You become tied into a game of whack-a-mole, an arms race of constantly updating the list of threats to be kept at bay. But the problem with blacklisting is pretty obvious – you are reliant on knowledge of every possible executable that a hacker might use, and need to then add it to your blacklist. For instance, you could blacklist executables such as PowerShell, the Registry Editor, known exploit tools like Metasploit or utilities that hackers might leverage such as the PSTools suite. Simply put, blacklisting is where you stop users running “known bad” applications. So not only does effective application control protect you, it adds a further layer of alerting that can spot an attack in its early stages. But if you are strictly controlling what users can execute, not only do you block the attacker from escalation, but you can also identify possible indicators of compromise simply by the very action of attempting to run these items.
In an “open” environment, an attacker within your network can introduce their own executables and scripts, opening up possibilities for further compromise and move closer towards the Holy Grail of accessing all of your data and infrastructure. All breaches involve some form of pivoting which generally involves running utilities which shouldn’t be allowed to run in hardened environments.Ĭontrolling what a user can execute is a pivotal part of this approach. Ensuring that an attacker cannot move laterally through a compromised network is crucial – if penetration occurs, we need to make sure that it is as difficult as possible for the attacker to broaden the scope of their attack and gain a deeper foothold into your environment. Whereas we have all for a very long time concentrated on maximizing performance – looking at how we create the best possible “user experience” – security is another big concern for consultants, architects and administrators. Securing your environment is a huge deal these days.
#Applocker best practices software#
This article is aims to be a comprehensive guide to creating a secure Software Restriction Policy and is quite a long read – we recommend you bookmark it now so you have it to hand when you need it.
0 kommentar(er)
