Skip to content

Instantly share code, notes, and snippets.

@loftwah
Last active July 8, 2021 02:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save loftwah/622ca612d928b590356704a22c08aa2f to your computer and use it in GitHub Desktop.
Save loftwah/622ca612d928b590356704a22c08aa2f to your computer and use it in GitHub Desktop.
Access Prevention Checklist

Initial Access Prevention Checklist

  • Audit you internet facing attack surface
  • Audit your remote access services configuration
  • Ensure perimeter security services are up to date and running in a hardened and secure configuration
  • Ensure you have strong authentication controls.
  • Ensure you have good password policies and controls deployed.
  • Ensure account lockouts are enabled.
  • Ensure password audits are conducted.
  • Ensure event logs are shipped and monitored.
  • Where possible deploy multi-factor authentication.
  • Where possible add layers e.g. a VPN (note this is not a magic bullet as you will have realised by the number of RCEs in VPN products in 2020)
  • Ensure you have mail security services.
  • Where possible disable macros on endpoint devices.
  • Ensure you are running antimalware services.
  • Ensure you have logging enabled.
  • Deploy hardened configurations.
  • Deploy Application/Binary Allow lists (e.g. applocker)
  • Disable unsafe file extensions e.g. MSHTA, VBS, WSH, JS etc.
  • Disable Powershell
  • BLock risky extentions e.g. ISO, VHD/VHDX
  • Restrict risky egress traffic.
  • Leverage a protective DNS service.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment