Page 133 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 133
Initial Access:
1. RDP
a. If possible, replace RDP with a remote access solution that requires two-factor
authentication; many VPNs now support that. This will require attackers to be verified by,
for example, a code sent via SMS.
b. If you choose to still use RDP, make sure its Windows Update is enabled and is working.
2. Email Phishing
a. Educate the organization’s employees about phishing attacks. Employees should be
suspicious of emails that don’t seem right and not click on suspicious links.
b. Install an anti-phishing solution.
3. Software Vulnerabilities of Internet-Facing Servers
a. Scan your organization’s IP range from outside the network. Verify that all exposed
IP/ports are what you expect them to be.
b. Make sure that automatic security updates are enabled for your exposed services. If one
of your services (such as web servers, for example) does not have that feature, consider
changing it to a similar one that has this feature.
Lateral Movement:
1. Firewalls & Windows Update
Enable firewalls on all of your workstations and servers.
Make sure that Windows Update is enabled. This will ensure that your machines will be patched
for the latest vulnerabilities and will also be less prone to lateral movement techniques.
Microsoft constantly updates their security policies and their firewall rules.
One good example is that they disabled the remote creation of processes using the task
scheduler ‘at’ command.
2. Endpoint Protection
Endpoint protection works. Beyond blocking classic hackers’ techniques, some also have
defenses against ransomware and will protect your assets from encryption.
3. Network Segmentation
Ideally, you would want to minimize the risk of your industrial network being impacted when
suffering a ransomware attack.
a. To the possible extent, separate the IT network from the OT network segment. Monitor
and limit the access between the segments.
133
