How to prevent Privilege Escalation Attacks?

I recently came across an article in The Hacker News stating: “Attackers think differently than you do. They don’t just target vulnerabilities - they exploit combinations of misconfigurations, permissive identities, and overlooked security gaps to reach their goal: your most sensitive assets.” This resonates deeply with the philosophy behind ARCHANGEL© 2.0 NGFW, a solution developed by PT SYDECO to protect against the inevitable breaches that happen in even the most fortified systems.

We at PT SYDECO understand that no system is impenetrable. When someone is determined enough, they will find a way in, no matter how strong the defense is. That is why we don’t focus solely on the type of attacks or specific viruses that might target a network. Instead, we focus on what happens after the system is breached—because it’s not about if someone will penetrate the system, but when.

Limiting Damage: The Power of Segmentation and Micro-Segmentation

ARCHANGEL© 2.0 NGFW is designed to do more than just stop attackers from getting in; it ensures that even if an attacker breaches a system, their ability to cause harm is severely restricted. As we explained in our previous article, "How to Prevent Lateral Movements Within a Network," (1) lateral movements within a compromised network can lead to devastating consequences. An attacker who gains access to an employee's device could move laterally, gaining access to more sensitive areas of the network. ARCHANGEL© 2.0 stops this through micro-segmentation and secure VPN technology. Each segment is isolated, preventing attackers from accessing critical systems.

What if an Employee’s Privileged Account is Compromised?

Let’s consider the scenario where a hacker successfully compromises an employee’s computer with privileged access. In a traditional system, this could be disastrous, as it might grant the attacker unrestricted movement across the network and control over critical systems. But with ARCHANGEL© 2.0, the story is quite different.

1.     Micro-Segmentation: ARCHANGEL© 2.0 ensures that even with privileged access, the hacker’s movements are restricted. The network is divided into isolated segments, and each one is monitored and controlled. This means that the hacker cannot easily move from one part of the system to another.

2.     No Direct Access to ARCHANGEL© 2.0: Even if the employee’s account has significant access rights, it does not extend to ARCHANGEL 2.0© itself. This firewall remains intact, safeguarding the core system from unauthorized control.

3.     Anomaly Detection: ARCHANGEL© 2.0’s intrusion detection and prevention system (IDS/IPS) constantly monitors the network for abnormal activity. Should any malware or suspicious behavior arise, it triggers alerts for immediate response.

4.     VPN and Access Control: Even if the hacker compromises the employee’s machine, they must pass through the VPN to reach other resources in the network. This layer of security further isolates the attacker, limiting their movements.

Preventing Unauthorized Code Execution

Even more critical is ARCHANGEL© 2.0’s ability to block the execution of unauthorized code, regardless of access privileges. So, if a hacker infiltrates the network, they won’t be able to execute harmful code or install malware.

1.     Execution Filtering: ARCHANGEL© 2.0 blocks any execution of code that doesn’t adhere to predefined security policies. This means that even if malicious code is introduced into the system, it won’t run unless explicitly authorized.

2.     Privilege Control: Having privileged access doesn’t mean that execution controls are bypassed. ARCHANGEL© 2.0 scrutinizes every attempt to run code, ensuring only verified and authorized processes are executed.

3.     APT and Malware Protection: Advanced Persistent Threats (APTs) and other sophisticated malware are often designed to hide within a system. ARCHANGEL© 2.0 neutralizes these threats by preventing the installation of rootkits or any malicious software at the kernel or process level.

Conclusion: The Power of Preventing Unauthorized Execution

No matter how skilled or well-resourced an attacker is, if they cannot execute any harmful code, their hands are tied. They may have access to the system, but they will be powerless to harm it. This is the key principle behind ARCHANGEL© 2.0: it doesn’t just keep attackers out—it neutralizes them if they get in. Whether you are defending against lateral movements or the more insidious threat of privilege escalation, ARCHANGEL© 2.0 offers unmatched protection. With this level of defense, your most sensitive data remains secure, even in the face of modern, sophisticated attacks.

 

Patrick HOUYOUX LL.M

Yogyakarta 11 September 2024

(1) https://www.blogger.com/blog/post/edit/5648903104029498550/2933221092468520415

 

#archangel #pt Sydeco #IDS #IPS #VPN #APT #malware #firewall #priviledge #escalation #micro-segmentation #the hacker #rootkit