• Complain

Morey J. Haber - Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations

Here you can read online Morey J. Haber - Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2018, publisher: Apress, genre: Computer / Science. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Morey J. Haber Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations
  • Book:
    Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations
  • Author:
  • Publisher:
    Apress
  • Genre:
  • Year:
    2018
  • Rating:
    4 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 80
    • 1
    • 2
    • 3
    • 4
    • 5

Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

See how privileges, passwords, vulnerabilities, and exploits can be combined as an attack vector and breach any organization. Cyber attacks continue to increase in volume and sophistication. It is not a matter of if, but when, your organization will be breached. Attackers target the perimeter network, but, in recent years, have refocused their efforts on the path of least resistance: users and their privileges.In decades past, an entire enterprise might be sufficiently managed through just a handful of credentials. Todays environmental complexity means privileged credentials are needed for a multitude of different account types (from domain admin and sysadmin to workstations with admin rights), operating systems (Windows, Unix, Linux, etc.), directory services, databases, applications, cloud instances, networking hardware, Internet of Things (IoT), social media, and more. When unmanaged, these privileged credentials pose a significant threat from external hackers and insider threats.There is no one silver bullet to provide the protection you need against all vectors and stages of an attack. And while some new and innovative solutions will help protect against or detect the initial infection, they are not guaranteed to stop 100% of malicious activity. The volume and frequency of privilege-based attacks continues to increase and test the limits of existing security controls and solution implementations.Privileged Attack Vectors details the risks associated with poor privilege management, the techniques that hackers and insiders leverage, and the defensive measures that organizations must adopt to protect against a breach, protect against lateral movement, and improve the ability to detect hacker activity or insider threats in order to mitigate the impact.What Youll LearnKnow how identities, credentials, passwords, and exploits can be leveraged to escalate privileges during an attackImplement defensive and auditing strategies to mitigate the threats and riskUnderstand a 12-step privileged access management Implementation planConsider deployment and scope, including risk, auditing, regulations, and oversight solutionsWho This Book Is ForSecurity management professionals, new security professionals, and auditors looking to understand and solve privileged escalation threats

Morey J. Haber: author's other books


Who wrote Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations? Find out the surname, the name of the author of the book and a list of all author's works by series.

Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Morey J. Haber and Brad Hibbert 2018
Morey J. Haber and Brad Hibbert Privileged Attack Vectors
1. Privileges
Morey J. Haber 1 and Brad Hibbert 2
(1)
Heathrow, Florida, USA
(2)
Carp, Ontario, Canada
Today, privileges based on credentials are one of the lowest-hanging fruits in the attack chain. Threats include the following:
  1. Insiders having excessive and unmonitored access to accounts, opening the potential for misuse and abuse.
  2. Insiders that have had their accounts compromised through successful phishing, social engineering, or other tactics.
  3. Accounts that have been compromised as the result of poor credentials, passwords, devices, and application models allowing attackers to compromise systems and obtain privileges for malicious activity.
Note
The 2017 Verizon Data Breech report highlighted that 81% of external related breaches leveraged stolen or weak passwords.
To understand how privileges can be used as a successful attack vector, a clear definition of privileges needs to be established. In a basic definition, a privilege is a special right or an advantage. It is an elevation above the normal and not a setting or permission given to the masses. An example is the relationship to education. Education is a right, not a privilege. Everyone has the right to education and thus a Standard User has the same rights as everyone else. Information technology users have rights that are global to all authenticated users. As these user accounts are created and provisioned, they are granted these standard rights. This could be basic access to a keyboard and mouse, Internet browser, or even office applications such as email. A privileged user has rights above that. That may include the ability to install other software or just change office features and settings, or perform other routine maintenance tasks such as managing backups . This does not mean they are an administrator. It means they have been granted privileges, at a granular level, above the baseline of Standard User. This granularity can have as many levels and features as an organization deems fit. The most basic interpretation is two levels:
  1. Standard User shared rights granted to all users for trusted tasks.
  2. Administrator a broad set of privileged rights granted for managing all aspects of a system and its resources. This includes installing software, managing configuration settings, applying patches, managing users, etc.
However, some organizations will define privileges across four fundamental levels :
  1. No access that is you do not have a user account or your account has been disabled or deleted. This is the denial of any form of privileged access, even anonymously.
  2. Guest restricted access and rights below a standard user. Many times this is associated with anonymous access.
  3. Standard User shared rights granted to all users for trusted tasks.
  4. Administrator authorization to effect on the assets runtime, configuration, settings, managed users, and installed software and patches. This can also be further classified into local administrator rights and domain administrative rights affecting more than one resource.
While this perspective of privileges is at a macro user level, it is very important to understand the micro level of permissions down to the token and file to formulate a proper defense. It is myopic to consider privileges are only a part of the application you are executing. Privileges must be built into the operating system, file system, application, database, hyper-visor, cloud management platform, and even network via segmentation to be effective for a user and application-to-application communications. This is true if the authentication is granted by any mechanism from a username and password or a certificate key or pair. The resource interpretation of the privileges cannot be just at any one layer to be truly effective. So lets have a deeper look.
Guest Users
As a Guest User your privileges are strictly limited to specific functions and tasks you can perform. In many organizations guests are restricted to isolated network segments with basic access perhaps access to the Internet for visiting vendors. If these unmanaged computers are, or become compromised, the risk is mitigated with limited access to organizations resources. For example, a network scan from a compromised guest machine will not (or at least should not) provide the attacker direct access to corporate systems and data.
Standard Users
As a Standard User , you have basic privileges above a Guest to perform additional tasks and to fulfill the missions that a specific job function requires. While organizations may forego even Guest Users, it is typical to have granular levels between a Standard User and a Full Administrator. Typical organizations may have 100s or 1000s of different standard user roles designed to balance access and efficiency with risk. Each role has been granted specific access to systems, applications, and data required for their specific job. In many cases a user may be a member of multiple roles depending on their specific job requirements . For example, low-access roles (also called basic roles, basic entitlements, birth rights) are typically provided to each organizational user (employee, contractor) to provide basic access. Perhaps this provides access to an email account and general Intranet for information seeking. Next would be specific roles that would add additional access based on the job itself. See Figure for a very basic example of a role hierarchy in a manufacturing environment.
Figure 1-1 Example of a Role Hierachy in a manufacturing environment In this - photo 1
Figure 1-1
Example of a Role Hierachy in a manufacturing environment
In this example, the banding and nesting of granular permissions within business roles may allow certain users access to a web server but not access to a database or vice versa. From the perspective of a threat actor, compromising accounts with elevated rights is typically the target as these credentials are the ones that have access to sought-after systems and data.
Malicious activity does not require full domain administrative or root rights (even though that reduces technical barriers and makes it easier for them to conduct nefarious activity). For example, if the user is a manufacturing floor worker, their potential privileges are limited by their job role (barring a vulnerability and successful exploit). If the target user is an information technology administrator such as a server administrator, desktop administrator , database administrator, application administrator, or executive, the associated privilege risk will be higher as these employees have been granted additional access as defined by their role. This makes them desirable targets for a threat actor. Take, for example, an attacker who wants to gain access to a corporate database or file system with sensitive data (see Figure ).
Figure 1-2 Example of an attacker who wants to gain access to a corporate - photo 2
Figure 1-2
Example of an attacker who wants to gain access to a corporate database or file system with sensitive data
Do they
  1. Directly attack the hardened database or system housing the sensitive data. A system that is likely patched, monitored, and incorporates advanced threat detection and attack shielding technologies.
Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations»

Look at similar books to Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations»

Discussion, reviews of the book Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.