Remember video example of Wall of Shame that showed emails and PWs they saw going across the network
.
Use SIEM to view logs and looks for wierdos
.
Having files out on an accessible repository without the correct permissions
.
Segmentation fault where an app has access to memory that it shouldn't
.
Certs not being updated frequently enough or are not being validated to make sure apps are checking certificates
.
Data is the most valuable thing - is data secure enough? Can users just write out data to external storage and walk right out with it?
.
Did you properly change default passwords on your devices? Outdated software? Can you run debug on it that would give too much info to a bad guy? FW allowing too much in?
.
Using DES and WEP are examples (3DES and WPA2 should be used)
.
Someone violated an AuP, didn't get trained, allowed someone to Tailgate, fell for social engineering, emailed out sensitive data, installed unauthorized software
.
You should know what the core software and config should be, and if any differences or changes, should see it and ID if it's a threat
.
What happens if you can't physically track assets?
.
Any lapse in authentication could let a bad guy in, should have several authentication layers in place
.
|
