Step one to breaking into any system and causing havoc is reconnaissance. An attacker will gather as much information about your environment as possible. They’ll look for security software, and make extensive lists of anything that your systems will tell them about themselves.
Then they’ll start to look at your users. Social engineering is one of the most common ways to get into a secure network. Why break in when you can get someone to let you in? This is why training and vigilance are so necessary.
Not too far into a targeted attack, they start to access your Active Directory system. Why? Because Active Directory knows where everything is. It’s precisely what it’s designed to do.
- Network Shares
- Domain Controllers
- Routing Tables
Once they get this information, looking for places that are good to attack becomes easy. As they gain access to more systems, this process snowballs.
You are owned.
Those are words that you do not want to hear.
Now stealing information and documents becomes easy.
What are you doing to protect your active directory? Are you monitoring your Active Directory and actively securing it?
We can help.
As longtime security leaders and innovators, we can say categorically that while you can learn concepts in school, that’s never enough to actually perform real-world security tasks.
We’re into our second year of the intern program at Assurance Data “University”. Every Friday our Chief Strategy Officer Chuck Sirois leads an intensive training program online to a select group of up and coming security experts.
This month we’re covering topics like:
- Attack Vectors
- Keeping up with the daily changes in security threats
- How to mitigate security problems.
Interested in becoming the next security leader? Email us at firstname.lastname@example.org.
A few weeks ago I was sitting on a commercial airline flight minding my own business. When we landed, there was the usual mad rush to turn on cell phones and check whatever people check on their phones. Seated directly in front of me was a woman who held her phone up about eye level and typed her VPN password (to a major bank) in plain view for at least 3 rows behind her.
Let’s talk about being secure in public, shall we?
You can talk to your IT department on what to use or use a VPN service like VyprVPN to help keep your network connection secure while out of the office. The VPN on her phone was a great idea, but she missed the mark on the rest of her security posture.
We often overlook physical security when out and about. All of the network security in the world won’t matter if someone can look over your shoulder and watch your screen.
There are terrific screen covers that limit the viewing angle of your screen for your laptop. The best ones are even easily removable and tucked into your bag for the times when it’s not needed.
These are available for your phone as well, but on your phone, it could be as simple as paying attention to who might be able to see what you’re typing. Especially when you need to authenticate something important.
Remember, security is both process and posture. Don’t build up a huge wall and moat around your castle and then leave the side door unlocked.