Cybersecurity: Lateral Movement

What is Lateral Movement

Lateral Movement is a technique of  a malicious user moving from one system to the next in an attempt to gain access to critical business systems.

Lateral Movement Techniques

Since this is a serious risk technique that could lead to a breach of your critical business systems, you need to be able to detect and respond to these types of attacks. This isn’t one thing you are trying to detect or prevent, but a series of attack techniques that you have to build a methodology around, with more than one response to remediate the attack type.

This attack methodology requires the additional compromise of user account credentials. Using these account credentials, the attacker attempts to access other nodes by moving laterally through the network.

Examples of lateral movement attacks include:

Lateral Movement Detection

There’s more than one approach to identifying this type of malicious activity. You might need to use a collection of detection techniques in an attempt to detect this type of attack. It won’t be simple or easy, but once you start understanding this type of attack, various techniques used, and the type of detection methods at your disposal you’ll have a better chance of preventing a successful attack. Continue reading “Cybersecurity: Lateral Movement”

Network Account Security Checklist

Network security starts with creating and maintaining proper user accounts. While it is assumed that network security processes are obvious when it comes to user accounts, I thought it might be helpful to document some of the best practices for the less experienced people that might be tasked with maintaining this process at their company.

Remember that having an established procedure and setting realistic expectations allow you to provide some consistency into your IT processes. Consistent processes tend to be repeatable and reliable, which also means you reduce the chance of surprises and security headaches.

Unique User Accounts – Users should never be sharing user network accounts. Every user must get a unique network account, usually some combination their first and last name. Each user should be responsible for creating and maintaining their own password and they should know to never share their password with anyone. Remember to provide “least privilege” to each account. If the user requires additional access as their role changes the modification request should be made in writing, when possible, from an authorized supervisor.

Continue reading “Network Account Security Checklist”

SQL Server Management Studio -16.3 Release – Now Available

While version 16.4 of SQL Server Management Studio (SSMS)has been announced by Microsoft, you are asked to continue to use version 16.3 until some code issues are resolved. You can download version 16.3 (13.0.15700.28) here.

Information about 16.3

  1. SSMS monthly releases are now branded numerically.
  2. New authentication option‘Active Directory Universal Authentication’. This is a token-based authentication mechanism driven by Azure Active Directory that supports multi-factor, password, and integrated authentication mechanisms.
  3. New Extended Events templates matching the functionality of SQL Server Profiler templates (Microsoft Connect item #2543925). Learn more about the included SQL Server Profiler templates.
  4. New ‘Get-SqlLogin’ and ‘Remove-SqlLogin’ cmdlets to help perform SQL Server login management using PowerShell(Microsoft Connect item #2588952).
  5. New PowerShell cmdlet ‘New-SqlColumnMasterKeySettings’ that adds support for creation of column master keys for arbitrary providers and key paths.
  6. New ‘Create database’ dialog to streamline creation of Azure SQL databases in SSMS.
  7. Support for filtering in the ‘Databases’ node of SSMS Object Explorer. Navigate to the ‘Databases’ node in Object explorer and click the filter icon in the Object explorer toolbar to filter the list of databases.
  8. Support for Azure-Resource Manager (ARM) type storage accounts in the Backup and Restore wizards.
  9. Initial beta support for high-resolution displays. (Microsoft Connect item #1129301).
  10. Improvements in Database Engine Tuning Advisor (DTA) to support automatically reading a workload from the SQL Server Query Store.
  11. Improvements in Database Engine Tuning Advisor (DTA) to display index recommendations for clustered columnstore indexes, non-clustered columnstore indexes, and rowstore indexes.
  12. Support for sending Database Console (DBCC) commands using SQL Server Analysis Services PowerShell cmdlets.
  13. Bug fix to view cleartext of decrypted AlwaysEncrypted large object (LOB) columns in SSMS (Microsoft Connect item #2413024).
  14. Bug fix in Always Encrypted dialog to fix crash when Windows visual styles aren’t enabled (e.g. enabling high contrast display).
  15. Bug fix for ‘Method not found’ error preventing connection to SQL Server instances (Microsoft Connect item #2925257).
  16. Bug fix for SSMS crash when creating a partition function with datetime offset.
  17. Bug fix to remove Microsoft .NET 3.5 requirement for starting Distributed Replay administration tool (DReplay.exe).
  18. Bug fix in Analysis Services Deployment wizard to support fully-qualified server names.
  19. Bug fix in SSMS to display partitions in Analysis Services tabular models with a 2016 compatibility model (Microsoft Connect item #2845053).
  20. Performance improvements and bug fixes in Analysis services tabular models, and SQL Server Shared Management Objects (SMO).
  21. Improvements to LQS and operator progress.

Information about 16.4

  1. New ‘Add-SqlLogin’ cmdlet to enable new login management scenarios using PowerShell.(Microsoft Connect item #2588952)
  2. New ‘Read-SqlTableData’, ‘Read-SqlViewData’, and ‘Write-SqlTableData’ cmdlets to view and write data using PowerShell.(Microsoft Connect item #2685363)
  3. Improved support and usability for users connecting to various national clouds.
  4. Fixed an issue where an Out Of Memory Exceptions were being thrown.(Microsoft Connect item #3062914 and #3074856)
  5. Fixed an issue where filtering by schema was not a valid filter option.(Microsoft Connect item #3058105 and #3101136)
  6. Fixed an issue where the Monitor window for a stretched database would not be accessible.
  7. Fixed an issue where the F1 Help always opened online content. Users can now select whether they prefer online or offline help via the “Set Help Preference” in the Help menu.(Microsoft Connect item #2826366)
  8. Fixed an issue where scripting out a 1200-level Analysis Services tabular model wouldn’t strip out the password for scripting, even though the server version had (client model object is now sync’d before scripting).
  9. Fixed an issue where ‘SELECT TOP N ROWS’ option generated deprecated syntax for the the TOP operator.(Microsoft Connect item #3065435)
  10. Fixed various layout issues throughout SSMS, including the Login Properties page and Advanced Query Execution Options.(Microsoft Connect item #3058199, #3079122, and #3071384)
  11. Fixed an issue where a solution was created automatically whenever a user opened a new query window.(Microsoft Connect item #2924667, #2917742, and #2612635)
  12. Fixed an issue where temporal tables could not be expanded in Object Explorer when in system databases.(Microsoft Connect item #2551649)
  13. Fixed an issue where SSMS runs a query to SELECT @@trancount after executing a batch.(Microsoft Connect item #3042364)
  14. Fixed an issue in Analysis Services where creating a script from a server’s properties page resulted in a hidden connection dialog.
  15. Fixed an issue where Ctrl+Q would not select the Quick Launch toolbar.
  16. Fixed an issue where changing the MaxSize of a database using the Server Properties dialog was broken for databases > 2 TB.(Microsoft Connect item #1231091)
  17. Fixed an issue where the Restore Database wizard wouldn’t accept filenames with leading whitespaces:(Microsoft Connect item #2395147)
  18. Fixed an issue in SSMS where an Analysis Services Server admin after scripting server properties may see a “No permissions” error in the dialog.
  19. Fixed an issue where the Server Properties page could show the incorrect collation for databases in Azure.
  20. Fixed an issue where creating a database in Azure threw a ConnectionFailure exception.
  21. Fixed an issue where SSAS PowerShell scripts wouldn’t work on machine without Analysis Services server instance also installed.
%d bloggers like this: