HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 39 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Countermeasures to Client Side Attacks
EH-Net
May 26, 2013, 03:42:20 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Countermeasures to Client Side Attacks  (Read 6577 times)
0 Members and 1 Guest are viewing this topic.
xXxKrisxXx
Hero Member
*****
Offline Offline

Posts: 512



View Profile
« on: May 04, 2008, 12:05:50 AM »
Hello,

I was doing a research paper on client-side attacks and needed to include a few more counter measures. I know there's alot of security people that use this forum. Anyone willing to throw out some useful countermeasures my way. Thanks in advance!
Logged
eCPPT, GCIH, OSCP, OSWP
LSOChris
Guest
« Reply #1 on: May 04, 2008, 09:46:30 AM »
care to put what you have already?

but i'll give you one for free. noscript in firefox.
Logged
xXxKrisxXx
Hero Member
*****
Offline Offline

Posts: 512



View Profile
« Reply #2 on: May 04, 2008, 11:28:56 AM »
Yeah, I had a few.
- Keep AntiVirus/Firewall/IDS Software up-to-date
- Keep your OS up-to-date
- Keep your software versions up-to-date
- Refrain from opening mail from untrusted/unknown sources
Logged
eCPPT, GCIH, OSCP, OSWP
LSOChris
Guest
« Reply #3 on: May 04, 2008, 01:43:44 PM »
you'll also want to mention a locked down group policy forcing least privilege across the domain.

in there you can do things like setting browser zone and office macro settings to the appropriate level for the organization and ideally not let the user lower those settings.
Logged
xXxKrisxXx
Hero Member
*****
Offline Offline

Posts: 512



View Profile
« Reply #4 on: May 05, 2008, 12:50:03 AM »
Ight, thanks for the reply Chris, good to get info from a respected member of this forum.
Logged
eCPPT, GCIH, OSCP, OSWP
shawal
Jr. Member
**
Offline Offline

Posts: 88


View Profile
« Reply #5 on: May 05, 2008, 08:32:58 AM »
awarness, one of the most important vectors of the client side attacks is social engineering, training users, and admins and briefing them on these kind of attacks is one counter measure also Smiley
Logged
RHCE, GIAC GCIH.
LSOChris
Guest
« Reply #6 on: May 05, 2008, 08:14:59 PM »
Quote from: KrisTeason on May 05, 2008, 12:50:03 AM
Ight, thanks for the reply Chris, good to get info from a respected member of this forum.

oh well hopefully one of those guys will reply soon.
Logged
rok
Newbie
*
Offline Offline

Posts: 39


View Profile
« Reply #7 on: May 06, 2008, 01:10:31 AM »
oh well hopefully one of those guys will reply soon.


lol... Grin
Logged
Bogwitch
Jr. Member
**
Offline Offline

Posts: 51

Senno Ekto Gamat


View Profile
« Reply #8 on: May 06, 2008, 04:23:29 PM »
It is worth remembering in order to minimise the impact of a client side attack, it is advised to run with least privilege. I have lost count of the number of times I have seen admins surfing the Internet, reading email etc. with full domain admin access...
Logged
CISSP, C|EH, C|HFI
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.064 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.