first OS with specific built-in anti- Ransomwaremechanismes

LINKS• https://technet.microsoft.com/en-us/library/cc732431(v=ws.11).aspx

• https://fsrm.experiant.ca/

• http://windowsitpro.com/systems-management/q-how-can-we-verify-software-restriction-policy-srp-rule-we-defined-one-our-appli

• https://technet.microsoft.com/en-us/library/bb457006.aspx

• https://www.foolishit.com/cryptoprevent-malware-prevention/

• https://technet.microsoft.com/en-us/library/3f1faff2-cf65-42ce-9df8-a22bac671047

• https://www.nomoreransom.org/

• https://www.fraudehelpdesk.nl/

• www.twitter.com/erikloef

• https://gallery.technet.microsoft.com/scriptcenter/Protect-your-File-Server-f3722fce

• http://blog.netwrix.com/2016/04/11/ransomware-protection-using-fsrm-and-powershell/

Thanks to our event sponsors

Silver

Gold

Top related

Sysadmin Guide Linux to Solaris10
Documents
Sysadmin & AOL
Documents
Your Inner Sysadmin - MidwestPHP 2015
Internet
2 Solaris Sysadmin
Documents
Dru lavigne oss-sysadmin
Technology
Sysadmin Perl
Documents
Reference Manual - SAPinfocenter-archive.sybase.com/help/topic/com.sybase.help...Contents Reference Manual vii sysadmin site_version 330 sysadmin sqm_purge_queue 333 sysadmin sqm_unzap_command
Documents
Test Driven Sysadmin
Technology
Unix Sysadmin
Documents
Ontap 8 sysadmin
Documents
Danss - Theory of SysAdmin
Documents
RHCE @Sysadmin Academy :
Documents
R12 Sysadmin Configuration guide
Documents
From Sysadmin to SRE
Documents
Oracle Apps SysAdmin Configurations
Documents
Sysadmin Info]
Documents
R12 Sysadmin Guide
Documents
linux-to-solaris sysadmin guide
Documents
Gc Sysadmin
Documents
sysadmin 8
Documents

Copyright © 2018 DOCUMENTS