BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

How to Stop Pass-the-Hash Attacks on Windows Desktops

Posted June 2, 2014    Morey Haber

The recent publication of attack techniques and the lack of preventative tools have forced enterprises to rely on ineffective techniques to mitigate this risk. Fortunately, by removing administrative rights from all users and leveraging a Windows privilege management solution like PowerBroker for Windows, you can mitigate this risk throughout your organisation.

Some of these techniques steal hash information from the current user logged in locally or via RDP. When those sessions contain privileges above a standard user, the malware or hacker has an advantage because they can elevate their privileges from system to system – from low-level user to high-value permissions such as help desk personnel or domain administrators. The key to protecting these systems when modern tools are not available for Windows 8.1 or Windows 2012 R2 is to never give elevated privileges to users in the first place. Therefore, if malware does infect a host, the hacker can only gain standard user access despite any lateral movement they are able to obtain without leveraging another vulnerability.

So, how does PowerBroker for Windows help? The solution doesn’t elevate the permissions of the user, but rather changes the application’s security token using patent-pending technology:

pass-hash-img1
Again, the user’s privileges never change and the modified application runs with the new security token, which can be customised to any level required for the application to correctly function:

pass-hash-img2

As a result, the user never has a hash that malware or a hacker can leverage against another resource with elevated permissions. In addition, the privileges granted to the application could either be executed as a full administrator or customised to only allow the privileges or process required for the task to execute. For example, the application can be granted full administrative privileges but denied access to shut down the system.

The fact remains that, in most organisations, too many users have excessive privileges. Hacking techniques like Pass-The-Hash have been successfully used to maliciously compromise entire infrastructures. Simply removing privileges can cripple business productivity, since critical applications and tasks can no longer function correctly as a standard user. A tool or technique is needed to bridge that gap, and PowerBroker for Windows is that solution.

PowerBroker for Windows preserves the privileges granted to the user and only modifies the application’s runtime security token to meet the needs of the application (on a per application basis). With over 250 rules in PowerBroker’s sample rules library, you do not need to start from scratch to make this change a reality. Our best practices guide, professional services team, and years of experience in privileged account management can help make hacking techniques like this a moot point for your business.

Tags:
, , , , , , , , ,

Leave a Reply

2 Responses to “How to Stop Pass-the-Hash Attacks on Windows Desktops”

  1. Peter

    Would Powerbroker have prevented the execution of the infamous Trojan that is released by the Amazon faux order entry attack? And, is there a home use version of this software to protect customers’ home networks?

    June 30, 2014 9:59:30, Reply
  2. Morey

    Hi Peter, Depending on the attack vector used the Risk Compliance Rules (vulnerability based application management) could have stopped the Trojan from launching a vulnerability version of Microsoft help or Adobe Acrobat.

    June 30, 2014 10:55:32, Reply

Additional articles

Ponemon_Report

Big Surprise: Cost of Data Breaches Up; Are you Doing the *Right* Things to Mitigate the Costs?

Posted May 28, 2015    Scott Lang

Ponemon Institute Cost of Data Breach Study – costs are going up – to the tune of a 23% increase in total costs of data breaches, and a 12% increase in per-record cost since 2013. Are you doing the right things to mitigate costs?

Tags:
, ,
IRS-Data-Breach

The tip of the IRS data breach – and it IS an iceberg

Posted May 27, 2015    Morey Haber

The IRS has been warned for decades about their security best practices. And now, at least 100,000 Americans have had their records compromised. How? The IRS uses a service called “Get Transcript”.

Tags:
, , ,
dave-shackleford-headshot

Tales from the Datacenter: Vulnerability Management Nightmares

Posted May 27, 2015    Dave Shackleford

Vulnerability scanning, threat management, risk analysis, patching, and configuration management are some of the major activities usually associated with vulnerability management, and none of these are new…so why are we failing so badly at many of them?

Tags:
, ,