Best Practices for Storage Reclamation – Part 2 of 3

Best Practices for Storage Reclamation – Part 2 of 3

In part 1 of this series, we explained that there are 5 key capabilities needed for a successful file cleanup project, and discussed Capability 1 – File Discovery, and 2 – Sensitive data discovery.  In this second blog we pick up the discussion with Capability 3 – Activity and File Usage. Capability 3 – Activity and File Usage Understanding who is actively using files on file servers can offer tremendous insight into how to approach a cleanup effort.  By monitoring…

Read More Read More

Microsoft LDAP Channel Binding and Signing Patch

Microsoft LDAP Channel Binding and Signing Patch

Discovery Solution for Microsoft’s March 2020 Update Lightweight Directory Access Protocol (LDAP) – How did we get here? 20 years ago, I embarked on the fantastical journey that was migrating from NT4 to Active Directory. This is also when I began learning the power of LDAP. While it was technically available, very few companies implemented secure LDAP in the early days. Most enterprise applications or internal applications took advantage of the directory (and in a wide variety of ways), but…

Read More Read More

Best Practices for Storage Reclamation – Part 1 of 3

Best Practices for Storage Reclamation – Part 1 of 3

Data Access Governance (DAG) has many different types of use cases, with most falling into three main categories: data security, regulatory compliance, and operational efficiency.  There has been a lot written about security due to the increasing frequency of ransomware attacks, and a lot is being written about compliance, most recently around privacy – but we haven’t talked much about the operational efficiency use case. A good DAG program allows organizations to manage more data with fewer people and to…

Read More Read More

What is SMBv1 and Why You Should Disable it

What is SMBv1 and Why You Should Disable it

Eternally Affected What is SMB? Server Message Block (SMB) is a protocol used primarily for sharing files, printer services, and communication between computers on a network. The history of SMB is long, so I’ll try to keep this short and to the point. SMBv1 Back in the 1980s and 1990s IBM and Microsoft were working on implementations of SMB to improve and build upon the protocol. Microsoft actually pushed to rename SMB to Common Internet File System (CIFS) and added…

Read More Read More

Cleaning Up Unused Service Accounts – Part 2: Detecting Common Locations Where Service Accounts Are Used

Cleaning Up Unused Service Accounts – Part 2: Detecting Common Locations Where Service Accounts Are Used

In this post, I will continue the series for how to do a service account clean up in Active Directory by going into details of common locations in a Windows OS that can be used to configure service accounts as well as then showing how to collect these using PowerShell to enable an easy collection of data for later collation as well as being able to help your company documentation for service accounts. Windows Services One of the most common…

Read More Read More

Improve the Efficiency and Automation of AD Object Rollback and Recovery in StealthRECOVER 1.5

Improve the Efficiency and Automation of AD Object Rollback and Recovery in StealthRECOVER 1.5

Why is Active Directory (AD) so Important to Protect? The health and operational integrity of AD has a direct impact on the overall security of your organization. The capability to rollback and recover from unwanted changes is a critical requirement for you to maintain the security and performance of your network. In fact – it’s never been more important. 90% of organizations use AD as their central hub of authentication and authorization. It literally holds the keys to the kingdom…

Read More Read More

Constrained Delegation Abuse: Abusing Constrained Delegation to Achieve Elevated Access

Constrained Delegation Abuse: Abusing Constrained Delegation to Achieve Elevated Access

Kerberos Delegation Recap Previously, I gave an overview of all of the various types of Kerberos delegation, how they’re configured, and how they can potentially be abused. Prior to that, I wrote about abusing resource-based constrained delegation and Jeff Warren has written about abusing unconstrained delegation. To round out the Kerberos delegation topic, I wanted to write a quick blog on how constrained delegation can be abused to get elevated access to a specific configured service. If you’re not familiar…

Read More Read More

Improve AD Security – Block Unauthorized Activities & Strengthen Passwords with StealthINTERCEPT 7.0

Improve AD Security – Block Unauthorized Activities & Strengthen Passwords with StealthINTERCEPT 7.0

Nearly everyone uses Microsoft’s Active Directory (AD), over 90% in fact[1], to manage user accounts and provide authentication and access to the majority of organizational resources. Microsoft tells us that 95 million AD accounts are under attack every day[2]. The latest Verizon Data Breach Investigations Report informs that 56% of breaches in 2018 took a month or longer to discover[3]. Being under constant attack, and taking months to discover it, is a recipe for disaster. Many organizations do some kind…

Read More Read More

ProTip – The Power of Character Substitution Checks in StealthINTERCEPT Enterprise Password Enforcer

ProTip – The Power of Character Substitution Checks in StealthINTERCEPT Enterprise Password Enforcer

I have had the benefit of visiting a number of customers to understand how they use our products. Specifically, how they use the breach password dictionary in StealthINTERCEPT Enterprise Password Enforcer. Many actively manage their breach password database to prevent breached passwords from use.  In reviewing these password databases, I noticed many contained entries with multiple variations of a single word.  Essentially, they were manually adding character substitution or “leetspeak.” For example, the word ‘password’ would have the following entries:…

Read More Read More

An Oracle DBA’s Guide to Microsoft SQL Server Security

An Oracle DBA’s Guide to Microsoft SQL Server Security

In today’s world, it is quite common for companies to use more than one type of relational database platform to host enterprise applications.  If you are an old-time Oracle DBA like me and are asked to administer Microsoft SQL Servers in addition to Oracle databases, the task can be pretty daunting from a SQL Server security perspective.  In this blog, I will try to explain the differences and similarities between the Oracle and SQL Server security models.  The difference in…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.