Cross-Domain Innovation: Using a PAM solution for efficient mitigation of Pass-the-Hash attacks

25 October 2016

During the ‘Move Laterally’ phase of a cyber-attack the Pass-the-Hash (PtH) method is often used to jump from one system to another in Windows networks. The best way to deal with PtH attacks is to use only locally defined privileged accounts with individual passwords because the related hashes are not valid on other systems. For more details please see the NSA IAD guideline ‘Reducing the effectiveness of Pass-the-Hash‘.

Using individual passwords on thousands of Windows systems is a really big challenge. In addition, since network login with local users has to be deactivated, the effort for the administrators is significantly increased. With this, the NSA suggestions will, if at all, only be implemented in very few organization.

Today, I participated in a great presentation of BeyondTrust’s Enterprise Password Management solution. Although primarily designed for privileged account management, the solution provides all the capabilities for the efficient management of local privileged accounts, and even with one-time passwords and automated creation of rdp sessions to the target systems. With this, PtH attacks can be mitigated nearly without any extra effort for the administrators.

Have a good day.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s