IT Enterprise Security – Overview

This post is looking at IT Security for the Enterprise. I have often visited new clients and reviewed the security landscape. The results are often surprising to the senior management. So the question is, does a business or brand need to review and plan IT Enterprise Security? The Sys Admin reports all the systems are all OK, the users are happy and the business hasn’t appeared on the news.  So if you are hired as an IT Enterprise Security Architect, what does that mean and what value does this role bring to a business?

Take a step back and ask yourself, what is IT Enterprise Security? How can you understand the current IT Enterprise Security state? To learn about the IT enterprise security state, you need to pick and apply a security framework to a business. For example using a security framework like NIST gives us the ability to understand the security state of the business. This framework is a method to highlight information about the overall security state and which areas need investment and have room for improvement.

So how does the process start?

Prep Work, Review Core Areas:

  • Understand the Business.
  • How or what would you attack?
  • How can you protect?
  • How would you investigate and recover?

What stage make up the core areas:

When you first enter a business unlock the knowledge.

  • What does the business do?
  • Who are the customers?
  • What is the IT infrastructure and EUC?
  • Who is the IT people? (Get to know them)
  • Who is the management and the key stake holders?

Next work out how you would break into the business

  • What ways could you get in?
  • Who would you target?
  • Would anyone know if you did break in?
  • What is the worst thing you could do?

Review and Protect

  • Identify Key resources
  • Known issues
  • Quick wins
  • 5-year strategy & budget
  • Review stages

How would you know of an attack, an abnormality and how do you remediate?

  • Logs, Monitoring, Detection & Alerts
  • Incident Procedures – Identify & Remediate.

Post to be continued – These are opinions of the author only.

How To Access A SQL Server 2008 Databases WITHOUT SA (SysAdmin) Credentials

Challenge : How to make a backup of a SQL 2008 database without knowing any working credentials.

Log on to the Windows 2008 R2 server running SQL Server 2008 as a domain admin.

Launch SSMS (SQL Server Management Studio)

Issue the windows credentials have no permissions and there were no obvious groups in AD (Active Directory) which would have access.

So…back to basics…..

PS tools to the rescue

….………………………………………………………………..

Download PS Tools https://docs.microsoft.com/en-us/sysinternals/

Store in c:\temp\

The tool to use is PSexec

Launch command prompt

Browse to c:\temp

Type : psexec -i -s SSMS.exe

This will launch SSMS (SQL Server Management Studio) as system. By luck would have it, window auth under “system” has full SA rights in SQL 2008.

I can then connect to all databases and compete the backups. I can then also check the security permissions for users