Pre-empting Pass-the-Hash Attacks on Windows Systems

Webinar Registration

Pass-the-Hash risks are just not something you can harden out of your servers or patch your way out of. This is because:

  1. Pass-the-hash attacks are based on some fundamental realities about passwords
  2. The vast number of places password data is stored either temporarily or permanently
  3. Some poor design decisions made long ago and deep within Windows security
  4. The realities of the stack/heap memory model of today's operating systems and application

As long as we use passwords we will be vulnerable to pass-the-hash in some way, shape or form – even if in a purely Kerberos environment.

Traditional pass-the-hash defenses center on eliminating as many instances of password hash data as possible, and on making password hash unique from system to system so that there is less opportunity to obtain hashes and to limit a hashes value when it is obtained.

But in this webinar I'm going to take a step back, walk upstream a ways, and point out a very simple requirement that all pass-the-hash attacks have: the ability to run arbitrary code.

If we can deny attackers that ability we can stop pass-the-hash attacks from ever being attempted.

More importantly consider the fact that pass-the-hash is just one of many, many different attacks used by outsiders to breach our networks and steal information.

But they all depend on the ability to run arbitrary code. Stop arbitrary code and you not only stop pass-the-hash you pre-empt countless other attacks. In this webinar I'll explore the native Windows and 3rd party technologies available to prevent arbitrary code from executing on your endpoint servers and workstations. We will look at Software Restriction Policies and AppLocker. You will learn what works and what doesn't.

Lumension is the perfect sponsor for this webinar thanks to the highly intelligent arbitrary code prevention technology in their Lumension Endpoint Management and Security Suite which Chris Merritt will briefly discuss.

Stopping arbitrary code is like launching a continuous pre-emptive strike against attackers that deny them their #1 requirement.

Don't miss this real training for free ™. Please register now!

First Name:   
Last Name:   
Work Email:  
Phone:  
Organization:  
Country:    
City:  
State:  
Zip/Postal Code:  
Number of Employees?:
Job Title?:
Industry?:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Additional Resources