Pwn the Pentester: Easy Ways to Harden Your Network

DATE:
Wednesday, December 11
TIME:
1:15 pm – 2:15 pm

AND

DATE:
Thursday, December 12
TIME:
2:00 pm – 3:00 pm

SESSION TRACK:
Keep it Safe

SPEAKER(S):
Brian Johnson
President, 7 Minute Security

Attackers and pentesters continue to be super effective at abusing our internal networks for fun and profit. But with a little time and some free tools, we can harden our environment and eliminate a lot of this “low hanging hacker fruit” that attackers love to abuse. Wouldn’t you love to see someone else sweat a little bit during your next pentest?

The reality is that on most penetration tests, there’s a list of 5-10 tools and techniques that will almost always yield an “easy win.” The good news for us is that many of these attacks have easy and free mitigations – but few organizations take the time to learn and apply them! In this session, Brian Johnson from 7 Minute Security will discuss many of these popular network defense strategies, including:

  • Preventing your Active Directory users from picking over 500 million bad passwords •
  • Turning your logging “up to 11” to find signs of network compromise
  • Disabling insecure network protocols
  • Enabling SMB signing
  • Installing the Microsoft Local Administrator Password Solution (LAPS)

These defenses will be shown live in a lab network, and supplemental documentation will be made available so attendees can apply what they’ve learned when they get back to the office.

Learning Objectives:

  1. Discover how to prevent (not just discourage) employees from picking easy-to-guess passwords like “Password1”.
  2. Examine how to disable insecure network protocols that attackers abuse to capture/crack our passwords.
  3. Learn how to install an easy and free logging solution to quickly find signs of network compromise.

About GTS Educational Events

If you are a nonprofit or public sector group looking to create a conference, workshop or educational event with impact, look to GTS. We believe educational events are successful when participants learn and grow and then return to their organizations and communities to make them stronger. We look forward to continuing our work with the broad spectrum of organizations striving to make a difference for the people and communities they serve.

Steering Committee

Alex Hepp, City of Hopkins
Bill Bleckwehl, Cisco
Dave Andrews, DEED
Jay Wyant, Minnesota IT Services
Jim Hall, Ramsey County
Matt Bailey, IBM
Melissa Reeder, League of Minnesota Cities
Nathan Beran, City of New Ulm
Sue Wallace, IT Futures Foundation
Lisa Meredith, Minnesota Counties Computer Cooperative
Justin Kaufman, Minnesota IT Services
Renee Heinbuch, Washington County/MNCITLA
Jerine Rosato, Ramsey County
David Berthiaume, Minnesota IT Services
Cory Tramm, Sourcewell Tech 

Content Committee

Tomas Alvarez, Federal Reserve
Tom Ammons, MN.IT – Central
Dave Andrews, MN State Services for the Blind
Susan Bousquet, MN.IT – DOT
Robert Granvin, Metro State
Alex Hepp, City of Hopkins
Shawntan Howell, Ramsey County
Jenny Johnson, Metropolitan Council
Millicent Kasal, MN.IT – Central
Ping Li, MN.IT – MMB
Chibuzor Nnaji, MN.IT – DHS
Mehrdad Shabestari, MN.IT – Central