Security News > 2022 > June > Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ
Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows servers and networks.
Instead, the agencies recommend securing PowerShell prudently.
"PowerShell is essential to secure the Windows operating system," the agencies argue.
"Removing or improperly restricting PowerShell would prevent administrators and defenders from utilizing PowerShell to assist with system maintenance, forensics, automation, and security."
The document's first recommendation is ensuring use of PowerShell 7.2, because it improves on the previous version 5.x that shipped with some editions of Windows 10.
Enabling Deep Script Block Logging, Module Logging, and Over-the-Shoulder - three useful logging tools that can help to detect abuses of PowerShell.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/23/keep_poewrshell_security_advice/
Related news
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator (source)
- US senators propose law to require bare minimum security standards (source)
- Shape the future of UK cyber security (source)
- UK Cyber Risks Are ‘Widely Underestimated,’ Warns Country’s Security Chief (source)
- US reportedly mulls TP-Link router ban over national security risk (source)