52 min
7MS #472: Interview with Christopher Fielder 7 Minute Security
-
- Technology
Today our good pal Christopher Fielder from Arctic Wolf is back for an interview three-peat! He joins Joe "The Machine" Skeen (a.k.a. Gh0sthax) and I to talk about all things ransomware, including:
How the Colonial Pipeline incident may have started from a weak VPN cred with no MFA. Silver lining (?) - they got some of the $ back.
Was the federal government's response good enough? What should the government be doing to better handle and manage ransomware?
Common ways ransomware gets in our environments, and some ways to NOT get ransomware'd: Use 2FA (make sure that all accounts are using it!) Consider having (if possible) your AD user scheme be something like chi-user4920394 instead of Joe.President Have users that haven't logged in for X days get automatically locked out Train your users - consider Arctic Wolf's managed security awareness offering Detect early signs of compromise like Kerberoasting Lock down your DNS egress to only specific servers so that it doesn't run "wide open" Leverage good threat intel
Today our good pal Christopher Fielder from Arctic Wolf is back for an interview three-peat! He joins Joe "The Machine" Skeen (a.k.a. Gh0sthax) and I to talk about all things ransomware, including:
How the Colonial Pipeline incident may have started from a weak VPN cred with no MFA. Silver lining (?) - they got some of the $ back.
Was the federal government's response good enough? What should the government be doing to better handle and manage ransomware?
Common ways ransomware gets in our environments, and some ways to NOT get ransomware'd: Use 2FA (make sure that all accounts are using it!) Consider having (if possible) your AD user scheme be something like chi-user4920394 instead of Joe.President Have users that haven't logged in for X days get automatically locked out Train your users - consider Arctic Wolf's managed security awareness offering Detect early signs of compromise like Kerberoasting Lock down your DNS egress to only specific servers so that it doesn't run "wide open" Leverage good threat intel
52 min