top 10 things to stay out of the news
play

Top 10 Things to Stay Out of the News Ron Schlecht Intro Ron - PowerPoint PPT Presentation

Oct 15, 2023 •21 likes •291 views

Top 10 Things to Stay Out of the News Ron Schlecht Intro Ron Schlecht , Managing Partner 18 years of Information Security experience G Contracting, Law Enforcement, Consulting, CISO Founded BTB Security in 2006 Company Profile

  1. Top 10 Things to Stay Out of the News Ron Schlecht

  2. Intro • Ron Schlecht , Managing Partner • 18 years of Information Security experience – G Contracting, Law Enforcement, Consulting, CISO – Founded BTB Security in 2006

  3. Company Profile Company Profile • The BTB Group, LLC / BTB Security – Founded in 2006 – Offices in Philadelphia, Chicago, Austin – coverage nationally – Backgrounds include years of experience with Big Four and similarly sized organizations, and experience building, managing, and operating corporate security groups. – 3 partners • Brian Bailey, Managing Partner (Chicago) • Chris McGinley, Managing Partner (Philly) • Ron Schlecht, Founder / Managing Partner (Philly)

  4. What we do We are hackers …well…not exactly like that

  5. These days • A lot of breaches in the news • We see that a lot of environments are vulnerable to simple issues

  6. What we find • Some attacks are complicated… • But most take advantage of simple misconfiguration

  7. Top Security Controls This talk will focus on the top security controls that can be implemented with low cost and low impact to your network, ensuring maximum ROI of your Domain Admin’s valuable time.

  8. 1-Separate DA from “everyday” Accounts Domain Admin Account

  9. 2-Separate DA Password Policy

  10. 3-DA is Allowed to only Log in to Domain Controllers

  11. 4-Delegate Rights to Users (Restrict User Access)

  12. 4-Delegate Rights to Users (Restrict User Access)

  13. 5-Disable Cached Credentials

  14. 6-Microsoft Security Compliance Manager

  15. 7-Disable NULL Sessions

  16. 8-Disable LLMNR/NBNS Protocols LL What? NB Who? Link-Local Multicast Name Resolution and NetBIOS Naming Service 1)Hosts File 2)DNS Server 3)LLMNR Multicast or NBNS Broadcast

  17. 8-Disable LLMNR/NBNS Protocols

  18. 9-Set SMB Signing to Enabled and Required http://btbsecurity.com/resources/videos/204-smbrelay-and- llmnr-zero-to-breach-in-ten-minutes

  19. 10-Do Not Store Passwords within Group Policy Preferences (GPP)

  20. 10-Do Not Store Passwords within Group Policy Preferences (GPP)

  22. #Bonus 1 - Disable Interactive Logon for Service Accounts

  23. #Bonus 2 - Use Managed Service Accounts

  24. #Bonus 3 - Use NTLMv2 and Set it to Required

  25. #Bonus 4 - Who can Add Workstations to your Domain?

  26. #Bonus 5 - Disable Powershell and CMD

  27. Questions? Ron Schlecht ron.schlecht@btbsecurity.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Covid-19 and Your Appointment The More Things Change The more they stay the same! Our

Covid-19 and Your Appointment The More Things Change The more they stay the same! Our

Indian Valley Dental Associates Dr. Marc Lipkin and Dr. Spencer Grossman Covid-19 and Your Appointment The More Things Change The more they stay the same! Our community has been through a lot over the last few months, and all of us are

426 views • 11 slides
Right now, we pay attention to only 2 things 1) Scary and uncertain news And anything

Right now, we pay attention to only 2 things 1) Scary and uncertain news And anything

Right now, we pay attention to only 2 things 1) Scary and uncertain news And anything that uplifts, inspires or gives us hope In search of good news And finding it in Marquette community In search of community In search of faith In

279 views • 23 slides
STAY HOME | STAY HEALTHY | STAY CONNECTED | RETURN STRONGER STAY HOME. STAY HEALTHY. STAY

STAY HOME | STAY HEALTHY | STAY CONNECTED | RETURN STRONGER STAY HOME. STAY HEALTHY. STAY

STAY HOME | STAY HEALTHY | STAY CONNECTED | RETURN STRONGER STAY HOME. STAY HEALTHY. STAY CONNECTED. RETURN STRONGER. WHITE HOUSE PROPOSES STATE OR REGIONAL GATING CRITERIA FLEXIBILITY FOR STATES TO TAILOR APPLICATION OF THESE CRITERIA TO LOCAL

457 views • 24 slides
Primary Care Recovery Things that didnt change you want to stay: Things that changed you

Primary Care Recovery Things that didnt change you want to stay: Things that changed you

Primary Care Programme Board Discussions 18 th May and 10 th June Things that didnt change that should have / challenges: Things that changed you want to keep: - New access models need to be underpinned by effective business - Total Triage

400 views • 4 slides
Just-in-Time Code Reuse The more things change, the more they stay the same Kevin Z. Snow 1 Luca

Just-in-Time Code Reuse The more things change, the more they stay the same Kevin Z. Snow 1 Luca

Just-in-Time Code Reuse The more things change, the more they stay the same Kevin Z. Snow 1 Luca Davi 2 & C. Liebchen 2 A. Dmitrienko 2 F. Monrose 1 A.-R. Sadeghi 2 1 Department of Computer Science 2 CASED/Technische Universitt University

1.42k views • 127 slides
Navigating the Senior Care Maze Top Things to Consider Presenter: Paul Markowitz

Navigating the Senior Care Maze Top Things to Consider Presenter: Paul Markowitz

4/21/2013 Navigating the Senior Care Maze Top Things to Consider Presenter: Paul Markowitz Featured on CBS News Featured in Dallas Morning News Featured on 570 AM KLIF My Life in September 2008 26 years old Parents

221 views • 3 slides
the things I used to. I feel so lonely. BETTY L. It's my job to take care of my wife but it's

the things I used to. I feel so lonely. BETTY L. It's my job to take care of my wife but it's

INTEGRATE HOW ONE COMMUNITY IS ADVANCING INTEGRATED CARE FOR SENIORS JAMES MELOCHE HELEN LEUNG Quote Im lonely. My daughters dont visit. I just stay all day in the apartment. I cant do the things I used to. I feel so

207 views • 16 slides
Innovation at AWS Eric Ferreira ericfe@amazon.com Principal Database Engineer Amazon Redshift

Innovation at AWS Eric Ferreira ericfe@amazon.com Principal Database Engineer Amazon Redshift

Innovation at AWS Eric Ferreira ericfe@amazon.com Principal Database Engineer Amazon Redshift The Amazon Flywheel Focus on things that stay the same Price Selection Delivery Applying this at AWS Focus on things that stay the same

687 views • 67 slides
Stay informed. Stay involved. Stay invested. Parallel Parenting Presentation Children

Stay informed. Stay involved. Stay invested. Parallel Parenting Presentation Children

Stay informed. Stay involved. Stay invested. Parallel Parenting Presentation Children need BOTH fit parents regardless of marital status Working together we can accomplish more! Parents are a childs first teacher and an important

502 views • 24 slides
Oh, Wont You Stay? Oh, Wont You Stay? Oh, Won t You Stay? Oh, Won t You Stay? Predictors

Oh, Wont You Stay? Oh, Wont You Stay? Oh, Won t You Stay? Oh, Won t You Stay? Predictors

Oh, Wont You Stay? Oh, Wont You Stay? Oh, Won t You Stay? Oh, Won t You Stay? Predictors of Faculty Intent to Leave Predictors of Faculty Intent to Leave a Public Research University a Public Research University John Ryan Richard

352 views • 21 slides
Upgrade your guests in -stay experience. Enhance the value of your services. A mobile app and

Upgrade your guests in -stay experience. Enhance the value of your services. A mobile app and

Upgrade your guests in -stay experience. Enhance the value of your services. A mobile app and Internet of Things solution for your hotel. GUESTS WANT INSTANT ACCESS TO SERVICES. No more missed calls at the reception. Avoid language

567 views • 35 slides
ST STAY Y MOB MOBILE ILE, ST , STAY Y UP2GO UP2GO COMMUNI COMMUNITY TY CARPOOL CARPOOLIN

ST STAY Y MOB MOBILE ILE, ST , STAY Y UP2GO UP2GO COMMUNI COMMUNITY TY CARPOOL CARPOOLIN

ST STAY Y MOB MOBILE ILE, ST , STAY Y UP2GO UP2GO COMMUNI COMMUNITY TY CARPOOL CARPOOLIN ING 2 STAY MOBILE, STAY UP2GO! SHARI RING NG ECONOMY OMY & MOBILITY LITY INDUST STRY RY 1. Mobility Industry Sharing Economy Companies

500 views • 18 slides
Led to Stay: The Impact of Led to Stay: The Impact of Mentorships on Retention Mentorships on

Led to Stay: The Impact of Led to Stay: The Impact of Mentorships on Retention Mentorships on

Led to Stay: The Impact of Led to Stay: The Impact of Mentorships on Retention Mentorships on Retention A person looked upon for wise advice and guidance -Websters New World Dictionary Mentorship A mentor can play many roles:

433 views • 11 slides
SCHEMATIC SCHEMATIC DESIGN DESIGN KEY ISSUES STAY THE SAME STRATEGIES TO STAY THE COURSE

SCHEMATIC SCHEMATIC DESIGN DESIGN KEY ISSUES STAY THE SAME STRATEGIES TO STAY THE COURSE

IMPROVEMENT PROJECT PHASE III SCHEMATIC SCHEMATIC DESIGN DESIGN KEY ISSUES STAY THE SAME STRATEGIES TO STAY THE COURSE STRATEGY | UTILITIES INFRASTRUCTURE IMPROVEMENTS Water looped alignments Storm Drain Secondary

683 views • 39 slides
Our News, Your Branding WINNER OF THE 2017 EDWARD R MURROW AWARD FOR HARD NEWS REPORTING

Our News, Your Branding WINNER OF THE 2017 EDWARD R MURROW AWARD FOR HARD NEWS REPORTING

Our News, Your Branding WINNER OF THE 2017 EDWARD R MURROW AWARD FOR HARD NEWS REPORTING Westwood One News is a next-generation news product that is changing the nature of network news. Westwood One News Award Winning Fully

644 views • 12 slides
So what is Fake News Fake news is a type of hoax or deliberate spread of misinformation: News

So what is Fake News Fake news is a type of hoax or deliberate spread of misinformation: News

So what is Fake News Fake news is a type of hoax or deliberate spread of misinformation: News Media Social Media with the intent to mislead in order to gain financially or politically . So what is Fake News It employs eye-catching

1.3k views • 55 slides
PUSH TO TALK OVER CELLULAR Product Overview What is Push-To-Talk ? PTT is a special feature on

PUSH TO TALK OVER CELLULAR Product Overview What is Push-To-Talk ? PTT is a special feature on

PUSH TO TALK OVER CELLULAR Product Overview What is Push-To-Talk ? PTT is a special feature on your mobile phone, tablet or PC that combines the functionality of a walkie-talkie or 2-way radio with normal mobile phone or PC. communication to

249 views • 23 slides
SimuLTE Tutorial Antonio Virdis University of Pisa - Italy Simulating device-to-device

SimuLTE Tutorial Antonio Virdis University of Pisa - Italy Simulating device-to-device

SimuLTE Tutorial Antonio Virdis University of Pisa - Italy Simulating device-to-device communications in OMNeT++ with SimuLTE: scenarios and configurations Giovanni Nardini, Antonio Virdis, Giovanni Stea University of Pisa - Italy Antonio

755 views • 32 slides
Multicast in the Mobile Environment and 3G Next Generation Wireless Networks Yoan Mich

Multicast in the Mobile Environment and 3G Next Generation Wireless Networks Yoan Mich

Introduction MBMS Conclusion Multicast in the Mobile Environment and 3G Next Generation Wireless Networks Yoan Mich Department of Computer Science TKK November, 23th 2005 Yoan Mich Multicast in the Mobile Environment and 3G

248 views • 24 slides
Establishing a Group Key Using One-Way Accumulators Teklay Gebremichael Mid Sweden University

Establishing a Group Key Using One-Way Accumulators Teklay Gebremichael Mid Sweden University

Establishing a Group Key Using One-Way Accumulators Teklay Gebremichael Mid Sweden University teklay.gebremichael@miun.se May 11, 2017 1 / 14 About Myself BSc in Information Technology, Mekelle Institute of Technolgoy, Ethiopia. MSc

443 views • 26 slides
G.now Broadband Access Solution for Last Mile from FTTdp Bundled Twisted Pair Copper Line MDU

G.now Broadband Access Solution for Last Mile from FTTdp Bundled Twisted Pair Copper Line MDU

G.now Broadband Access Solution for Last Mile from FTTdp Bundled Twisted Pair Copper Line MDU Edition (1:1 Phone Line) Where Lies Your Path To Gigabit Broadband Access? G.now VDSL 20yr old tech Up to 500Mbps Huge Investment 100Mbps max No

795 views • 9 slides
5GCAR Dr. Mikael Fallgren 5GCAR Project Manager European Conference on Networks and

5GCAR Dr. Mikael Fallgren 5GCAR Project Manager European Conference on Networks and

Special Session 9a (SPS9a) 5G-PPP: Introduction of Phase 2 5GCAR Dr. Mikael Fallgren 5GCAR Project Manager European Conference on Networks and Communications (EuCNC), Oulu, Finland. June 14, 2017 Objectives Develop an overall Interworking of

368 views • 5 slides
GLOBAL TELEMEDICINE IS NOW IN PRACTICE: THE EFFORTS OF THE MEXICAN RESEARCH AND EDUCATION

GLOBAL TELEMEDICINE IS NOW IN PRACTICE: THE EFFORTS OF THE MEXICAN RESEARCH AND EDUCATION

Harold Dios Tovar, Corporation University for Desarrollo of Internet GLOBAL TELEMEDICINE IS NOW IN PRACTICE: THE EFFORTS OF THE MEXICAN RESEARCH AND EDUCATION NETWORK. 7 T H ASI A T ELEM EDI CI N E SI M POSI U M M R. H AROLD DE DI OS TOVAR U

134 views • 9 slides
Future Internet Future Internet Internet has evolved from 4-node network to ubiquituous, global

Future Internet Future Internet Internet has evolved from 4-node network to ubiquituous, global

An Architecture for An Architecture for Supporting Future Internet Supporting Future Internet Applications Applications Sebastian Mies Institute of Telematics, University of Karlsruhe (TH), Germany The SpoVNet Consortium: University of

268 views • 11 slides

More recommend