Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to prevent horizontal penetration in PowerBroker. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

Use NETSTAT.EXE to monitor open ports and communication connections

After successfully gaining access to the target device, an attacker may try to view the open port and communication connection of the device, which usually uses the "netstat-an" command, and a list of active links is displayed after running. This command is commonly used by many IT administrators, but many ordinary users do not use it. Therefore, the operation of such a command may herald the occurrence of certain security events.

Using passive detection or whitelist rules to monitor the operation of netstat.exe can help us limit some malicious actions and send prompts to administrators if these activities occur. In this way, when suspicious activities or malicious actions are detected by the system, the administrator will understand and monitor these activities as soon as possible.

Modify the system routing table using ROUTE.EXE

Another thing that ordinary users don't run is the Route command, and very few products or administrators in the security community view and modify the routing table of the system.

Similar to the netstat.exe example above, you can use passive rules (including using PowerBroker forWindows) to monitor such activities, or reject rules to block such actions.

Use PSExec.exe to run programs on a remote system

For many system administrators, PSExec is definitely a powerful tool. Although it is very powerful, it will cause great damage to our system if it is not used properly, because many attackers have begun to use PSExec to carry out intrusion attacks. In most enterprise environments, administrators prevent ordinary users from using the application. PowerBroker for Windows has had this feature in previous versions, but recently updated versions can also be combined with horizontal penetration rules to improve security performance.

Reporting function of PowerBroker for Windows

It is very important to monitor and prevent horizontal penetration attacks, and it is also important to collect and analyze these attack activity information. As a result, PowerBroker for Windows also provides a reporting function, which also integrates the BeyondInsightIT risk management platform, where you can report attacks you have detected.

The above is the editor for you to share how to prevent horizontal penetration in the PowerBroker, if there happen to be similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.