To build the best defense, know which attack is which

Roger A. Grimes

There are now tools and techniques to substantially decrease the risk of PtH attacks, raising the possibility that in the next few years, we will defeat them. That won't stop attackers in the slightest — they already have very privileged access. If we take away PtH attacks, they'll turn to other options, such as key logging, to get the access they need.

If we're going to minimize malicious hacking over the long term, we need to focus more on stopping initial compromises, because different types of movement attacks will develop as the attackers need them. Shut down one movement attack and they will invent another. It's computer security evolution.

But initial compromises don't change all that much. Malware, social engineering, password guessing, and buffer overflows have been around for decades. Minimize initial compromises and you'll do more to lower your risk.

The best step you can take in your environment to stop initial compromises is to better patch your software and prevent social engineering. The best way to stop movement is to separate your networks (logically or physically) and minimize credential reuse between systems.

Everything else is relatively minor compared to these two defenses in each of the attack types. Focus, focus, focus.

Source: InfoWorld

Previous Page  1  2