The Value of Security Controls and Locking Down Risky Apps

Listen to this Post

In this article, Nathan McNulty emphasizes the importance of implementing security controls to block commonly abused applications. He highlights that while these controls may not deter skilled attackers, they are effective against less sophisticated threats. Nathan recommends using Access Packages to govern access to risky apps and provides automation scripts for setup:
– Automation Script for Access Packages: https://lnkd.in/gCEU_XMV

Nilotpal Sarkar further discusses the Zero Trust Principles and the Least Privileged Access Model, advocating for restricting access to PowerShell modules and Graph Explorer to mitigate insider threats and reconnaissance activities.

Practice-Verified Commands and Codes

Here are some practical commands and scripts to implement the discussed security measures:

1. Restricting PowerShell Modules:

Use the following PowerShell command to restrict access to specific modules:

Set-ExecutionPolicy -ExecutionPolicy Restricted -Scope LocalMachine 

2. Locking Down Graph Explorer Access:

Use Azure CLI to restrict access to Graph Explorer:

az ad sp update --id <app-id> --add properties.requiredResourceAccess <resource-access-id> 

3. Automating Access Packages with PowerShell:

Use Nathan’s provided script to automate Access Packages for risky apps:


<h1>Download and run the script</h1>

Invoke-WebRequest -Uri "https://lnkd.in/gCEU_XMV" -OutFile "AccessPackageAutomation.ps1" 
.\AccessPackageAutomation.ps1 

What Undercode Say

The article underscores the critical role of security controls in mitigating threats, particularly against less sophisticated attackers. By locking down access to commonly abused applications and PowerShell modules, organizations can significantly reduce their attack surface. Nathan’s automation script for Access Packages simplifies the implementation of these controls, making it accessible for organizations of all sizes.

Nilotpal’s emphasis on Zero Trust Principles and the Least Privileged Access Model highlights the need for a proactive approach to security. Restricting access to tools like PowerShell and Graph Explorer is essential to prevent reconnaissance and insider threats.

To further enhance your security posture, consider implementing the following Linux and Windows commands: