跳转至

Protecting against phishing(防范网络钓鱼攻击)

Phishing is the most common attack vector used by adversaries when attempting to compromise technical infrastructure. If an attacker successfully used a phishing attack to take over or steal credentials from a Foundry customer’s SSO account, they’d likely try using those credentials to access the Foundry platform. Palantir has engineered several controls to assist in mitigating potential security impact from phishing attacks. However, in the spirit of maintaining a shared security model, Palantir also advises that customers observe several best practices in an effort to harden their own attack surface against phishing.

Multi-factor authentication (MFA)

Foundry customers are responsible for managing access and identity for users via single sign-on (SSO). One of the most impactful controls in securing the authentication workflow is enforcement of multi-factor authentication (MFA). Ensuring that all users are enrolled in MFA means that an attacker would need to defeat multiple security controls to inappropriately access the Foundry platform.

Ingress Controls

Palantir natively supports ingress controls, as described in the Configure network ingress documentation. Palantir recommends strict IP allowlisting as a defense-in-depth control intended to deny adversaries the network access required to take offensive action.

Additionally, any ingress controls on the Foundry side can be mirrored in one’s SSO controls for redundancy.

Conditional Access

If using Microsoft Azure AD (or an IdP with similar features), consider leveraging conditional access policies ↗ to further enforce access to Foundry. Even in cases where IP ingress restrictions are untenable, there may still be security value in restricting access based on other factors, such as enrollment in device management.

Single Sign-On (SSO)

If implementing a single sign-on (SSO) solution with appropriate security controls is infeasible for any customer, contact your Palantir representative; we may be able to provide one for you.

Operational Security

Humans are generally the key point-of-failure in successful phishing attacks, and proper OpSec training is key to ensuring that users don’t fall victim. Some key points to cover with personnel include:

  • Password hygiene and management.
  • Recognizing legitimate web domains (such as palantirfoundry.com) vs. fraudulent sites operated by adversaries.
  • Recognizing legitimate emails from the Foundry platform vs. emails from fraudulent senders.

Ask a Trusted Source

If you’re in need of engineering assistance, or general security guidance, contact your Palantir representative; we’re happy to assist with controls to mitigate against attacker activity.


中文翻译

防范网络钓鱼攻击

网络钓鱼是攻击者试图破坏技术基础设施时最常用的攻击手段。如果攻击者成功通过网络钓鱼攻击获取或窃取了Foundry客户SSO账户的凭证,他们很可能会尝试使用这些凭证访问Foundry平台。Palantir设计了多项控制措施,以帮助减轻网络钓鱼攻击可能带来的安全影响。然而,秉承维护共享安全模型的精神,Palantir也建议客户遵循若干最佳实践,以强化自身防御网络钓鱼的攻击面。

多因素认证(MFA)

Foundry客户负责通过单点登录(SSO)管理用户的访问和身份。在保障认证工作流安全方面,最有效的控制措施之一就是强制执行多因素认证(MFA)。确保所有用户都已注册MFA,意味着攻击者需要突破多重安全控制才能不当访问Foundry平台。

入站控制

Palantir原生支持入站控制,详见配置网络入站文档。Palantir建议采用严格的IP白名单作为纵深防御控制措施,旨在阻止攻击者获得实施攻击所需的网络访问权限。

此外,Foundry端的任何入站控制都可以在SSO控制中进行镜像配置,以实现冗余。

条件访问

如果使用Microsoft Azure AD(或具有类似功能的身份提供商),建议考虑利用条件访问策略 ↗进一步加强对Foundry的访问控制。即使在IP入站限制不可行的情况下,基于其他因素(如设备管理注册状态)限制访问仍可能具有安全价值。

单点登录(SSO)

如果客户因任何原因无法实施具备适当安全控制的单点登录(SSO)解决方案,请联系您的Palantir代表;我们或许能够为您提供相关方案。

操作安全

在成功的网络钓鱼攻击中,人为因素通常是关键失败点,而适当的操作安全(OpSec)培训对于确保用户不上当受骗至关重要。需要向人员传达的要点包括:

  • 密码卫生与管理。
  • 识别合法网页域名(如palantirfoundry.com)与攻击者运营的欺诈网站。
  • 识别来自Foundry平台的合法邮件与来自欺诈发件人的邮件。

咨询可信来源

如果您需要工程协助或一般性安全指导,请联系您的Palantir代表;我们很乐意协助您采取控制措施,以减轻攻击者活动带来的风险。