Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
![Security 101
Robert Portvliet, technical fellow at Cylance, thinks about what has frustrated him most as a pen tester: companies that do their homework and expose minimal attack surface, '[making] it difficult for an attacker each step of the way,' he explains.
Some techniques, he says, are as simple as properly hardening systems: Prevent PowerShell execution, for example, and don't give adversaries the ability to install new packages. Don't give people more privileges than they really need. Use architecture such as Microsoft Red Forest, which protects the transfer of credentials so attacks like LLMNR poisoning aren't as effective.
Proper network segmentation also helps. 'You can't attack what you can't reach,' Portvliet explains. For example, if two departments aren't required to communicate, segment their networks and disallow interaction. 'It's about removing that easy win,' he says.
He recommends companies approach their environments from an attacker's perspective. Assume each compromise point, come in from the outside, and phish a workstation. If someone can get into your network, he shouldn't be able to become a local admin. Go through the process of a potential compromise and ensure the right defenses are in place for each step.
What you want to do is break multiple parts of the attacker kill chain. 'What I've found in pen testing is if you do the basic stuff and you do it well, it makes the pen test much more difficult,' Portvliet says. 'All the tried-and-true methods no longer bear fruit.'
(Image: Tonsnoei - stock.adobe.com)](https://img.deusm.com/darkreading/security101.jpg)
Robert Portvliet, technical fellow at Cylance, thinks about what has frustrated him most as a pen tester: companies that do their homework and expose minimal attack surface, "[making] it difficult for an attacker each step of the way," he explains.
Some techniques, he says, are as simple as properly hardening systems: Prevent PowerShell execution, for example, and don't give adversaries the ability to install new packages. Don't give people more privileges than they really need. Use architecture such as Microsoft Red Forest, which protects the transfer of credentials so attacks like LLMNR poisoning aren't as effective.
Proper network segmentation also helps. "You can't attack what you can't reach," Portvliet explains. For example, if two departments aren't required to communicate, segment their networks and disallow interaction. "It's about removing that easy win," he says.
He recommends companies approach their environments from an attacker's perspective. Assume each compromise point, come in from the outside, and phish a workstation. If someone can get into your network, he shouldn't be able to become a local admin. Go through the process of a potential compromise and ensure the right defenses are in place for each step.
What you want to do is break multiple parts of the attacker kill chain. "What I've found in pen testing is if you do the basic stuff and you do it well, it makes the pen test much more difficult," Portvliet says. "All the tried-and-true methods no longer bear fruit."
(Image: Tonsnoei – stock.adobe.com)
6 Emerging Cyber Threats That Enterprises Face in 2020This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Tweet This
7 Comments
