Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
![Security 101
Robert Portvliet, technical fellow at Cylance, thinks about what has frustrated him most as a pen tester: companies that do their homework and expose minimal attack surface, '[making] it difficult for an attacker each step of the way,' he explains.
Some techniques, he says, are as simple as properly hardening systems: Prevent PowerShell execution, for example, and don't give adversaries the ability to install new packages. Don't give people more privileges than they really need. Use architecture such as Microsoft Red Forest, which protects the transfer of credentials so attacks like LLMNR poisoning aren't as effective.
Proper network segmentation also helps. 'You can't attack what you can't reach,' Portvliet explains. For example, if two departments aren't required to communicate, segment their networks and disallow interaction. 'It's about removing that easy win,' he says.
He recommends companies approach their environments from an attacker's perspective. Assume each compromise point, come in from the outside, and phish a workstation. If someone can get into your network, he shouldn't be able to become a local admin. Go through the process of a potential compromise and ensure the right defenses are in place for each step.
What you want to do is break multiple parts of the attacker kill chain. 'What I've found in pen testing is if you do the basic stuff and you do it well, it makes the pen test much more difficult,' Portvliet says. 'All the tried-and-true methods no longer bear fruit.'
(Image: Tonsnoei - stock.adobe.com)](https://img.deusm.com/darkreading/security101.jpg)
Robert Portvliet, technical fellow at Cylance, thinks about what has frustrated him most as a pen tester: companies that do their homework and expose minimal attack surface, "[making] it difficult for an attacker each step of the way," he explains.
Some techniques, he says, are as simple as properly hardening systems: Prevent PowerShell execution, for example, and don't give adversaries the ability to install new packages. Don't give people more privileges than they really need. Use architecture such as Microsoft Red Forest, which protects the transfer of credentials so attacks like LLMNR poisoning aren't as effective.
Proper network segmentation also helps. "You can't attack what you can't reach," Portvliet explains. For example, if two departments aren't required to communicate, segment their networks and disallow interaction. "It's about removing that easy win," he says.
He recommends companies approach their environments from an attacker's perspective. Assume each compromise point, come in from the outside, and phish a workstation. If someone can get into your network, he shouldn't be able to become a local admin. Go through the process of a potential compromise and ensure the right defenses are in place for each step.
What you want to do is break multiple parts of the attacker kill chain. "What I've found in pen testing is if you do the basic stuff and you do it well, it makes the pen test much more difficult," Portvliet says. "All the tried-and-true methods no longer bear fruit."
(Image: Tonsnoei – stock.adobe.com)
Latest Comment: We hired him because his resume said he had expert level Puppet skills. We're waiting for lunch so he can show off his Chef skills before HR ...
7 Threats & Disruptive Forces Changing the Face of CybersecurityThis Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Tweet This
0 Comments
