TECH TALK
1. Use Standard User Accounts.
Enforce that all users have
a standard user account.
Administrators across all platforms
should log in with their standard
accounts as normal practice.
They should only log in with
administrative rights when they
need to perform administrative
tasks. This might sound obvious and
reasonable but in practice, doesn’t
always happen
2. Enforce the Principle of Least
Privilege. If a user does not need
access to systems, applications
or data, remove it. As a first step
remove administrator rights on
desktops for all users
3. Implement Application Whitelisting.
Implement policy to allow known
good applications and log all other
applications and launch attempts.
If possible, restrict launching of end
user applications with known critical
security vulnerabilities
on the planet makes recommendations
on reducing the risks associated with
each stage of the attack, it is worth
focusing on the stage related to lateral
movement. If you can create barriers
to move laterally you may be able to
protect access to high-value assets, or
at least slow the attacker down enough
so you can adequately contain the
outbreak and mitigate the impact of
the breach. To that end, below are 10
steps organisations can take to stop
lateral movement:
www.intelligentcio.com
4. Require Multifactor Authentication.
Implement multi-factor
authentication for access to internal
systems, applications and even
data. While implementing static
multi-factor authentication based
on whether a system or application
is good, getting too restrictive can
become frustrating for users. Look
for solutions that can also restrict
access based on the risk associated
with the environment or activity.
For example, if someone tries to
launch a sensitive application after
hours for the first time, or tries to run
a sensitive command on the Unix
server that is missing critical patches,
step up the security and trigger to
re-authenticate with multi-factor
5. Use Context-Based and Adaptive
Access Controls. At some point
people need access to do their jobs,
but continue to lock down when they
have access, and from which location
they have access. Restricting access
based on static elements like time of
day or subnet is good, but restricting
access dynamically based on risk (i.e.
does a ticket exist for the access, does
Brad Hibbert, Lead Solutions
Strategist at BeyondTrust.
“One product
will certainly
not provide
the protection
enterprises
need against
all stages of an
attack.”
this request adhere to normal access
patterns, have I received recent alerts
from my threat detection layers, etc.)
adds greater protections
6. Implement Strong Password
Policy Management. Require
strong passwords, which should
be changed frequently. Deny
password reuse. Log failed
authentication requests
7. Automate Password
Management. Require unique
passwords across all privileged
systems and accounts. Eliminate
hard coded passwords in service
accounts and scripts. Implement
SSH key management tools
INTELLIGENTCIO
85