STE WILLIAMS

DEF CON Windows Server admins keep making mistakes that let criminals target the OS, according to Microsoft’s lead security architect for Azure management Lee Holmes, Redmond therefore wants you to harden up by using PowerShell Just Enough Administration.

“In running Just Enough Administration, the idea is that admins are your attack surface and you can’t treat them as buddies anymore,” he said. “We need admins but people make mistakes. Everything they can do an attacker can do as well, if you’re worried about PowerShell attacks you have to be worried about admins.”

The key to controlling administrator accounts is reducing the time such accounts can be used, and ensuring users have only the privileges they need to do do their jobs. Such restrictions, Holmes argued, can dramatically reduce the attack surface available to hackers.

One of the most common mistakes, he said, was leaving RDP and Telnet connections exposed online. Language modes are also a big issue. NoLanguage mode is the only safe language mode he said, and hackers have proven adept at subverting constrained languages to worm their way onto systems.

Holmes rated vulnerable functions the biggest danger: tools like the Invoke-Expression cmdlet let users run scripts on a local computer. The security implications of doing so are obvious, yet many are offered privileges to use the cmdlet.

“So we’re releasing PowerShell injection hunter, which does all this automatically,” Holmes said. “This will flag everything that you might be worried about and it has integration with Visual Studio code.” ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/07/30/azure_boss_advises_windows_server_hardening/