Posts tagged Networking

2 min AWS

The real challenge behind asset inventory

As the IT landscape evolves, and as companies diversify the assets they bring to their networks - including on premise, cloud and personal assets - one of the biggest challenges becomes maintaining an accurate picture of which assets are present on your network. Furthermore, while the accurate picture is the end goal, the real challenge becomes optimizing the means to obtain and maintain that picture current. The traditional discovery paradigm of continuous discovery sweeps of your whole network

5 min Events

The Black Hat Attendee Guide Part 5 - Meaningful Introductions

If you are just joining us, this is the fifth post in the series starting here [/2015/07/13/the-black-hat-attendee-guide-part-1]. Making An Introduction I might be wrong, but I'll argue that networking is a transitive verb, so ENGAGE! The real magic starts happening as you progress: * Level 1-- Start with a “Hi, my name is… ” Yes, it's that simple, thanks to Slim Shady [] * Level 2-- Demonstrate that you have an idea of the world the other person li

7 min Events

The Black Hat Attendee Guide Part 3 - Networking Like A Boss

If you are just joining us, this is the third post in the series starting here [/2015/07/13/the-black-hat-attendee-guide-part-1]. Networking Like A Pro Black Hat will clear 9,000 attendees this year, and it is really easy to feel really small in a crowd that big. The vast majority of folks you'll see there will only know a few people at the show—it is your duty to change that for them. This blog post won't make you the best conversationalist at the conference, but it should be enough to get

2 min Project Sonar

2015: Project Sonar Wiki & UDP Scan Data

Project Sonar started in September of 2013 with the goal of improving security through the active analysis of public networks. For the first few months, we focused almost entirely on SSL, DNS, and HTTP enumeration. This uncovered all sorts of interesting security issues and contributed to a number of advisories and research papers. The SSL and DNS datasets were especially good at identifying assets for a given organization, often finding systems that the IT team had no inkling of. At this point,

2 min Networking

Top 3 Takeaways from the webcast "2015 Security Outlook: See How your Security Program Measures Up"

As 2014 comes to an end, you might be putting the finishing touches on your 2015 security plan, or perhaps you haven't even started yet. Whatever the case may be, if you didn't catch the 2015 IT Security Outlook Rapid7 webcast yesterday - you are in luck! Read on for my top takeaways from the webcast, but if you want to see it now, you can watch the webcast on demand now []. Thanks to our  panel - Rapid7's expert Strategic Ser

2 min Networking

Securing DevOps: Monitoring Development Access to Production Environments

A big factor for securing DevOps environment is that engineers should not have access to the production environment. This is especially true if the production environment contains sensitive data, such as payment card data, protected health information, or personally identifiable information because compromised engineering credentials could expose sensitive data and lead to a breach. While this requirement is a security best practice and has found its way into many compliance regulations, it can

3 min Networking

UserInsight Detects Network Zone Access Violations

Information security regulations are often vague and open to some interpretation, but one common theme across most is that you need to separate the systems with critical data from the rest of your network. The vast majority of employees in your organization should never have access to systems that: * process or store payment card data -- PCI DSS * qualify as Critical Cyber Assets (i.e. have a role in the operation of bulk power systems) -- NERC CIP * provide services not needed for intern

4 min Penetration Testing

Weekly Metasploit Wrapup: SQL Server Privileges, Templating New Modules

Microsoft SQL Server Pen-Tester Pro Tip This week, we've landed a trio of fun and interesting modules from long-time Metasploit community contributor Scott nullbind [] Sutherland which automate up a couple Pro Tips on what to do when you've scored a login on a Microsoft SQL Server during a penetration test. One of these is a method to escalate the privileges of a SQL Server user [] . Oft

3 min Antivirus

UserInsight's New User Statistics Provide Great Visibility for Incident Responders

Nate Silver made statistics sexy, and we're riding that wave. But seriously, breaking down some of the more noisy alerts on the network by users and showing you spikes can really help you detect and investigate unusual activity. That's why we've built a new UserInsight feature that shows you anti-virus alerts, vulnerabilities, firewall activity, IDS/IPS alerts, and authentications by users that show the most activity and enable you to dig in deeper by filtering by user. You can get to the new st

2 min CIS Controls

Top 3 Takeaways from the "Simplify Controls: How to Align Security Controls to Reduce Risk to Your Business" Webcast

This week we heard from Bill Bradley, Product Marketing Manager at Rapid7, about the far reaching implications of security controls. Each organization (SANS and the Australian Signals Directorate to name a couple) that highlights recommended controls promotes a slightly different twist on the weighting and criticality of controls. We looked at which controls across each organization with recommendations are the most important and effective risk reduction tools, and how professionals in different

1 min Networking

Don't Be An Easy Target: Testing Your Network Segmentation

Network segmentation is the act of splitting a computer network into subnetworks, each being a network segment, which increases security and can also boost performance. It is a security best practice that is recommended (but not required) by PCI DSS and it makes the top 20 list of critical security controls suggested by SANS. Due to the ongoing investigation, the world doesn't have the full details on the Target breach yet, but there are strong indications that network segmentation could have

2 min Networking

Top 3 reasons Small-to-Medium Businesses fail at security

Cyberattacks are on the rise with more sophisticated attack methods and social engineering being employed against just about any entity with an Internet presence. According to a recent study cited by the U.S. House Small Business Subcommittee on Health and Technology, companies that were 250 persons or less were the target of 20% of all cyberattacks. A more sobering claim of the study is the roughly 60% of small businesses that close within 6 months following a cyberattack. While cyberattacks a

2 min Metasploit

Staying Stealthy: Passive Network Discovery with Metasploit

One of the first steps in your penetration test is to map out the network, which is usually done with an active scan. In situations where you need to be stealthy or where active scanning may cause instability in the target network, such as in SCADA environments, you can run a passive network scan to avoid detection and reduce disruptions. A passive network scan stealthily monitors broadcast traffic to identify the IP addresses of hosts on the network. By initially running a passive scan, you can

3 min Incident Detection

Finding Out What Users are Doing on Your Network

One of the most common questions in IT is how to find out what users are doing on a network. We break down the common ways to monitor users on your network.

3 min Metasploit

Firewall Egress Filtering: Why And How You Should Control What's Leaving Your Network

Most companies have firewall rules that restrict incoming traffic, but not everyone thinks to restrict data leaving the network. That's a shame, because a few easy configurations can save you a lot of headaches. Firewall egress filtering controls what traffic is allowed to leave the network, which can prevent leaks of internal data and stop infected hosts from contacting their command & control servers. NAT alone won't help you - you actually have to restrict the ports through which your intern