- Audit you internet facing attack surface
- Audit your remote access services configuration
- Ensure perimeter security services are up to date and running in a hardened and secure configuration
- Ensure you have strong authentication controls.
- Ensure you have good password policies and controls deployed.
- Ensure account lockouts are enabled.
- Ensure password audits are conducted.
- Ensure event logs are shipped and monitored.
- Where possible deploy multi-factor authentication.
- Where possible add layers e.g. a VPN (note this is not a magic bullet as you will have realised by the number of RCEs in VPN products in 2020)
- Ensure you have mail security services.
- Where possible disable macros on endpoint devices.
- Ensure you are running antimalware services.
- Ensure you have logging enabled.
- Deploy hardened configurations.
- Deploy Application/Binary Allow lists (e.g. applocker)
- Disable unsafe file extensions e.g. MSHTA, VBS, WSH, JS etc.
- Disable Powershell
- BLock risky extentions e.g. ISO, VHD/VHDX
- Restrict risky egress traffic.
- Leverage a protective DNS service.
Last active
July 8, 2021 02:38
-
-
Save loftwah/622ca612d928b590356704a22c08aa2f to your computer and use it in GitHub Desktop.
Access Prevention Checklist
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment