The term itself refers to the varied techniques that many attackers make use of in order to spread through a particular network as fast as possible – it’s usually the initial step to gain access to data and other valuable information until they move on to the next step of the cyber-attack.
The problem begins once the attacker has gotten hold of sensitive credentials and an identity theft is underway, or the user is at the risk of facing it. This article will help you understand how to use PowerBroker for Unix and Linux in your *NIX server environment, so that you are able to implement the NIST requirements, along with the principles of mature system access model. It will not only limit but also prevent lateral movement from taking place in your environment. You can apply these principles to:
- Access control
- Server configuration (and monitoring)
- Identity management
What are the Principles of a Mature System Access Model?
To be able to monitor the access of an authorized user to a server, is the basic hold you can have for access control. To control their activity once they access the said server falls under Privileged Access Management (PAM) program. Once you get the current versions of PowerBroker for Unix and Linux (PBUL), they enable you to surpass the traditional parameters of the PAM program and allows you to maintain a more secure environment with a stronger server. As a rule, user access must be controlled and monitored closely in order to deny their ability to move from server to server within the environment. Permission must only be granted once the move has been declared safe and appropriate, after a thorough evaluation.
Making smart use of the PBUL policy as the hub to validate and decline requests to access different parts of the server, is a must to control and prevent lateral movement within the environment. Even though PBUL is beyond the traditional systems that organizations make use of for privileged access control and management, it is of great help to those organizations that opt for a more well-rounded security for their servers. Let us lay out the policies and guidelines that must be followed in order to leverage this system to its full capacity.
- Regardless of the type of directory (Active Directory or LDAP), all individual credentials must be directory-based.
- Implement an ironclad password policy
- Multi-Factor Authentication (MFA) must be put in place
- All identities that are provisioned locally must be categorized as “non-human” in order to differentiate more visibly
- Bastion Hosts must be strictly controlled (jump hosts, gateway servers, Taxi servers)
- SSH must be configured in order to permit or decline access – only from trusted servers
- Network Access Controls configuration to control and limit access from point-to-point (within the corporate network)
- Forbid direct “root” and other privileged identity access
Server Configuration and Monitoring
- Monitor server access – including any server logins
- Server configuration must be controlled by making use of automation – no unauthorized alterations must be allowed
- Server access must only be allowed from trusted servers – introduce a scheduling system
- Review server information and update it regularly
Using PowerBroker for UNIX and Linux – Applying the Principles
Apart from the general application of these principles, PBUL also features advanced policies that enable you to collect information to validate configuration as well as accumulate data from client systems.
Organizations that must consider using PBUL are the ones who use a DevOps model – it will not only help to reduce the impact that progressive change brings but also lessen the effect on servers and other internal processes.
Use VPN to Nail the Coffin Shut
Regardless of the nature of your work, or the industry your organization belongs to – you make use of the internet. Most of the cyber attacks are caused by faulty security systems or loopholes through the WiFi system. What really happens between your devices and the internet?
To prevent or limit lateral movements within an environment, before installing any other security programs, a reliable VPN should be your first move. Use this site to choose the right VPN provider for your needs. Using a top-notch VPN on all your devices and workstations will ensure that in case of a lateral movement, the most sensitive of your data is protected. It gives you the ultimate security against identity theft – which is the basic root of most if not all lateral movements within an environment.
In order to attain a strong security stance, one must rely on:
- Directory-based identities
- Securing credentials (system)
- Use PBUL policy and principles to restrict and control server access
- Make use of PBUL principles to validate system information
- PBUL also features a built-in file integrity monitoring system, that proves to be quite a reliable way to keep an eye on any alterations to configurations, so that you can identify and prevent it from taking place.
Making efficient use of PBUL along with a reliable VPN will ensure that a lateral movement within environments is near impossible to take place. And in a situation where even the slightest of a security breach has begun to set in motion, you will be able to identify and prevent it from happening – before any damage has been done.