Chapter 9 - 04 - Application Security Testing Techniques and Tools - 04_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
OCRed
Tags
Related
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 01_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 02_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 03_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 01_ocred_fax_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 02_ocred_fax_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 05_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Application Security Using ManageEngine Deskt...
Certified Cybersecurity Technician Exam 212-82 Application Security Using ManageEngine Desktop Central for Application Blacklisting O Desktop Central helps in restricting the usage of blacklisted applications as well as portable executables, which can be accessed without installation m('\?:«"' o Barinis s Siesatitn @ | | mne @ Block Executable Features e o ; S¥a » Enables security professionals to T e Ouetus S block the required applications/executables D e SRS —.. °M-'v Lttt b b st b of » Block applications using the i = a following: R o — — T — — 2 s Lot 0t et taat P. res W Ot 3% 3014 1634 70 * Pathrules R P + Hash values e [ D Sredon tasn https//www.maonogeengine.com Using ManageEngine Desktop Central for Application Blacklisting (Cont’d) L] H Add Prohibited Software Prohibited Software Feature § P e i g ABCDEFGHIIKLMNOPQRSTUVWXYZA QO Enables automatic detection and removal of blacklisted :::;::mm:;:;“““’ applications (prohibited applications) e AcrorizA TrueA ImageA Workstation(9.1.3887) ' kt{vx.t Norton Online Backugd1.215.0) QO Security professionals can perform the following: g AetheChnt 186141100 " ActivCliont 6.1 x84{6.01.00034] 1] ActiClient x64(6.2). » o. * 5 H ActivClient x84(6.2) Blacklist applications and block blacklisted applications il Active Diectory Authentication Ubrary for QL Sen Y Active Directory Authentication Library for SQU Sen Active Directory Management Pack Helper Object|d 5. " - i { Active Directory Migration Toct (ADMTY ) Identify blacklisted application in the network i ] Active Directory Rights Maragement Services Client Y H Active Ubrary Explorer 6.1(-) Active Ubrary Explorer 7.4() H Active Library Explorer 9.1() Auto-uninstall - i the blacklisted i applications i i | HActive Litrary Explorer 9.3()ekl Y ActiveBarcode-Trial 5.40(560) ActiveCheck compenert for HP Active Supgort Libra Exempt computers from the auto-uninstallation -uni i routine i ]| e~ mtro=pr for i Activecneck Libr: " HP Active Supgort Y Generate a report on prohibited software : [ e IR Y https://www.manogeengine.com Using ManageEngine Desktop Central for Application Blacklisting Source: https://www.manageengine.com ManageEngine Desktop Central prevents blacklisted applications based on the organization’s policies. It helps in restricting the usage of blacklisted applications as well as portable executables, which can be accessed without installation. The Block Executable and Prohibit Software features of ManageEngine Desktop Central can be used for Application Blacklisting. Module 09 Page 1203 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Application Security Block Executable Feature The Block Executable feature enables security professionals to block applications/executables. It is possible to block executables in all computers or block them for specific users/computers. There are two methods to block an executable/application. = A path rule can be used to block all versions of specific applications based on the name of the executable and its file extension. = A hash value can be used to block executables even if they are renamed. ManageEngin@ ManageEngin9 W) W JumptoSDP License Build BuildNo92118 No92118 @ agmin~ admin Desktop Central 10 Home Configurations Patch Mgmt Software Deployment Inventory MDM Tools Reports Admin Support A ‘ Q ] | Filesystem BConhgwe Group Policy slow link detection if you disable or do not configure this policy setting, Local GPOs QS& Group Policy refresh interval for computers v continue to be applied, < > < \ Extended / Standard/ 31 sesing(s) Figure 9.18: Select “Turn Off Local Group Policy Objects Processing” Policy Setting Module 09 Page 1205 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Application Security o Choose Not Configured and click OK. &5 Tumn & Turn off Local Group Policy Objects processing =)a X mTumoflLocaIGtwpPoficyOO}empmxssing m Tumn off Local Group Pelicy Objects processing T 'P s0u Sets 1T Next Seti 1 3 Cmfigmed me Comment: Comment: OO Ensbled Enabled O Disabled Supperted Supported on: At least Windows Vista Options: Opticns: Help: This policy setting prevents Local Group Pelicy Objects (Local GPOs) from being apphed. spphed. By default, the policy policy settings settings in Local GPOs are applied before any domain-based GPO policy settings. These policy settings can apply to both apply both users and and the the local computer. computer. You You can disable disable the processing and application of all Local GPOs to ensure that only domain-based GPOs are applied. If you you enasble enable thiz policy pelicy setting, the system system does not net process process and and apply any Local GPOs. Ifif you disable or do not configure this policy setting, Local Lecal GPOs continue to be applied. Note: For compcoumtpuers joined to 2 domain, it is gly recommended that you only configure this pelicy setting in domain-based GPOs. This policy setting will be ignored on computers that are joined to 2 workgroup. o] R e i Figure 9.19: Selecting Not Configured option = Enable Local Group Policy on the target system o Right-click Local Computer Policy in the Local Group Policy Editor, select Properties, and check Disable Computer Configuration Settings. r A4 Local Group Group Polscy Pelscy Editor File Action View Help Lecal Computer Policy Properties ? X 01-0 - am s= Hm - Genersl v @& & Computer Config a_:f éj Local Computer > [ SoftwareSetti Setti Help » -Ill A, < > B dows Settirrgy t4 > 0L Adminstratre Adminatratre Templates Templates Summary Sumnay v i, User Configuration Crasted Croated 05Wn-157 BAn-157 364141 AN 36 AM > [ Software Settings Modfied 02:Sep-1530523 02-Sep-1530528 FM > [ Windows Windows Settings Revsors Feazors 1190 Computer). Computer). 354 954 (User) » 0L Admintrative Adminitratre Templates Templates Deman. Deman: NA Ursque name Ursque N/A Dzacie Te mprove pedormance, Lse use these optens optens to dsable dsable unused parts of ths Group Policy Obyect u‘.-dsl'-('nwkl:y(hpu Digabie Comprter Corfiguration setngs L] Qieable User Configuration settnge O] omw e \\ A 7/1k Opens Opmthpmdubgbufwhcmuw the properties dislog box for the current selection. Figure 9.20: Disabling Computer Configuration Settings Module 09 Page 1206 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Application Security = Set the default security policy as “Unrestricted” o Go to Local Computer Policy == Windows Settings == Security Settings -= Software Restriction Policies. o Click Security levels and double-click Unrestricted in the right-side pane. 4 Local Group Polkcy Editor File Fle Action View Hdp e 2D E53/Hm amE3/@m & Local Computer Pobicy Policy -~ Name Descrption Detcnption v & Computer Configuration “+ “+ Dnaliowed Dnallowed Software will not run, regardiess of the access nghts of the [L Software Scftware Settings e¥ Bazc Basic User iififiiii(utnlmlmmmwh ifififiifiu(dcnlmlhflhflnflmk v [ Windows Settngs Settingt » (1] 1] Name Reschaion Reschuticn Policy Pobicy 1. o1 Scripts (Startup/Shutdown) 2 v mm Deployed Printers v [@ Secunty Securty Settings Settings @ & Account Policies (7 (4 Local Policies ] Windows Firewall Fuewall with with Advenc. Network List Maneger (0 Mansger Pobaes Pokaes (1] Public Key Policies 1] ~ Festriction Pehioes Festrction Pehicies 1 C E&uflylaflt > ules 1] Application Centrol Control Policies & 17 Security Policies on Local Ce ] Advenced Audit Pelicy Config oy Policy-based i QoS Policy-based QoS » ] Admmutratrve Admanistrative Templates v i, User Configuration < > Figure 9.21: Setting Security Levels o Click Set as Default in Unrestricted Properties window and click OK. && r File Action View Help Jfin Unrestricted Properties e o 2m BB0 E General =/ Local Computer Policy v A A& Computer Configurati Configuratiot — —_— [ Software Settings > (] RSee—— R v ] Windows Settings > [ Name Resolutior £2 Seripts Scripts (Startup/$ (Startup/¢ Descrption: Description » % =% Deployed Printer v 3 Security Settings > @ Account Poli > A L@ Local Policies > ] Windows Windows Fire ] Network List > ] (] Public Key Pc Status: Not defaut defauk level v ] Software Software Rest R.| Security ]-Addition'j Additiona Tomdceflismgddefugdmnylevdfad To make this the default securtty level for al. software, cick cick Set Setasas Default. Default. > ]) Application Application C C > 8, &, IP Security SecurityPcP >5 ] Advanced AJ Au > gl )i Policy-based Qo# Qo > ) | Administrative Temg Administrative Temg vv %, % User Configuration OK | Cancel I Foply
