As we start the school year, security is once again on everyone’s mind. Recent events have brought significant cyberattacks literally to our doorstep. The pace of these attacks is increasing. After consulting with many area Tech Directors about what was most on their mind, we put our heads together and we are going to go back to some basic, foundational steps you can take to better secure your endpoints and ultimately your network. Many are free and a few have costs associated with them. We will still do our Tech Tidbits and some of the general news as well. We hope you will want to come and be part of our security discussions.
Here is what we are working on for our October meeting:
- Application Whitelisting and Blacklisting Part I - EXE Run Lists. This is back to the future topic. As we see many of these advisories go by they contain lists of EXEs that the bad guys are trying to run to launch their attacks. This new “living off the land” concept of fileless malware creates the phenomena where the bad guys are using our own toolset against us. However, most of our users don’t need access to those tools. We’ll discuss how to simply block or allow applications via Group Policy Run Lists.
- Application Whitelist and Blacklisting Part II - AppLocker. If you have heard us talk in the Active Directory hardening webinars, we go on and on about the bad guys using a limited user against us to map the network and launch an attack. Applocker can deny the bad actors the launching point on your workstations by protecting the %userprofile% portion of the computer drive where even a limited user has all rights. For most people, this protection was not possible before your upgrade to Windows 10 Education or Enterprise (not Professional). Now it is. We will re-visit this topic.
- Least Privilege - Limiting the use of administrator and equivalent credentials on the network. Giving only the rights one needs to do the job required is absolutely vital. We will talk about strategies to limit administrator rights including:
- Local Administrator Password Solution (LAPS)
- Delegation of rights for DNS, DHCP, Group Policies and many Active Directory functions.
- Preventing data leaks on your Windows Shares - Misapplied rights can leave your sensitive data exposed to your own people. We'll talk about auditing Windows share access.
- Third-Party Application Patching - Studies show in industry 34% of the announced security issues with third-party applications are still unpatched a year later. We have all gotten better at WIndows patching, but patching all those other applications remains problematic. We will talk about how to get it done.
- Tech Tidbits - Our timely collection of tips and news.
There is no cost to you for these sessions, but advanced registration is required since seating is limited. The presentations will run from 8:30 AM to approximately 12:00 PM. We have breakfast and lunch afterward for you.
To reserve a seat please contact Lisa Evans at firstname.lastname@example.org or via phone at 845-897-9480 x3215.