Information Technology Security:Information Technology Security:Fitting Into the Big PictureBrandon Hoffman, KPMG LLP

Fitting Into the Big PictureBrandon Hoffman, KPMG LLP

Topics for DiscussionTopics for Discussion

IT Security in the BusinessRisk, Audit Support, Compliance

Policies, Standards, and ProceduresIT Security’s Role in Creation and

EnforcementTypical IT Security Technical Work

Intrusion Detection/PreventionEthical Hacking/Penetration Testing

IT Security in the BusinessRisk, Audit Support, Compliance

Policies, Standards, and ProceduresIT Security’s Role in Creation and

EnforcementTypical IT Security Technical Work

Intrusion Detection/PreventionEthical Hacking/Penetration Testing

The CISO AgendaThe CISO Agenda

Core FunctionsCore Functions

BusinessBusiness

Regulatory Regulatory ComplianceCompliance

TechnologyTechnologyEnablementEnablement

Alignment with Business Goals / ObjectivesAlignment with Business Goals / ObjectivesBrand Protection & EnhancementBrand Protection & Enhancement

Linkage to EnterpriseLinkage to Enterprise Risk MgmtRisk Mgmt

Metrics / BenchmarkingMetrics / Benchmarking

Business ContinuityBusiness Continuity

Compliance / Internal AuditCompliance / Internal Audit

Disaster RecoveryDisaster Recovery

StrategyStrategyPrivacy / Security BreachPrivacy / Security Breach

Vulnerability / Patch ManagementVulnerability / Patch ManagementStaffing SupportStaffing Support

High AvailabilityHigh Availability

Identity ManagementIdentity Management

M&AM&A Executive / Board ReportingExecutive / Board Reporting

Mobile ComputingMobile Computing

Evolving ThreatsEvolving Threats

Managing 3rd Party Risk (Outsourcers)Managing 3rd Party Risk (Outsourcers)Culture / AwarenessCulture / Awareness

CISOCISO

RiskRisk

IT Security performs a critical role in assessing risk in the organization.

Vulnerability ScanningPenetration Testing Industry Trends IT StrategyFamiliarity with Audit and

Compliance measures

IT Security performs a critical role in assessing risk in the organization.

Vulnerability ScanningPenetration Testing Industry Trends IT StrategyFamiliarity with Audit and

Compliance measures

Audit SupportAudit Support

In many cases, IT Security is heavily relied upon to perform in depth testing required by an audit organization. Security is enlisted by audit because:

Technical expertise Familiarity with current issues

from internal testingFamiliarity with Policies,

Standards, and Procedures

In many cases, IT Security is heavily relied upon to perform in depth testing required by an audit organization. Security is enlisted by audit because:

Technical expertise Familiarity with current issues

from internal testingFamiliarity with Policies,

Standards, and Procedures

ComplianceCompliance

Compliance may relate to internal compliance or external compliance.

Internal compliance:Policies and StandardsSecurity and Configuration baselinesFramework use – ISO, COBIT, ITIL,

GAISP, NISTBest Practices

Compliance may relate to internal compliance or external compliance.

Internal compliance:Policies and StandardsSecurity and Configuration baselinesFramework use – ISO, COBIT, ITIL,

GAISP, NISTBest Practices

Compliance cont’dCompliance cont’d

External compliance:SOX (Sarbanes Oxley)

COSO FrameworkHIPAAPCISafe Harbor

External compliance:SOX (Sarbanes Oxley)

COSO FrameworkHIPAAPCISafe Harbor

ISO Leading PracticesISO Leading Practices

Source: www.rsa.com

Compliance in ActionCompliance in Action

Source: www.rsa.com

Internal PolicyInternal Policy

IT Security is regularly tasked with creation and enforcement of IT policies, standards, and procedures. Creation and enforcement of these documents require:

Understanding of audit roles and procedures Familiarity with all systems, networks, and

applications Compliance considerations

IT Security is regularly tasked with creation and enforcement of IT policies, standards, and procedures. Creation and enforcement of these documents require:

Understanding of audit roles and procedures Familiarity with all systems, networks, and

applications Compliance considerations

Internal Policy cont’dInternal Policy cont’d

Definitions: A Policy is a set of directional statements and

requirements aiming to protect corporate values, assets and intelligence. Policies serve as the foundation for related standards, procedures and guidelines.

A Standard is a set of practices and benchmarks employed to comply with the requirements set forth in policies. A standard should always be a derivation of a policy, as it is the second step in the process of a company’s policy propagation.

A Procedure is a set of step-by-step instructions for implementing policy requirements and executing standard practices.

Definitions: A Policy is a set of directional statements and

requirements aiming to protect corporate values, assets and intelligence. Policies serve as the foundation for related standards, procedures and guidelines.

A Standard is a set of practices and benchmarks employed to comply with the requirements set forth in policies. A standard should always be a derivation of a policy, as it is the second step in the process of a company’s policy propagation.

A Procedure is a set of step-by-step instructions for implementing policy requirements and executing standard practices.

Internal Policy cont’dInternal Policy cont’d

Internal Policy cont’dInternal Policy cont’d

Policy creation and enforcement cycle

Policy creation and enforcement cycle

Policy Business CasePolicy Business Case

A top 5 global food retailer has a massive IT/IS infrastructure and good governance….but no real policies!

Policies are the foundation for enforcing IT compliance and governance.

What policies were written for the client…

A top 5 global food retailer has a massive IT/IS infrastructure and good governance….but no real policies!

Policies are the foundation for enforcing IT compliance and governance.

What policies were written for the client…

Policy Business Case cont’d

Policy Business Case cont’d

Policies written for IT Security: Acceptable Use Policy Information Classification & Ownership Policy Risk Assessment & Mitigation Policy Access Control Policy Network Configuration and Communication Policy Remote Access Policy Business Continuity Policy Incident Response Policy Third Party Data Sharing Policy System Implementation & Maintenance Secure Application Development Cryptography & Key Management Mobile Computing Physical & Environmental Security

Policies written for IT Security: Acceptable Use Policy Information Classification & Ownership Policy Risk Assessment & Mitigation Policy Access Control Policy Network Configuration and Communication Policy Remote Access Policy Business Continuity Policy Incident Response Policy Third Party Data Sharing Policy System Implementation & Maintenance Secure Application Development Cryptography & Key Management Mobile Computing Physical & Environmental Security

Q & AQ & A

ANY QUESTIONS? ANY QUESTIONS?

Intrusion DetectionIntrusion Detection

Intrusion Detection Systems are just what they seem to be.

Detect and Alert Host Based and Network Based

How they work? Statistical Modeling Heuristics Trending

End result? Similar to home security system

Intrusion Detection Systems are just what they seem to be.

Detect and Alert Host Based and Network Based

How they work? Statistical Modeling Heuristics Trending

End result? Similar to home security system

Intrusion Detection cont’dIntrusion Detection cont’d

Intrusion Prevention Systems

Intrusion Prevention Systems

Actively participates in defense of security violations

Host based IPS:Resident to the host machine. Monitors

system calls and inbound traffic. Creates a baseline and can prevent internal “bad” behavior through system controls.

Typically works in conjunction with Anti-virus

Sandboxing – Creates isolated “scratch” disk space to run untrusted platforms or applications from untrusted third parties

Actively participates in defense of security violations

Host based IPS:Resident to the host machine. Monitors

system calls and inbound traffic. Creates a baseline and can prevent internal “bad” behavior through system controls.

Typically works in conjunction with Anti-virus

Sandboxing – Creates isolated “scratch” disk space to run untrusted platforms or applications from untrusted third parties

Intrusion Prevention cont’d

Intrusion Prevention cont’d

Network based IPS has several operating modes or implementations:Inline IPS is directly inline with the

data stream similar to a firewallGateway Interaction performs packet

analysis interactively with the router/firewall

Network based IPS has several operating modes or implementations:Inline IPS is directly inline with the

data stream similar to a firewallGateway Interaction performs packet

analysis interactively with the router/firewall

Intrusion Prevention cont’d

Intrusion Prevention cont’d

Network intrusion prevention action methods:Content based – Inspects packet

contents for unique sequences or “signatures” to prevent known attacks

Protocol analysis – Decodes known protocols to detect anomalous behavior

Rate based – Used to prevent Denial of Service attacks

Network intrusion prevention action methods:Content based – Inspects packet

contents for unique sequences or “signatures” to prevent known attacks

Protocol analysis – Decodes known protocols to detect anomalous behavior

Rate based – Used to prevent Denial of Service attacks

Intrusion Prevention cont’d

Intrusion Prevention cont’d

Core Design: www.pandasecurity.com

IPS Business Case 1IPS Business Case 1Company X requires a homogeneous solution due to

compliance and governance restrictions. The facts: Cisco is the network hardware provider for all

communications. All connections need to be monitored:

VOIP Hosts Gateways VPN Routers and Switches Ingress/Egress traffic (Firewall)

The aggregation point for analysis and statistics must be built on a windows server platform

The solution must be licensed The solution should not be built on open source code Support from the vendor must be highly available regardless

of cost

Company X requires a homogeneous solution due to compliance and governance restrictions. The facts:

Cisco is the network hardware provider for all communications.

All connections need to be monitored: VOIP Hosts Gateways VPN Routers and Switches Ingress/Egress traffic (Firewall)

The aggregation point for analysis and statistics must be built on a windows server platform

The solution must be licensed The solution should not be built on open source code Support from the vendor must be highly available regardless

of cost

IPS Business Case 1 cont’d

IPS Business Case 1 cont’d

How do you choose?How do you choose?

© 2008 Gartner, Inc. and/or its Affiliates. All Rights

Reserved.

IPS Business Case 1 cont’d

IPS Business Case 1 cont’d

Cisco SolutionsPoints to consider: Homogeneous

solution Proprietary Code Base Supreme Support Current Vendor Management easy but

not intuitive Fewer vulnerability

signatures Cost

Cisco SolutionsPoints to consider: Homogeneous

solution Proprietary Code Base Supreme Support Current Vendor Management easy but

not intuitive Fewer vulnerability

signatures Cost

Sourcefire SolutionsPoints to consider: Homogeneous solution Visionary Leader Controls SNORT signature

engine Cost Potentially lacking

support New vendor Technically complicated Open Source based

Sourcefire SolutionsPoints to consider: Homogeneous solution Visionary Leader Controls SNORT signature

engine Cost Potentially lacking

support New vendor Technically complicated Open Source based

IPS Business Case 1 cont’d

IPS Business Case 1 cont’d

Cisco wins based on the scorecard of requirements.Cisco wins based on the scorecard of requirements.

© 2007 Cisco Systems, Inc. All rights reserved.

IPS Business Case 1 cont’d

IPS Business Case 1 cont’d

Protection At All LayersProtection At All Layers

© 2007 Cisco Systems, Inc. All rights reserved.

Ethical HackingEthical Hacking

Ethical hacking is a very common profession within the IT security industry.

White hat, Grey hat, Black hatSometimes synonymous with

penetration testing – A method of assessing the security posture of a system or network by simulating an “attack”

Ethical hacking is a very common profession within the IT security industry.

White hat, Grey hat, Black hatSometimes synonymous with

penetration testing – A method of assessing the security posture of a system or network by simulating an “attack”

Ethical Hacking cont’dEthical Hacking cont’d

Most current computer protocols were designed in a time when security was not a consideration. Times have changed:

Most current computer protocols were designed in a time when security was not a consideration. Times have changed:

Source: CERT

Ethical Hacking cont’dEthical Hacking cont’d

Why perform an ethical hack?Determine flaws and vulnerabilitiesProvide a quantitative metric for

evaluating systems and networksMeasure against pre-established

baselinesDetermine risk to the organizationDesign mitigating controls

Why perform an ethical hack?Determine flaws and vulnerabilitiesProvide a quantitative metric for

evaluating systems and networksMeasure against pre-established

baselinesDetermine risk to the organizationDesign mitigating controls

Ethical Hacking cont’dEthical Hacking cont’d

Ethical Hacking cont’dEthical Hacking cont’d

Ethical Hacking cont’dEthical Hacking cont’d

Ethical Hacking cont’dEthical Hacking cont’d

We will now explore some free tools and simple techniques to break into a machine.

Disclaimer: Don’t Try This At Home

Statute 1030, Fraud and Related Activity in Connection with Computers, specifically states that whoever intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage or impairs medical treatment, can receive a fine or imprisonment of five to 20 years. http://www.usdoj.gov/criminal/cybercrime/1030NEW.htm

Cyber Security Enhancement Act 2002 implicates life sentences for hackers who 'recklessly' endanger the lives of others, and several U.S. statutes address cyber crime.

http://www.usdoj.gov/criminal/cybercrime/homeland_CSEA.htm

We will now explore some free tools and simple techniques to break into a machine.

Disclaimer: Don’t Try This At Home

Statute 1030, Fraud and Related Activity in Connection with Computers, specifically states that whoever intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage or impairs medical treatment, can receive a fine or imprisonment of five to 20 years. http://www.usdoj.gov/criminal/cybercrime/1030NEW.htm

Cyber Security Enhancement Act 2002 implicates life sentences for hackers who 'recklessly' endanger the lives of others, and several U.S. statutes address cyber crime.

http://www.usdoj.gov/criminal/cybercrime/homeland_CSEA.htm

Wanna Break In?Wanna Break In?

The first step in any ethical hack is to obtain information in the most stealth fashion.

The first step in any ethical hack is to obtain information in the most stealth fashion.

USE NMAP!!

NMAPNMAP

Powerful free linux tool – www.insecure.orgSyntax:

nmap [ <Scan Type> ...] [ <Options> ] { <target specification> }

TARGET SPECIFICATION:

Can pass hostnames, IP addresses, networks, etc.

Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254

-iL <inputfilename>: Input from list of hosts/networks

-iR <num hosts>: Choose random targets

--exclude <host1[,host2][,host3],...>: Exclude hosts/networks

--excludefile <exclude_file>: Exclude list from file

Powerful free linux tool – www.insecure.orgSyntax:

nmap [ <Scan Type> ...] [ <Options> ] { <target specification> }

TARGET SPECIFICATION:

Can pass hostnames, IP addresses, networks, etc.

Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254

-iL <inputfilename>: Input from list of hosts/networks

-iR <num hosts>: Choose random targets

--exclude <host1[,host2][,host3],...>: Exclude hosts/networks

--excludefile <exclude_file>: Exclude list from file

NMAP cont’dNMAP cont’d

HOST DISCOVERY:  -sL: List Scan - simply list targets to scan  -sP: Ping Scan - go no further than determining if host is online  -PN: Treat all hosts as online -- skip host discovery  -PS/PA/PU[portlist]: TCP SYN/ACK or UDP discovery to given ports  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes  -PO[protocol list]: IP Protocol Ping  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]  --dns-servers <serv1[,serv2],...>: Specify custom DNS servers  --system-dns: Use OS's DNS resolver  --traceroute: Trace hop path to each host

SCAN TECHNIQUES: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans -sU: UDP Scan -sN/sF/sX: TCP Null, FIN, and Xmas scans --scanflags <flags>: Customize TCP scan flags -sI <zombie host[:probeport]>: Idle scan -sO: IP protocol scan -b <FTP relay host>: FTP bounce scan

HOST DISCOVERY:  -sL: List Scan - simply list targets to scan  -sP: Ping Scan - go no further than determining if host is online  -PN: Treat all hosts as online -- skip host discovery  -PS/PA/PU[portlist]: TCP SYN/ACK or UDP discovery to given ports  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes  -PO[protocol list]: IP Protocol Ping  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]  --dns-servers <serv1[,serv2],...>: Specify custom DNS servers  --system-dns: Use OS's DNS resolver  --traceroute: Trace hop path to each host

SCAN TECHNIQUES: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans -sU: UDP Scan -sN/sF/sX: TCP Null, FIN, and Xmas scans --scanflags <flags>: Customize TCP scan flags -sI <zombie host[:probeport]>: Idle scan -sO: IP protocol scan -b <FTP relay host>: FTP bounce scan

NMAP cont’dNMAP cont’d

PORT SPECIFICATION AND SCAN ORDER: -p <port ranges>: Only scan specified ports Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080 -F: Fast mode - Scan fewer ports than the default scan -r: Scan ports consecutively - don't randomize --top-ports <number>: Scan <number> most common ports --port-ratio <ratio>: Scan ports more common than <ratio>SERVICE/VERSION DETECTION: -sV: Probe open ports to determine service/version info --version-intensity <level>: Set from 0 (light) to 9 (try all

probes) --version-light: Limit to most likely probes (intensity 2) --version-all: Try every single probe (intensity 9) --version-trace: Show detailed version scan activity (for

debugging)

PORT SPECIFICATION AND SCAN ORDER: -p <port ranges>: Only scan specified ports Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080 -F: Fast mode - Scan fewer ports than the default scan -r: Scan ports consecutively - don't randomize --top-ports <number>: Scan <number> most common ports --port-ratio <ratio>: Scan ports more common than <ratio>SERVICE/VERSION DETECTION: -sV: Probe open ports to determine service/version info --version-intensity <level>: Set from 0 (light) to 9 (try all

probes) --version-light: Limit to most likely probes (intensity 2) --version-all: Try every single probe (intensity 9) --version-trace: Show detailed version scan activity (for

debugging)

NMAP cont’dNMAP cont’d

OS DETECTION: -O: Enable OS detection --osscan-limit: Limit OS detection to promising targets --osscan-guess: Guess OS more aggressivelyTIMING AND PERFORMANCE: Options which take <time> are in milliseconds, unless you append 's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m). -T<0-5>: Set timing template (higher is faster) --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes --min-parallelism/max-parallelism <time>: Probe parallelization --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies probe round trip time. --max-retries <tries>: Caps number of port scan probe retransmissions. --host-timeout <time>: Give up on target after this long --scan-delay/--max-scan-delay <time>: Adjust delay between probes --min-rate <number>: Send packets no slower than <number> per

second --max-rate <number>: Send packets no faster than <number> per

second

OS DETECTION: -O: Enable OS detection --osscan-limit: Limit OS detection to promising targets --osscan-guess: Guess OS more aggressivelyTIMING AND PERFORMANCE: Options which take <time> are in milliseconds, unless you append 's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m). -T<0-5>: Set timing template (higher is faster) --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes --min-parallelism/max-parallelism <time>: Probe parallelization --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies probe round trip time. --max-retries <tries>: Caps number of port scan probe retransmissions. --host-timeout <time>: Give up on target after this long --scan-delay/--max-scan-delay <time>: Adjust delay between probes --min-rate <number>: Send packets no slower than <number> per

second --max-rate <number>: Send packets no faster than <number> per

second

NMAP cont’dNMAP cont’d

FIREWALL/IDS EVASION AND SPOOFING: -f; --mtu <val>: fragment packets (optionally w/given MTU) -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys -S <IP_Address>: Spoof source address -e <iface>: Use specified interface -g/--source-port <portnum>: Use given port number --data-length <num>: Append random data to sent packets --ip-options <options>: Send packets with specified ip options --ttl <val>: Set IP time-to-live field --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address --badsum: Send packets with a bogus TCP/UDP checksum

FIREWALL/IDS EVASION AND SPOOFING: -f; --mtu <val>: fragment packets (optionally w/given MTU) -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys -S <IP_Address>: Spoof source address -e <iface>: Use specified interface -g/--source-port <portnum>: Use given port number --data-length <num>: Append random data to sent packets --ip-options <options>: Send packets with specified ip options --ttl <val>: Set IP time-to-live field --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address --badsum: Send packets with a bogus TCP/UDP checksum

NMAP cont’dNMAP cont’d

OUTPUT: -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3, and Grepable format, respectively, to the given filename. -oA <basename>: Output in the three major formats at once -v: Increase verbosity level (use twice or more for greater effect) -d[level]: Set or increase debugging level (Up to 9 is meaningful) --reason: Display the reason a port is in a particular state --open: Only show open (or possibly open) ports --packet-trace: Show all packets sent and received --iflist: Print host interfaces and routes (for debugging) --log-errors: Log errors/warnings to the normal-format output file --append-output: Append to rather than clobber specified output files --resume <filename>: Resume an aborted scan --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML --webxml: Reference stylesheet from Nmap.Org for more portable XML --no-stylesheet: Prevent associating of XSL stylesheet w/XML output

OUTPUT: -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3, and Grepable format, respectively, to the given filename. -oA <basename>: Output in the three major formats at once -v: Increase verbosity level (use twice or more for greater effect) -d[level]: Set or increase debugging level (Up to 9 is meaningful) --reason: Display the reason a port is in a particular state --open: Only show open (or possibly open) ports --packet-trace: Show all packets sent and received --iflist: Print host interfaces and routes (for debugging) --log-errors: Log errors/warnings to the normal-format output file --append-output: Append to rather than clobber specified output files --resume <filename>: Resume an aborted scan --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML --webxml: Reference stylesheet from Nmap.Org for more portable XML --no-stylesheet: Prevent associating of XSL stylesheet w/XML output

NMAP cont’dNMAP cont’d

Analyze your results:Analyze your results:

NMAP OUTPUT PRINTED

VulnerabilitiesVulnerabilities

Find any hosts worthwhile? Your nest step should be scanning for exploitable vulnerabilities.

Find any hosts worthwhile? Your nest step should be scanning for exploitable vulnerabilities.

USE NESSUS!!!© Copyright 2002 - 2009 Tenable Network Security(R). All Rights Reserved.

NessusNessus

Nessus scans based on an exhaustive list of vulnerabilities for all platforms of computing. Custom scripts are written by Nessus and their team to check for a vulnerable software component.

Nessus scans based on an exhaustive list of vulnerabilities for all platforms of computing. Custom scripts are written by Nessus and their team to check for a vulnerable software component.

Nessus Sample Report

How Do We Exploit?How Do We Exploit?

Now that you have found a useful exploit, what do we use?

Now that you have found a useful exploit, what do we use?

USE METASPLOIT!!!Copyright © 2003-2009 Metasploit LLC

Metasploit ™ is a registered trademark

Contact us at msfdev[at]metasploit.com

MetaSploitMetaSploit

Metasploit was created in 2003 as a portable network game using the Perl scripting language. Later, the Metasploit Framework was then completely rewritten in the Ruby programming language. It is most notable for releasing some of the most technically sophisticated exploits to public security vulnerabilities. In addition it is a powerful tool for third party security researchers to investigate potential vulnerabilities.

Metasploit was created in 2003 as a portable network game using the Perl scripting language. Later, the Metasploit Framework was then completely rewritten in the Ruby programming language. It is most notable for releasing some of the most technically sophisticated exploits to public security vulnerabilities. In addition it is a powerful tool for third party security researchers to investigate potential vulnerabilities.

MetaSploit cont’dMetaSploit cont’dRemember the machine with vulns?? Let’s use the metasploit

framework….Remember the machine with vulns?? Let’s use the metasploit

framework….

MetaSploit cont’dMetaSploit cont’d

What else can we do now that were in???What else can we do now that were in???

MetaSploit cont’dMetaSploit cont’d

We can add shares as root!!We can add shares as root!!

Ethical Hacking cont’dEthical Hacking cont’d

Administrative items:Authorization letter – “Get out of

jail free card”Risk report

Likelihood of riskMitigation plansTrends (performed with recurring

clients)

Administrative items:Authorization letter – “Get out of

jail free card”Risk report

Likelihood of riskMitigation plansTrends (performed with recurring

clients)

Ethical Hacking cont’dEthical Hacking cont’d

Low Moderate to Low

Moderate High

Magnitude of Impact

AlmostCertain

Likely

Moderate

Unlikely

Rare

Lik

eli

ho

od

of

Oc

cu

rre

nce

Moderate to High

A

F

B

C

DE

GH

I

J

K

L

MN

O

PQ

R

Quantitative Heat Map Guide

Horizontal Axis = Impact if risk were realized Vertical Axis = Likelihood of risk being realized

Size of Bubble = Relative total instances of that issue

= Low Risk = Moderate Risk = High Risk = Critical Risk

Q & AQ & A

Any Questions?

Contact InformationBrandon Hoffman

bshoffman@gmail.com312.665.2775

Any Questions?

Contact InformationBrandon Hoffman

bshoffman@gmail.com312.665.2775