CISC 6680 Lecture Notes - Lecture 11: Digital Signature, Ntfs, Whitelist
Document Summary
Endpoint security defenses: anti-virus, high level overview, one of most popular security tools. Is approach to deny all software on system except for specifically allowed software. Manager), providing it a specific location (dns/ip address) that will be whitelisted to allow software installation: monitor path of least resistance for malware, create tighter controls around apps which interact directly w/ Internet/receives info from outside sources: alternate data stream zone id indicates network zone, use windows event logs to categorize source of traffic being investigated, prevents execution of unknown binaries & can lead to investigation. Is technical control which also enables policy control determining why unknown binary attempted execution: block can indicate compromised machine, endpoint forensics. & interactive logons is pass the hash: leverages compromised hashes to remotely access other systems, synchronized accounts & lack of salts contribute to the success of this attack, commonly used to pivot in windows where ntlm is supported.