by Ben Brown | 11/08/2022
Cyber security is and must be of utmost importance for any business, regardless of size. Every day, businesses are targeted by cyber-attacks, to steal data or disrupt operations. To protect your business https://ronin-pentest.com/services network and infrastructure from cyber attacks it's essential to implement a security strategy that incorporates the theory of presumed compromise. But what does presumed compromise in cyber security mean and what does it consist of?
Presumed compromise in cyber security is a core concept of modern cyber security protection and is based on acceptance of the fact that a business's network will at some point be compromised by an attacker https://ronin-pentest.com/Blog/2022-headline-breaches . This is not intended to be a negative statement but is intended for the benefit of network administrators and all those who use the network.
In the past, networks were designed on the basis that keeping attackers out was both possible and desirable, and that is still the case. However, recently it has been widely accepted and acknowledged that the compromise of any complex network is possible if it is targeted by a determined attacker.
As a result of this acceptance, it is now considered to be 'best practice' to assume that a network will at some point be targeted by an able and motivated attacker and to, therefore, design the network architecture to minimise the impact of such an attack if and when it does take place.
This shift in thinking has led to the development of new security strategies such as network segmentation and least privilege or Zero privilege. These concepts are based on the idea of restricting network access in order to limit the damage that can be caused by an attacker.
This involves implementing network segmentation so that when the attacker gains their initial foothold, they are not then able to access the rest of the internal network. The objective of the network administrator is to make continued compromise within the network as difficult as possible and ideally impossible.
Typically, an attacker who has gained a foothold will be looking to escalate their privileges to eventually gain Domain Administrator privileges. The more of the network that is accessible to them the greater the potential for them to be able to do so. If the network has been segmented into smaller parts which are distinct from each other this is harder to do. If they find they can only access a small number of other machines in their network segment and that all of those machines are using fully up to date software, then they may not be able to escalate their privileges.
Network segmentation is the process of breaking the internal network up in to smaller parts. This means that if one of those parts in compromised by an attacker they are not able to access the whole of the rest of the network and use it in their attempts to escalate their privileges. An example of logical network segmentation would be to divide the network up into departments so that computers in the sales department are segmented from the those in the accounting department. This way any potential breach can be limited in its impact. Once effective network segmentation has been applied, it's at this point, we also need to introduce another core presumed compromise in cyber security concept which is Least Privilege.
This means that each and every task is performed using the least necessary privileges https://www.ncsc.gov.uk/collection/device-security-guidance/security-principles/minimise-the-privilege-and-reach-of-applications to achieve the tasks’ objective and not more. This can be a difficult one to apply and get right as it requires a good understanding of what the user is trying to achieve.
For example, if we take the Domain Administrator, they will need administrative privileges on lots of systems in order to do their job, but this also leaves them open to being targeted by an attacker. So, how can we mitigate this risk?
It’s important that the domain administrator compartmentalises their activities and only uses their high privileged account for actions that require it. An example of an action which does not need high privileges is checking email. If the administrator is logged into their domain administrator account when they check their email, they run the risk that they will click a phishing link and allow an attacker into the network with the privileges of domain administrator right off the bat. This can be prevented by ensuring that all users only check their email and other messaging services using low privileged accounts.
Another example of how the use of high privileged accounts could be taken advantage of by an attacker could be when a regular user needs to elevate privileges for a legitimate reason such as installing new software. If they don’t remember to change accounts back to their normal low privileged account, they could expose their machine to a greater level of risk than that which is expected.
Here are a couple of examples to illustrate how easily an attacker can escalate their privileges in an unsegmented network.
Example 1: If a CEO of a company has Domain Admin privileges just because they are the CEO then this will give them access to the whole network including parts of it that they have no need to have access to in order to carry out their daily function. For example, the CEO doesn’t need to access the development network or have access to the server room. The CEO of a business is one of the most prominent targets within a company, and as such should have the most locked-down privileges. Hierarchy within a business should not be a factor when allocating network access and assumed privilege.
Example 2: A less extreme example is if a worker accesses their workstation using an administrator account and uses that account to check their email. If they then click a phishing email the attacker will land on their machine with all the administrator privileges! This then allows the attacker less difficulty in further escalating their privileges, on their route to complete domain admin access.
By having a presumed compromise in cyber security approach and implementing network segmentation and other security measures, you can protect your business from cyber-attacks escalating. For instance, segmenting the network means that if ransomware gets in it doesn’t spread over the whole network but instead is limited to one area or department.
Within Windows, you can create a non-admin account and use it for day-to-day tasks like checking email. The same applies to users of Apple Mac. Don’t think you’re immune.
Network architecture and privilege allocation need careful planning and consideration. By doing these two things you can make a significant impact on enhancing the security of your business network. It’s not always possible to stop a attacker from getting in, but by having a presumed compromise in cyber security approach, you make it harder for them and can limit the damage if they do get in, increasing the chance of them moving on to an easier target.
Contact us https://ronin-pentest.com/contact for further information on all cyber security measures your business can take.
Start scanning your projects for free. You will get a free breakdown of your security status. Start securing your future now.Get started