Security Strategies Wherever We Can Find Some...
Lesson 10
This lesson introduces new topics, having despaired about
the contents of texts.
Concepts:
Tonight's lesson begins by exploring a speech delivered by
Rob
Joyce of
Tailored Access Operations (TAO), a division of the NSA, on defending
from Nation State Exploiters.
Mr. Joyce talks about the basics first, knowing the network,
knowing the vulnerabilities.
He lists phases of an intrusion at 2:06, and continues to talk
about them in the presentation.
Reconnaissance - scanning, gathering public information,
figuring out who is important, figuring out what is actually in use in
the network, then research for functionality, vulnerability, and
exploits.
we should run our own penetration tests, and keep them
for reference in the next test, because things are often not corrected.
APT will look for holes opened for vendors to fix
something.
Initial Exploitation - try spear phishing, waterholing,
exploit a known CVE. most intrusions start with an email with a
malicious payload, a visit to corrupted website, or contaminated
removable media. pass the hash attacks (see pdf attached in
Blackboard.
use technical enforcement of policies, don't rely on
users to do the right thing.
This week I want you to begin an assignment to assemble
material to
take into a competition or a compromised network. Assume that you need
to harden and to clean up compromised devices. You
need a doomsday book
for every kind of device in your network. Start by assembling one for Windows and one for Linux.
I am looking for useful information, reliable sources,
and insight. I want to see
what you know, what you think, and what you plan to do.This needs to be your
plan and your advice to your backup, not just a cookbook from Microsoft.