Remember video example of Wall of Shame that showed emails and PWs they saw going across the network
. Use SIEM to view logs and looks for wierdos
. Having files out on an accessible repository without the correct permissions
. Segmentation fault where an app has access to memory that it shouldn't
. Certs not being updated frequently enough or are not being validated to make sure apps are checking certificates
. Data is the most valuable thing - is data secure enough? Can users just write out data to external storage and walk right out with it?
. Did you properly change default passwords on your devices? Outdated software? Can you run debug on it that would give too much info to a bad guy? FW allowing too much in?
. Using DES and WEP are examples (3DES and WPA2 should be used)
. Someone violated an AuP, didn't get trained, allowed someone to Tailgate, fell for social engineering, emailed out sensitive data, installed unauthorized software
. You should know what the core software and config should be, and if any differences or changes, should see it and ID if it's a threat
. What happens if you can't physically track assets?
. Any lapse in authentication could let a bad guy in, should have several authentication layers in place
.
|