Skip to content

Instantly share code, notes, and snippets.

@loftwah
Last active Jul 8, 2021
Embed
What would you like to do?
Access Prevention Checklist

Initial Access Prevention Checklist

  • Audit you internet facing attack surface
  • Audit your remote access services configuration
  • Ensure perimeter security services are up to date and running in a hardened and secure configuration
  • Ensure you have strong authentication controls.
  • Ensure you have good password policies and controls deployed.
  • Ensure account lockouts are enabled.
  • Ensure password audits are conducted.
  • Ensure event logs are shipped and monitored.
  • Where possible deploy multi-factor authentication.
  • Where possible add layers e.g. a VPN (note this is not a magic bullet as you will have realised by the number of RCEs in VPN products in 2020)
  • Ensure you have mail security services.
  • Where possible disable macros on endpoint devices.
  • Ensure you are running antimalware services.
  • Ensure you have logging enabled.
  • Deploy hardened configurations.
  • Deploy Application/Binary Allow lists (e.g. applocker)
  • Disable unsafe file extensions e.g. MSHTA, VBS, WSH, JS etc.
  • Disable Powershell
  • BLock risky extentions e.g. ISO, VHD/VHDX
  • Restrict risky egress traffic.
  • Leverage a protective DNS service.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment