Security Based Idea Forum and Repository. Talk about what works, what doesn't etc.
To catch a theif!
August 14, 2009 at 8:28 pm #77965
Monitor your Domain Admins/Administrators and elevated permissions Groups for any changes to their active directory object. Any time a user is added, removed etc, the Groups modified date is updated. This ought not happen very often to these groups!. A script will follow later to help you watch and receive emails when this is updated.
2. In some of the more darker corners, I have been hearing and seeing that some of our recent hackers, like to target “disabled” accounts, why would they go through the trouble of creating new ones, when perfectly good ones are sitting there “disabled” due to policy, or something. Run a report daily on accounts that have been “enabled” (or scan the security event logs for account status changes) Again, automate this so it can run seamlessly and only email you when positive!.
3. Lets stop for a minute and think…. What would a hacker want? And WHO has what they want. Key people, Admins, CIO’s, Assistants to Officials etc, are usually the targets, Use the Active Directory to restrict login times if their schedule will allow it, or run a script to parse through the even log and provide you with login/logoff times.
4. Password enforcement, I know I know, But it has to be said, requiring and ENFORCING a good password policy will deter (might not prevent a diligent one) hackers. People think that [email protected]$$word123# is a good password or ~myDogHasFleas$ even these are simple for a professional password database or the hacker who wants to spend a few days brute forcing it. Having passwords that have no dictionary words and have extended chars. In them are a good start. A good process to get use to is to use number combinations with non-sense words. But to make it super simple, hold the shift key for the numbers on your keyboard. So a password such as and change normal chars to a select few extended chars. Like this
[email protected][email protected]!)@@^* - By using the word Applesauce replacing the A and S with @ and $ I have a complex password. What you say? What is the rest? Oh that’s simple, the first half is my birthday 10-22-68 and at the end of AppleSauce I do it again but hold down the Shfit key !)[email protected]@-^* Once you do it a few times, or use other numbers easy to remember, you can maintain easy to remember passwords that are super complex. Some place suggest using the phone keypad to remember passwords, which can help also.
You must be logged in to reply to this topic.