Security News > 2022 > June > Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ
Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows servers and networks.
Instead, the agencies recommend securing PowerShell prudently.
"PowerShell is essential to secure the Windows operating system," the agencies argue.
"Removing or improperly restricting PowerShell would prevent administrators and defenders from utilizing PowerShell to assist with system maintenance, forensics, automation, and security."
The document's first recommendation is ensuring use of PowerShell 7.2, because it improves on the previous version 5.x that shipped with some editions of Windows 10.
Enabling Deep Script Block Logging, Module Logging, and Over-the-Shoulder - three useful logging tools that can help to detect abuses of PowerShell.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/23/keep_poewrshell_security_advice/
Related news
- T-Mobile US fined $31.5M for network security breaches between 2021 and 2023 (source)
- One-Third of UK Teachers Lack Cybersecurity Training, While 34% Experience Security Incidents (source)
- UK's Sellafield nuke waste processing plant fined £333K for infosec blunders (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- US and UK govts warn: Russia scanning for your unpatched vulnerabilities (source)
- China’s infosec leads accuse Intel of NSA backdoor, cite chip security flaws (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator (source)