Jeremy Johnson

Home/Jeremy Johnson

About Jeremy Johnson

This author has not yet filled in any details.
So far Jeremy Johnson has created 7 blog entries.

Default Credentials, Simple but Devastating – WST


October 10, 2019 Default Credentials, Simple but Devastating - WST A common weakness we encounter on Internal Penetration Tests is not what you may expect.  It is not the latest 0-day vulnerability, nor is it a hard to exploit vulnerability.  Sometimes all it takes is a web browser to result in a simulated (or real) attacker gaining full control over your entire network:  Default Credentials. While simple and seemingly a “no brainer” to fix, the reality of modern production networks is that even with mature change control, devices and applications still configured with default credentials can happen.  [...]

Default Credentials, Simple but Devastating – WST2019-10-10T21:36:02+00:00

The Risk from Offering Public Wi-Fi-WST


September 12, 2019 The Risk from Offering Public Wi-Fi - WST Many organizations want to offer wireless internet access for customers.  There are a variety of reasons for this ranging from convenience to supporting devices used for helping customers open accounts. This must be done carefully, with all risks taken into consideration. Even when implemented as a completely separate network from your internal LAN, offering wireless network access to guests can still carry risk.  Take for example a case in the Midwest several years back where an organization had the FBI show up with a search warrant based [...]

The Risk from Offering Public Wi-Fi-WST2019-09-12T16:29:23+00:00

Ransomware – It Never Went Away – WST


August 29, 2019 Ransomware – It Never Went Away - WST Unfortunately, Ransomware (malware that encrypts all of an organization’s files and asks for money to decrypt them) is still a current and very real threat.  Like all attack methods, it has only matured and become more dangerous over time.  Automated ransomware is getting better at finding and quickly encrypting as much as possible.  And, the more skilled hackers have found that if they breach a network via phishing, gaining admin access to the environment allows them to destroy backups first, before encrypting everything…making a victim payout much [...]

Ransomware – It Never Went Away – WST2019-08-29T19:09:12+00:00

Perimeter Security Basics – WST


August 22, 2019  Perimeter Security Basics (Spoiler Alert: It doesn’t start with a firewall.) - WST When thinking of perimeter security (or the security controls that protect where your trusted network touches less-trusted networks), many of us start thinking about the obvious controls, firewalls, routers, access rules, etc.  But in many cases, we see organizations struggle with a more basic concept: Where is my actual perimeter? We are not talking about the often-repeated mantra of “There is no perimeter anymore.” (A valid discussion, but not the goal today) but the basic question of “Where does my network touch [...]

Perimeter Security Basics – WST2019-08-22T22:35:45+00:00

Penetration Test and the Vulnerability Assessment


Penetration Test vs the Vulnerability Assessment Some say Potato, some say Patato. The term "Penetration Test" has been thrown around a lot in the Information Security industry. Some vendors and institutions use the term Penetration Test interchangeably with "Vulnerability Scan" (or Assessment), when in fact, the two define very different scopes, methodologies, and deliverables. The recently updated FFIEC Information Security Booklet discusses these types of tests and offers definitions and expectations of what is required of financial institutions in these areas. The short story is that yes, both are different, and yes, both are needed as part of an effective [...]

Penetration Test and the Vulnerability Assessment2019-07-16T18:27:08+00:00

The Patch is Only the Beginning


The Patch Sometimes it is only the beginning. Not all patches work out of the gate. Anyone who has been responsible for patch management knows that it is a never ending cycle of download, test, patch and repeat. What is often overlooked, unfortunately, is that sometimes, even when a patch is applied, the vulnerability it is supposed to fix isn't always fixed…not right away at least. Over the past few years, there have been several Microsoft vulnerabilities that need additional action after the patch is applied to actually render the vulnerability remediated. When performing Internal Vulnerability Scanning, time and again [...]

The Patch is Only the Beginning2019-07-30T21:52:54+00:00

Exposed Management Consoles


Exposed Management Consoles - A look at Microsoft Exchange In most organizations where we find Microsoft Exchange, we find Outlook Web Access (OWA) open to the internet. Generally, external access to OWA and ActiveSync is allowed when mobile users are accessing Exchange email. This is all hosted using Microsoft's Internet Information Services (IIS). What many administrators may not realize is what other websites are running by default and may be exposed to the internet as well. Microsoft Exchange uses different server roles to determine what services a server offers and hosts. The Client Access role generally is what provides services [...]

Exposed Management Consoles2018-04-02T17:53:46+00:00