Page 101 - index
P. 101
Two-Factor Authentication: There are many forms of two-factor authentication available for end users.
A free, in-depth report on the topic can be found here: http://www.fortinet.com/resource_center/solution_briefs/two-
factorauthentication.html. By implementing two-factor authentication for remote users or users that require
access to sensitive information, an organization can make it difficult for an attacker to take advantage of
lost or stolen credentials, as the attacker would need to provide a second form of identification in order
to gain network access. Commonly used two-factor authentication methods include the standard
username and password plus a hardware- or software-based authentication token, which provides a
one-time, time-sensitive password that must be entered when the username and password is presented
to the authentication server.
USB Drive Restrictions: Many computers will accept a USB thumb drive implicitly and execute any
autorun applications located on the drive. A drive that has malicious code planted on it can be all an
attacker needs to gain an initial foothold in a network. Limiting USB drive access to employees on an as-
needed and justified basis is a good idea; banning them outright is even safer. If USB drive access is
necessary, enabling a proper Group Policy to prevent a drive from autorunning is essential.
Limiting Access to Cloud-based File Sharing: Services such as Dropbox have enjoyed wide scale adoption
both at home and in the workplace. As with USB drive access, it is important to limit access to these
programs unless absolutely necessary. Cloud-based file sharing and syncing applications can make it
trivial for an attacker to compromise a home computer and move malware into a corporate network
when a user syncs the files they took home the night before.
It’s clear that some groups will stop at nothing to get their hands on data they are interested in.
Putting it All Together
While there is no panacea that will eradicate the risk of APTs, organizations can put the odds in their
favor by adopting a multi-layer and integrated defense strategy. While firewalls and intrusion prevention
technologies are necessary, they are just the beginning of a comprehensive and effective security
posture. That holistic strategy should also include antimalware technologies, combined with robust data
leakage and role-based security policies. Meanwhile, in addition to antispam and Web filtering solutions,
enterprises also need to implement application control mechanisms in order to block APTs at various
stages of the attack process.
About The Author
Richard Henderson is a Security Strategist and Threat Researcher for Fortinet's
FortiGuard Labs.
When he isn't researching the latest wave of online threats and malware, he can be
found grinding gears through British Columbia's mountain roads or under the hood
of his vintage BMW.
101 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
