Step one to breaking into any system and causing havoc is reconnaissance. An attacker will gather as much information about your environment as possible. They’ll look for security software, and make extensive lists of anything that your systems will tell them about themselves.
Then they’ll start to look at your users. Social engineering is one of the most common ways to get into a secure network. Why break in when you can get someone to let you in? This is why training and vigilance are so necessary.
Not too far into a targeted attack, they start to access your Active Directory system. Why? Because Active Directory knows where everything is. It’s precisely what it’s designed to do.
- Network Shares
- Domain Controllers
- Routing Tables
Once they get this information, looking for places that are good to attack becomes easy. As they gain access to more systems, this process snowballs.
You are owned.
Those are words that you do not want to hear.
Now stealing information and documents becomes easy.
What are you doing to protect your active directory? Are you monitoring your Active Directory and actively securing it?
We can help.
As longtime security leaders and innovators, we can say categorically that while you can learn concepts in school, that’s never enough to actually perform real-world security tasks.
We’re into our second year of the intern program at Assurance Data “University”. Every Friday our Chief Strategy Officer Chuck Sirois leads an intensive training program online to a select group of up and coming security experts.
This month we’re covering topics like:
- Attack Vectors
- Keeping up with the daily changes in security threats
- How to mitigate security problems.
Interested in becoming the next security leader? Email us at email@example.com.
Security depends very much on your actions as an end user. The more secure you are personally, the more secure you organization can be.
Let’s start with a simple things you can do right now to make yourself more secure.This week we’ll focus on passwords and authentication.
Use a password manager AND a different password for EVERY account
Data breaches happen. But it’s easy to mitigate the damage if you use completely different passwords for EVERY login. Managing this is easy with apps like Lastpass and 1Password (there are many others). You remember one login, and the app helps you generate secure passwords you don’t even have to know for every service.
Surely you can see how “!D4sL@nN1pJRbG” is a better password than your kids birthday right?
Turn on 2 factor everywhere it’s available
Most major services, from Facebook to Flickr offer a free way to get a text or use an authentication app like Lastpass authenticator to give you a second layer of password protection. This isn’t perfect, especially if you use text messages for this, but it’s better than your password alone. Check with your help section in the app on how to enable this and do it for EVERYTHING.
These two simple things can help make you dramatically more secure in your day to day internet interactions. Need a solution for enterprise password management or authentication? Let us know.
AssuranceData was pleased to be named Government partner of the year for 2017 by Forcepoint. We expect 2018 to build on the many successes of 2017 and are honored to be the top VAR.
There are a new set of Meltdown and Spectre variants. CPU fixes will need to be implemented, but according to Tom’s Hardware for the moment they seem to be blockable with OS software patches.