Top 10 Things to Stay Out of the News Ron Schlecht Intro Ron - - PowerPoint PPT Presentation

▶

Oct 15, 2023 21 likes •298 views

Top 10 Things to Stay Out of the News Ron Schlecht Intro Ron Schlecht , Managing Partner 18 years of Information Security experience G Contracting, Law Enforcement, Consulting, CISO Founded BTB Security in 2006 Company Profile

SLIDE 1

Top 10 Things to Stay Out of the News

Ron Schlecht

SLIDE 2

Intro

Ron Schlecht, Managing Partner
18 years of Information Security experience

– G Contracting, Law Enforcement, Consulting, CISO – Founded BTB Security in 2006

SLIDE 3

Company Profile

The BTB Group, LLC / BTB Security

– Founded in 2006 – Offices in Philadelphia, Chicago, Austin – coverage nationally – Backgrounds include years of experience with Big Four and similarly sized organizations, and experience building, managing, and operating corporate security groups. – 3 partners

Brian Bailey, Managing Partner (Chicago)
Chris McGinley, Managing Partner (Philly)
Ron Schlecht, Founder / Managing Partner (Philly)

Company Profile

SLIDE 4

What we do

We are hackers …well…not exactly like that

SLIDE 5

These days

A lot of breaches in the

news

We see that a lot of

environments are vulnerable to simple issues

SLIDE 6

What we find

Some attacks are

complicated…

But most take

advantage of simple misconfiguration

SLIDE 7

Top Security Controls

This talk will focus on the top security controls that can be implemented with low cost and low impact to your network, ensuring maximum ROI of your Domain Admin’s valuable time.

SLIDE 8

1-Separate DA from “everyday” Accounts

Domain Admin Account

SLIDE 9

2-Separate DA Password Policy

SLIDE 10

3-DA is Allowed to only Log in to Domain Controllers

SLIDE 11

4-Delegate Rights to Users (Restrict User Access)

SLIDE 12

4-Delegate Rights to Users (Restrict User Access)

SLIDE 13

5-Disable Cached Credentials

SLIDE 14

6-Microsoft Security Compliance Manager

SLIDE 15

7-Disable NULL Sessions

SLIDE 16

8-Disable LLMNR/NBNS Protocols

LL What? NB Who?

1)Hosts File 2)DNS Server 3)LLMNR Multicast or NBNS Broadcast

Link-Local Multicast Name Resolution and NetBIOS Naming Service

SLIDE 17

8-Disable LLMNR/NBNS Protocols

SLIDE 18

9-Set SMB Signing to Enabled and Required

http://btbsecurity.com/resources/videos/204-smbrelay-and- llmnr-zero-to-breach-in-ten-minutes

SLIDE 19

10-Do Not Store Passwords within Group Policy Preferences (GPP)

SLIDE 20

10-Do Not Store Passwords within Group Policy Preferences (GPP)

SLIDE 21

SLIDE 22

#Bonus 1 - Disable Interactive Logon for Service Accounts

SLIDE 23

#Bonus 2 - Use Managed Service Accounts

SLIDE 24

#Bonus 3 - Use NTLMv2 and Set it to Required

SLIDE 25

#Bonus 4 - Who can Add Workstations to your Domain?

SLIDE 26

#Bonus 5 - Disable Powershell and CMD

SLIDE 27

Top 10 Things to Stay Out of the News

Ron Schlecht

Intro

– G Contracting, Law Enforcement, Consulting, CISO – Founded BTB Security in 2006

Company Profile

– Founded in 2006 – Offices in Philadelphia, Chicago, Austin – coverage nationally – Backgrounds include years of experience with Big Four and similarly sized organizations, and experience building, managing, and operating corporate security groups. – 3 partners

Company Profile

What we do

We are hackers …well…not exactly like that

These days

news

environments are vulnerable to simple issues

What we find

complicated…

advantage of simple misconfiguration

Top Security Controls

This talk will focus on the top security controls that can be implemented with low cost and low impact to your network, ensuring maximum ROI of your Domain Admin’s valuable time.

1-Separate DA from “everyday” Accounts

Domain Admin Account

2-Separate DA Password Policy

3-DA is Allowed to only Log in to Domain Controllers

4-Delegate Rights to Users (Restrict User Access)

4-Delegate Rights to Users (Restrict User Access)

5-Disable Cached Credentials

6-Microsoft Security Compliance Manager

7-Disable NULL Sessions

8-Disable LLMNR/NBNS Protocols

LL What? NB Who?

1)Hosts File 2)DNS Server 3)LLMNR Multicast or NBNS Broadcast

Link-Local Multicast Name Resolution and NetBIOS Naming Service

8-Disable LLMNR/NBNS Protocols

9-Set SMB Signing to Enabled and Required

http://btbsecurity.com/resources/videos/204-smbrelay-and- llmnr-zero-to-breach-in-ten-minutes

10-Do Not Store Passwords within Group Policy Preferences (GPP)

10-Do Not Store Passwords within Group Policy Preferences (GPP)

#Bonus 1 - Disable Interactive Logon for Service Accounts

#Bonus 2 - Use Managed Service Accounts

#Bonus 3 - Use NTLMv2 and Set it to Required

#Bonus 4 - Who can Add Workstations to your Domain?

#Bonus 5 - Disable Powershell and CMD

Ron Schlecht

ron.schlecht@btbsecurity.com

Questions?