Wednesday Mar 31, 2021

Patching strategy and lessons from the Exchange HAFNIUM attack

Exchange HAFNIUM attack

  • Pretty much every Exchange server on the planet got hacked that was internet accessible without protections in front of it
  • Anything that does not have MFA protections in 2021 is going to be hacked, especially if it is accessible from the internet
  • Not having MDR and THIS with zero trust posture is just not acceptable
    Yes this is increasing the cost substantially, but your alternative is what?
  • It is possible to proxy the traffic ingressing to the Exchange server and inspect that for IPS signatures
    Fireboxes Detect HAFNIUM Attacks in the Wild | Secplicity - Security Simplified
  • It is also possible to put a web portal in front of the Exchange server that is required to be accessed with MFA before it would be possible to use the services there.
    Reverse Proxy for the Access Portal (watchguard.com)

 

Patching properly and thoroughly is an art form

  • Getting updates deployed for an operating system requires quite a bit of technique and multiple layers with validation
  • How thorough is your third party patch catalog and platform?
  • Are you looking for EOL or deprecated software?
  • Are you cataloging what business software is dependent on deprecated junk and what are you doing about getting rid of it?
  • How frequently are the physical machines being patched for firmware, drivers, BIOS?
  • Do you have mechanisms to update PowerShell?
  • Are you auditing and restricting WMI and PowerShell?

 

Ubiquiti - multiple significant security fails

Ubiquitous for all the Wrong Reasons | Secplicity - Security Simplified

Comments (0)

To leave or reply to comments, please download free Podbean or

No Comments

Copyright QPC Security All rights reserved.

Podcast Powered By Podbean

Version: 20230822