Cyber security for the weakest link

Secret, Quick, Quiet

Protection Options On Board

What can you do? Microsoft only introduced an antidote against pass-the-hash attacks in Windows 10. For systems with Windows 7 or Windows Server 2012, you have no real defense against the attacks described above, only optimized procedures, such as not performing daily tasks as an administrator or only allowing Domain Administrator logons on certain computers and locally on the computer itself, which makes it far more difficult for a hacker to attack these privileged accounts. Segmenting Active Directory is another way to minimize risk, and another important defense component is creating different passwords for local administrator accounts. Microsoft provides the Local Administrator Password Solution (LAPS) tool for this purpose. All this means work, but the additional security it offers is genuinely worthwhile.

Windows 10 introduced the Credential Guard security function, but it is not enabled by default. According to current knowledge, Credential Guard protects against pass-the-hash attacks, although other attack vectors are not closed down. Only new methods such as Advanced Threat Analytics or Advanced Threat Protection from Microsoft (or, of course, products from other manufacturers with the same orientation) can help. The primary objective of these products is not so much to prevent the attack as to identify the attack as such and then take appropriate measures.

In the attack sequence described here, for example, these actions could be API calls that are necessary for pass-the-hash attacks. Basically, these API calls are not prohibited, but if they take place on a computer whenever someone logs on, it could be considered suspicious, as could a normal user calling up an encrypted command line and then establishing a network connection. The new security products, then, check whether allowed actions are a little strange in the identified combination and then inform the IT department.

Conclusions

The threat to IT systems has increased massively, but IT departments have generally not geared up adequately and are therefore facing a major challenge. According to experts, practically no company has not been hacked, but some just do not know it.

The consistent development and implementation of a security strategy is something every company needs and is practically mandatory after the introduction of the European Union's new General Data Protection Regulation implemented in 2018. Companies now are obliged to report successful attacks, but to do so, they first need to be able to establish that they have been attacked.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus