With the understanding of how black-hat hackers escalate the privilege of a user, system adminstrators are better prepared to protect their own systems. In this video, Lisa Bock shows a few ways to defend against privilege escalation, to lock down a windows computer. Keep malicious parties out, without interupting service to intended users.
- [Voiceover] Once a hacker has escalated privileges…to the administrator level,…a great deal of damage can be done.…Therefore, the goal is to be vigilant…and defend against privilege escalation.…We have some best practices,…let's talk about a few of those.…Restrict interactive log in privileges,…now instead of just using just a password,…we might want to require multi-factor authentication,…meaning a password and possibly a smart card.…You also might require that they log in…only at certain machines, and not remotely.…
While running any routine services,…administrative privilege is not required.…So run any routine service with an unprivileged…or non-administrative account.…That way, if a malicious program were to take over,…the damage could be minimalized if running…the service as an average user.…Always adhere to the principle of least privilege,…and give users and applications the least…privilege necessary to complete their job requirements.…
Protect sensitive data…and password files by using encryption.…This is another layer to penetrate…
These tutorials, along with the other courses featured in the Ethical Hacking series, will prepare students to pass the Certified Ethical Hacker exam and start a career in this in-demand field. Find out more about the exam at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Acquiring passwords
- Generating rainbow tables
- Understanding where passwords are stored
- Defending against privilege escalation
- Understanding spyware
- Protecting against keylogging
- Detecting steganography
- How hackers cover their tracks