Securing user identity
Thus far, the emphasis of this chapter has been on securing the endpoint, which is often the starting point for ransomware attacks. So, what if the endpoint still gets compromised? Well, we also need to have safeguards in place to ensure that our account or credentials are not used for the attacker to do lateral movement in the network.
Another part is ensuring that the external services we are using are also protected with multifactor authentication to ensure that attackers cannot do brute-force attacks or simple credential injections to gain access to our services.
Lastly, we will also be looking at how we can protect our AD domain from known attacks.
Microsoft has stated before that 99.9% of all identity-based attacks would have been averted if the companies had implemented Multi-Factor Authentication (MFA). Therefore, the first thing we need to investigate is how to implement a common MFA service across our services.
It should be noted that in...
