| fullrecord |
[{"key": "dc.contributor.advisor", "value": "H\u00e4m\u00e4l\u00e4inen, Timo", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Numminen, Aleksanteri", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2023-05-29T07:23:55Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2023-05-29T07:23:55Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2023", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/87270", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Tutkielmassa selvitettiin t\u00e4rkeimpi\u00e4 Windowsin suojausmenetelmi\u00e4 kaikkein yleisimpi\u00e4 kyberuhkia vastaan. Tavoitteena oli tunnistaa t\u00e4m\u00e4n hetken t\u00e4rkeimm\u00e4t ja yleisimm\u00e4t kyberuhat ja l\u00f6yt\u00e4\u00e4 sopivat Windowsin tietoturvakontrollit vastaamaan n\u00e4ihin uhkiin. Tutkimuskysymyksiksi asetettiin \u201dMit\u00e4 ovat t\u00e4m\u00e4n hetken yleisimm\u00e4t kyberuhkien k\u00e4ytt\u00e4m\u00e4t taktiikat?\u201d ja \u201dMit\u00e4 ovat t\u00e4rkeimm\u00e4t tietoturvakontrollit Windowsissa yleisimpi\u00e4 uhkia vastaan suojautuessa?\u201d.\nTutkimus toteutettiin konstruktiivisena tutkimuksena. Tutkimuksen ongelma on se, ett\u00e4 organisaatiot eiv\u00e4t tied\u00e4, mihin Windowsin suojausmekanismeihin tulisi keskitt\u00e4\u00e4 resurssit. Lopputuloksena konstruktiivisella tutkimuksella on kehitt\u00e4\u00e4 lista suojausmekanismeista, joihin resurssit tulisi keskitt\u00e4\u00e4 suojautuakseen yleisimmilt\u00e4 kyberuhilta. Viitekehyksen\u00e4 tutkielmassa k\u00e4ytettiin laajalti k\u00e4ytetty\u00e4 ja tunnettua MITRE ATT&CK Enterprise matriisia, joka sis\u00e4lt\u00e4\u00e4 kattavan listan kyberuhkatoimijoiden k\u00e4ytt\u00e4mist\u00e4 tekniikoista ja tekniikoiden yl\u00e4kategorioista eli taktiikoista. MITRE ATT&CK viitekehys k\u00e4ytiin l\u00e4pi syv\u00e4llisemmin omassa teorialuvussaan.\nT\u00e4m\u00e4n hetken yleisempien uhkien analyysiss\u00e4 valittiin kolme tunnettua viime aikoina laadittua raporttia t\u00e4m\u00e4n hetken kyberuhkakuvista. Raporteista pystyttiin tunnistamaan yleisimmin k\u00e4ytetyt MITRE ATT&CK taktiikat, joista yhteens\u00e4 kuuteen kaikki raportit viittasivat: Initial Access, Execution, Credential Access, Lateral Movement, Command and Control ja Impact. N\u00e4m\u00e4 kuusi valittiin jatkoanalyysiin. My\u00f6s Windowsin tekninen tietoturva k\u00e4ytiin l\u00e4pi omana lukunaan, jonka perusteella pystyttiin valita sopivia tietoturvakontrolleja.\nKuutta yleisimmin k\u00e4ytetty\u00e4 taktiikkaa k\u00e4ytiin l\u00e4pi tekniikoidensa puolesta sis\u00e4lt\u00f6luvussa. Jokaiselle tekniikalle pyrittiin l\u00f6yt\u00e4m\u00e4\u00e4n sopiva tietoturvakontrolli Windowsissa. Tutkimuksen lopputuloksena t\u00e4rkeimm\u00e4t tietoturvaominaisuudet, jotka kattavat mahdollisimman monta tekniikkaa valituista taktiikoista, ovat Windowsin palomuuri, Windows Defender virustorjunta, sovellusten suorituksen rajoittaminen AppLocker tai Windows Defender Application Control -ominaisuuksilla, k\u00e4ytt\u00f6oikeuksien rajaaminen ja Attack Surface Reduction -s\u00e4\u00e4nn\u00f6st\u00f6.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This thesis identified the most essential hardening measures in Windows to combat the current most prevalent threats. The goal was set to identify the tactics used by the current most prevalent threats and to identify the suitable security controls in Windows to answer these threats. The research questions were set to \u201cWhat are the tactics used by the current most prevalent threats?\u201d and \u201cWhat are the most important security controls that should be hardened in Windows to be protected against the most prevalent threats?\u201d\nThe research method in this thesis is constructive, where the identified problem is that organizations do not know on which Windows security features to focus their resources. The outcome of the research is to figure out a list of the most important security mechanisms in Windows that an organization should focus on to be protected against the most prevalent threats. A widely known and used framework MITRE ATT&CK Enterprise matrix was used for the research. The framework contains the techniques used by known threat actors and tactics, which are the categories for the techniques. MITRE ATT&CK was examined closer in its own chapter.\nThree current threat landscape reports were chosen for the analysis of tactics used by the current most prevalent threats. The MITRE ATT&CK tactics were identified from those reports. Six of the tactics, Initial Access, Execution, Credential Access, Lateral Movement, Command and Control, and Impact, were selected for further analysis as they were referenced by all the reports. Windows technical hardening was also examined in its own chapter to form an understanding of the available Windows security features.\nThe six most used tactics most used by threat actors were examined closer in the actual content chapter, where each technique within those tactics were examined. The attempt was to find suitable security features in Windows to mitigate each of the techniques. As an outcome, five security features were identified that covered the largest number of MITRE ATT&CK techniques. They were Windows Firewall, Windows Defender antivirus, application allowlisting using AppLocker or Windows Defender Application Control, access control and user rights, and Attack Surface Reduction rules.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2023-05-29T07:23:55Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2023-05-29T07:23:55Z (GMT). No. of bitstreams: 0\n Previous issue date: 2023", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "61", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": null, "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "most prevalent cyber threats", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "hardening", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "security features", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Windows technical hardening against the most prevalent threats", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202305293330", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkohy\u00f6kk\u00e4ykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Windows", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber attacks", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Windows", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "data security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|