AD Account Lockout Investigation and Root Cause Analysis
|
|
- Amberlynn Sanders
- 8 years ago
- Views:
Transcription
1 AD Account Lockout Investigation and Root Cause Analysis Allen Chin Principal Consultant 1
2 Contents 1 Background Issue 2 What was done 3 What were discovered 4 Recommendations 5 Challenges faced & Lesson Learned 2
3 Background Issue 3
4 Background Issue Downadup/Conficker worm was first discovered during end of year Like many other organizations, <abc> customer was also faced with this worm outbreak then. One of the side effect when this worm entered the network was to cause huge number of user accounts locked out, rendered these user unable to logon to the network and unable to work. Huge number of lockout incidents still occurred today. Customer decided to create a script in all their AD servers that runs periodically to unlock all locked out user accounts despite the locked out was legitimate or were due to illegitimate logon attempt by this worm. The script has been activated since. The consequence of the existence of this unlocking script is a violation to security practices but more critical would be on the violation to customer internal audit policies and audit findings. Ultimately, customer would like to terminate the usage of the script and be able to be in compliance with audit policies and recommendation. Competitor has been approaching the customer throwing FUD that this event was due to Downadup/Conficker infection and SEP is not able to detect it. Customer was getting convinced as there s no evident to proof Symantec s innocent. Customer indicated that potentially they will displace SEP! Therefore timeline of a month was set for Symantec to perform the necessary investigation to identify the root cause for the lockout event and subsequently lead to script termination. 4
5 What was done 5
6 What was done A Special Task Force was formed with collaboration from Symantec, Partner and various customer operation teams (Desktop, Server, Network and Security) to assist on the investigate. Data sources collected and analyzed are based on the following, Locked out reports correlated from existing SIEM solution (Arcsight) to identify source machines causing locked out from various AD servers, Raw AD logs (~38GB logs) from 10 AD servers (out of 50+ AD) Copy of AD account lockout policy, Enduser comments and experience, Logs and loadpoint from various Endpoints that caused ID locked out events, SEPM logs and reports, Logs and reports from 3 rd party scanning tool/av, Reports from existing network IPS. 6
7 Lockout Trending Statistics Top Accounts :00:00 0 AM 4:00:00 AM 7:00:00 AM 9:00:00 AM 11:00:00 AM 1:00:00 PM 3:00:00 PM 5:00:00 PM Sample report 1 : Day with high lock out events 7
8 Lockout Trending Statistics Top Accounts :00:00 0 AM 2:00:00 AM 4:00:00 AM 6:00:00 AM 8:00:00 AM 10:00:00 AM 12:00:00 PM 2:00:00 PM 4:00:00 PM 6:00:00 PM 8:00:00 PM 10:00:00 PM Sample report 2 : Day with high lock out events 8
9 What were discovered 9
10 Logon Attempts from Web Proxy What were discovered Web Proxy High account logon attempts triggered from Web proxy 7000 Detected numerous failure audit for account logon attempts These did not correlate with account lockout events Investigated AD account lockout policy with Windows team FAILURE SUCCESS User IDs 10
11 Likely Cause of High Logon Attempts from Web Proxy Crypt32 function trying to auto update retrieval of third-party root list sequence number Event generated if Update Root Certificates component is installed and computer cannot connect to Windows Update server on Internet Symc Internal Only 11
12 What were discovered Account Lockout Policy Customer Account Policies/Account Lockout Policy Description Value Account lockout duration Account lockout threshold Reset account lockout counter after 0 minutes (forever / manual unlock) 5 invalid logon attempts 99,999 minutes (69 days) Policy set were too strict, even more aggressive than Best Practice at High Security Level! Best Practice Benchmark Settings (CIS) Center for Internet Security (CIS) Account lockout duration Account lockout threshold Reset account lockout counter after Value 15 minutes or more 15 invalid logon attempts 15 minutes or more 12
13 What were discovered Account Lockout Policy Customer Account Policies/Account Lockout Policy Description Value Account lockout duration Account lockout threshold Reset account lockout counter after 0 minutes (forever / manual unlock) 5 invalid logon attempts 99,999 minutes (69 days) Policy set were too strict, even more aggressive than Best Practice at High Security Level! Best Practice Benchmark Settings (Microsoft) Microsoft Account Lockout Best Practices Low Med High Account lockout duration N/A 30min 0min Account lockout threshold N/A 10min 10min Reset account lockout counter after N/A 30min 30min 13
14 What were discovered Kerberos Traffic Being Blocked Windows Firewall blocked Kerberos Traffic 14
15 What were discovered Kerberos Traffic Being Blocked Event ID 40960, in Windows XP Client Logs 15
16 Possible Reason #1 Symc Internal Only 16
17 Possible Reasons #2 Symc Internal Only 17
18 Possible Reasons #2 Symc Internal Only 18
19 Possible Reasons #3 Symc Internal Only 19
20 Possible Reasons #3 Symc Internal Only 20
21 What were discovered Kerberos Traffic Being Blocked Sample Windows XP Client logs 21
22 What were discovered Cached Credentials Stale Service Account Password on client machines 22
23 What were discovered Cached Credentials Stale Credential Manager Entries on Client Machines 23
24 What were discovered - Others Other observed potential root causes of Account Lockout, Mapped network shared drives/folders with wrongly cached or non-updated credentials on endpoints, Scheduled tasks with logon scripts configured with wrongly cached or nonupdated credentials on endpoints, Scheduled scripts running on some servers that used wrongly configured/cached or non-updated credentials, Old or non-updated logon credentials cached by Applications NTLM authentication error in (McAfee) Web Gateway Failure of Active Directory replication between domain controllers No identification of Downadup worm based on the analysis of the collected loadpoint logs from the identified source machines causing lockout. No identification of Downadup worm using 3 rd party scanning tool/av on source machines identified. No identification of Downadup worm from SEPM and Network IPS reports 24
25 Recommendations Remedy for Web Proxy logon issue, To allow unauthenticated access to Windows Update server, Turn off Update Root Certificates component, Update AD Account Lockout Policy, inline with Best Practices, Plan for purging of stale credentials inclusive of following areas, Service Account Password in Service Control Manager (SCM) Logon credentials cached by Stored User Names and Passwords in Control Panel (Credentials Manager) Persistent drive mappings / network share, Scheduled tasks and/or scripts, Applications, Health check on Microsoft Active Directory inclusive of, Architecture and configuration review (GC, DC, RODC, DNS) Investigation on errors encountered in Server and Client logs 25
26 Recommendations Ensure Kerberos & AD traffic/port are not being blocked between Server- Server & Client-Server communication, Adopt Microsoft recommendation for addressing Crypt32 events, more info on URL Ensure McAfee Web Gateway is updated to latest level to resolve NTLM related issues observed, Expand coverage and improve performance of current SIEM tool, All AD servers Internal and external FW + IPS SEP Managers Web Gateway Gather baseline statistics of typical daily locked out incidents as a moving forward strategy to ascertain legitimate locked out vs abnormal locked out count, such as caused by presence of Downadup worm in the network, To have client OS image standardization to eliminate deviations from unknown configuration, applications and client access. 26
27 Challenges faced & Lesson Learned SIEM AD locked out reports collected was not wide enough for lock out pattern identification due to configured AD logging limitation. No effective perimeter or network monitoring capability to identify Downadup threats in the environment. Faced difficulty collecting more detail AD locked out reports from network/siem team due to infrastructure complexity and know how issue. The amount of AD logs collected was extremely huge due to high logging level and large number of users (more than 10,000 seats) therefore it was significantly taxing to mine the data. Task force was not familiar with existing customer applications, map drives and inhouse scripts, hence it was challenging to rule out the root causes. No involvement from other principals in the exercise such as Microsoft, McAfee (Web Gateway/Proxy) and Arcsight (SIEM) that would help to expedite some of the investigation processes. Last but not least, despite all the FUDs the competitor (Trend Micro) has thrown in, customer s confidence on Symantec is still retained and there IS NO evident of Downadup infection that SEP is not able to detect so far! 27
28 Thank you! Allen Chin SYMANTEC PROPRIETARY/CONFIDENTIAL INTERNAL USE ONLY Copyright 2010 Symantec Corporation. All rights reserved. 28
GFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationHow To Set Up A Shared Insight Cache Server On A Pc Or Macbook With A Virtual Environment On A Virtual Computer (For A Virtual) (For Pc Or Ipa) ( For Macbook) (Or Macbook). (For Macbook
SEP 12.1 Best Practices in a Virtual Environment The document is intended to capture the complete set of best practices for installation and configuration of SEP in a virtual environment. 1 Table of Contents
More informationSession 17 Windows 7 Professional DNS & Active Directory(Part 2)
Session 17 Windows 7 Professional DNS & Active Directory(Part 2) Fall 2011 ITE153 Operating Systems 1 Session 17 Windows 7 Professional Operating in Microsoft Networks Fall 2011 ITE153 Operating Systems
More informationLockoutGuard v1.2 Documentation
LockoutGuard v1.2 Documentation (The following graphics are screen shots from Microsoft ISA Server and Threat Management Gateway which are the property of Microsoft Corp. and are included here for instructive
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationWindows XP Exchange Client Installation Instructions
WINDOWS XP with Outlook 2003 or Outlook 2007 1. Click the Start button and select Control Panel: 2. If your control panel looks like this: Click Switch to Classic View. 3. Double click Mail. 4. Click show
More informationSymantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark
Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 Domain Controllers Version: 3.0.0 Symantec Enterprise Security Manager Baseline Policy Manual for
More informationSymantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers)
Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 (Domain Member Servers and Domain Controllers) Symantec Enterprise Security Manager Baseline Policy
More informationAdministering Windows Server 2012
Administering Windows Server 2012 Course Summary Configuring and Troubleshooting Domain Name System Maintaining Active Directory Domain Services Managing User and Service Accounts Implementing a Group
More informationActivity 1: Scanning with Windows Defender
Activity 1: Scanning with Windows Defender 1. Click on Start > All Programs > Windows Defender 2. Click on the arrow next to Scan 3. Choose Custom Scan Page 1 4. Choose Scan selected drives and folders
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationNETWRIX IDENTITY MANAGEMENT SUITE
NETWRIX IDENTITY MANAGEMENT SUITE FEATURES AND REQUIREMENTS Product Version: 3.3 February 2013. Legal Notice The information in this publication is furnished for information use only, and does not constitute
More informationProxySG TechBrief Enabling Transparent Authentication
ProxySG TechBrief Enabling Transparent Authentication What is Transparent Authentication? Authentication is a key factor when defining a web access policy. When the Blue Coat ProxyxSG is configured for
More informationComprehensive List of XenDesktop Event Log Entries
Comprehensive List of XenDesktop Event Log Entries VDA Events 1200 Error Exception '%1' of type '%2' while starting the service. The service will now stop. When VDA fails to initialise or start. Renaming
More informationUnderstand Troubleshooting Methodology
Understand Troubleshooting Methodology Lesson Overview In this lesson, you will learn about: Troubleshooting procedures Event Viewer Logging Resource Monitor Anticipatory Set If the workstation service
More informationAIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security. www.uscyberpatriot.
AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE Microsoft Windows Security www.uscyberpatriot.org AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION
More informationUser-ID Best Practices
User-ID Best Practices PAN-OS 5.0, 5.1, 6.0 Revision A 2011, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents PAN-OS User-ID Functions... 3 User / Group Enumeration... 3 Using LDAP Servers
More informationqliqdirect Active Directory Guide
qliqdirect Active Directory Guide qliqdirect is a Windows Service with Active Directory Interface. qliqdirect resides in your network/server and communicates with qliqsoft cloud servers securely. qliqdirect
More informationWhite Paper. PCI Guidance: Microsoft Windows Logging
PCI Guidance: Microsoft Windows Logging Table of Contents Introduction...3 This white paper was written by: Cayce Beames, CISSP, QSA, Technical Practice Director, Strategic Services, Intel Security Preparation
More informationActive Directory Services with Windows Server 10969B; 5 days, Instructor-led
Active Directory Services with Windows Server 10969B; 5 days, Instructor-led Course Description Get hands on instruction and practice administering Active Directory technologies in Windows Server 2012
More informationOperating Instructions (For User Authentication)
PLAIN PAPER FACSIMILE Operating Instructions (For User Authentication) Appendix General Description Using Machine Setting Machine The following trademarks and registered trademarks are used throughout
More informationNETWRIX ACCOUNT LOCKOUT EXAMINER
NETWRIX ACCOUNT LOCKOUT EXAMINER ADMINISTRATOR S GUIDE Product Version: 4.1 July 2014. Legal Notice The information in this publication is furnished for information use only, and does not constitute a
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationVulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper
Vulnerability Audit: Why a Vulnerability Scan Isn t Enough White Paper May 10, 2005 TABLE OF CONTENTS Introduction: How Secure Are My Systems?... 3 Vulnerability: The Modern Meaning Of A Muddled Word...
More informationAchieving PCI COMPLIANCE with the 2020 Audit & Control Suite. www.lepide.com/2020-suite/
Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite 7. Restrict access to cardholder data by business need to know PCI Article (PCI DSS 3) Report Mapping How we help 7.1 Limit access to system
More informationWebsense Support Webinar: Questions and Answers
Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user
More informationCourse 10969 Active Directory Services with Windows Server
P a g e 1 of 11 Course 10969 Active Directory Services with Windows Server Introduction Get hands-on instruction and practice administering Active Directory technologies in Windows Server 2012 and Windows
More informationA Guide to New Features in Propalms OneGate 4.0
A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationACME Enterprises IT Infrastructure Assessment
Prepared for ACME Enterprises March 25, 2014 Table of Contents Executive Summary...2 Introduction...2 Background...2 Scope of IT Assessment...2 Findings...2 Detailed Findings for Key Areas Reviewed...3
More informationDIGIPASS Authentication for Windows Logon Product Guide 1.1
DIGIPASS Authentication for Windows Logon Product Guide 1.1 Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions,
More information411-Administering Windows Server 2012
411-Administering Windows Server 2012 Course Duration: 5 Days Module 1: Configuring and Troubleshooting Domain Name System This module explains how to configure and troubleshoot DNS, including DNS replication
More informationAgency Pre Migration Tasks
Agency Pre Migration Tasks This document is to be provided to the agency and will be reviewed during the Migration Technical Kickoff meeting between the ICS Technical Team and the agency. Network: Required
More informationDefault Domain Policy Data collected on: 10/12/2012 5:28:08 PM General
Default Domain Default Domain Data collected on: 10/12/2012 5:28:08 PM General Details Domain Owner Created Modified User Revisions Computer Revisions Unique ID GPO Status webrecon.local WEBRECON\Domain
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationRelease Notes for Websense Email Security v7.2
Release Notes for Websense Email Security v7.2 Websense Email Security version 7.2 is a feature release that includes support for Windows Server 2008 as well as support for Microsoft SQL Server 2008. Version
More informationEntrust Managed Services PKI
Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.
More informationAdministering Windows Server 2012
Administering Windows Server 2012 Course Details Duration: Course code: 5 Days M20411 Overview: Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2,
More informationTable Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10
Table Of Contents - - WINDOWS SERVER 2003 MAINTAINING AND MANAGING ENVIRONMENT...1 WINDOWS SERVER 2003 IMPLEMENTING, MANAGING & MAINTAINING...6 WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS
More information20411 - Administering Windows Server 2012
20411 - Administering Windows Server 2012 Duration: 5 Days Course Price: $2,975 Software Assurance Eligible Course Description Course Overview Get hands-on instruction and practice administering Windows
More informationActive Directory Services with Windows Server
Course 10969B: Active Directory Services with Windows Server Page 1 of 8 Active Directory Services with Windows Server Course 10969B: 4 days; Instructor-Led Introduction Get Hands on instruction and practice
More informationActive Directory Services with Windows Server
Course 10969B: Active Directory Services with Windows Server Course Details Course Outline Module 1: Overview of Access and Information Protection This module provides an overview of multiple Access and
More informationSophos Endpoint Security and Control standalone startup guide
Sophos Endpoint Security and Control standalone startup guide Sophos Endpoint Security and Control version 9 Sophos Anti-Virus for Mac OS X, version 7 Document date: October 2009 Contents 1 Before you
More informationControlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway
Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway Websense Support Webinar January 2010 web security data security email security
More informationUsing Nessus In Web Application Vulnerability Assessments
Using Nessus In Web Application Vulnerability Assessments Paul Asadoorian Product Evangelist Tenable Network Security pasadoorian@tenablesecurity.com About Tenable Nessus vulnerability scanner, ProfessionalFeed
More informationWhen your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.
Deployment Guide Revision C McAfee Web Protection Hybrid Introduction Web Protection provides the licenses and software for you to deploy Web Gateway, SaaS Web Protection, or a hybrid deployment using
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationSecret Server Qualys Integration Guide
Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server
More informationKaseya 2. User Guide. Version R8. English
Kaseya 2 Discovery User Guide Version R8 English September 19, 2014 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as
More informationQliqDIRECT Active Directory Guide
QliqDIRECT Active Directory Guide QliqDIRECT is a Windows Service with Active Directory Interface. QliqDIRECT resides in your network/server and communicates with Qliq cloud servers securely. QliqDIRECT
More informationCourse 10969A Active Directory Services with Windows Server
Course 10969A Active Directory Services with Windows Server OVERVIEW About this Course Get hands-on instruction and practice administering Active Directory technologies in Windows Server 2012 and Windows
More informationSIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security
SIEM Optimization 101 ReliaQuest E-Book Fully Integrated and Optimized IT Security Introduction SIEM solutions are effective security measures that mitigate security breaches and increase the awareness
More informationHYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2
HYPERION SYSTEM 9 MASTER DATA MANAGEMENT RELEASE 9.2 N-TIER INSTALLATION GUIDE P/N: DM90192000 Copyright 2005-2006 Hyperion Solutions Corporation. All rights reserved. Hyperion, the Hyperion logo, and
More informationThis module explains how to configure and troubleshoot DNS, including DNS replication and caching.
Module 1: Configuring and Troubleshooting Domain Name System This module explains how to configure and troubleshoot DNS, including DNS replication and caching. Configuring the DNS Server Role Configuring
More informationPassword Reset PRO INSTALLATION GUIDE
Password Reset PRO INSTALLATION GUIDE This guide covers the new features and settings available in Password Reset PRO. Please read this guide completely to ensure a trouble-free installation. March 2009
More informationContents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS
SonicOS User Identification Using the Domain Controller Security Log Contents Supported Platforms... 1 Event Viewer... 1 Configuring Group Policy to Enable Logon Audit... 2 Events in Security Log... 4
More informationAltiris IT Analytics Solution 7.1 SP1 from Symantec User Guide
Altiris IT Analytics Solution 7.1 SP1 from Symantec User Guide Altiris IT Analytics Solution 7.1 from Symantec User Guide The software described in this book is furnished under a license agreement and
More informationNetwork Connect Installation and Usage Guide
Network Connect Installation and Usage Guide I. Installing the Network Connect Client..2 II. Launching Network Connect from the Desktop.. 9 III. Launching Network Connect Pre-Windows Login 11 IV. Installing
More informationNetwork Computing Architects Inc. (NCA) Network Operations Center (NOC) Services
Network Computing Architects Inc. (NCA), provides outsourced IT services by monitoring and managing clients computing assets. Included Services: For all systems covered under NOC Support, the following
More informationAdministering Windows Server 2012
Course Code: M20411 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Administering Windows Server 2012 Overview Get hands-on instruction and practice administering Windows Server 2012, including
More informationDC Agent Troubleshooting
DC Agent Troubleshooting Topic 50320 DC Agent Troubleshooting Web Security Solutions v7.7.x, 7.8.x 27-Mar-2013 This collection includes the following articles to help you troubleshoot DC Agent installation
More informationActive Directory Services with Windows Server MOC 10969
Active Directory Services with Windows Server MOC 10969 Course Outline Module 1: Overview of Access and Information Protection This module explains Access and Information Protection (AIP) solutions from
More informationStep by step guide for connecting PC to wired LAN at dormitories of University of Pardubice
Step by step guide for connecting PC to wired LAN at dormitories of University of Pardubice English version Version 1.1 July 2008 Information Cente University of Pardubice Content A. Windows XP... 2 B.
More informationSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines. Regional Product Management Team Endpoint Security
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines Regional Product Management Team Endpoint Security Agenda 1 2 SEPM Architecture and Settings Recommended Client Protection Technologies
More informationAdministering Windows Server 2012
WINDOWS 2012 COURSE OUTLINE Visit Our Website to Enroll Now Www.ITBigBang.Com/IT-Training Administering Windows Server 2012 Course Title Administering Windows Server 2012 Course Code 20411D Days / Duration
More informationAV-006: Installing, Administering and Configuring Windows Server 2012
AV-006: Installing, Administering and Configuring Windows Server 2012 Career Details Duration 105 hours Prerequisites This course requires that student meet the following prerequisites, including that
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationCourse 20411D: Administering Windows Server 2012
Course 20411D: Administering Windows Server 2012 Five Days, Instructor Led About this course Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2, in
More informationSecurity Content Update Release Notes for CCS 11.0. 2013-1 Update
Security Content Update Release Notes for CCS 11.0 2013-1 Update Security Content Update 2013-1 Release Notes Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec
More informationTop 10 PCI Concerns. Jeff Tucker Sr. Security Consultant, Foundstone Professional Services
Top 10 PCI Concerns Jeff Tucker Sr. Security Consultant, Foundstone Professional Services About Jeff Tucker QSA since Spring of 2007, Lead for the Foundstone s PCI Services Security consulting and project
More informationStep-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet
Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet CONTENTS Installation System requirements SQL Server setup Setting up user accounts Authentication mode Account options Import from
More informationXIA Configuration Server
XIA Configuration Server XIA Configuration Server v7 Installation Quick Start Guide Monday, 05 January 2015 1 P a g e X I A C o n f i g u r a t i o n S e r v e r Contents Requirements... 3 XIA Configuration
More informationBefore deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.
SiteAudit Knowledge Base Deployment Check List June 2012 In This Article: Platform Requirements Windows Settings Discovery Configuration Before deploying SiteAudit it is recommended to review the information
More informationNASA Consolidated Active Directory Overview ( August 20, 2012 ) Les Chafin Infrastructure Engineering HPES
NASA Consolidated Active Directory Overview ( August 20, 2012 ) Les Chafin Infrastructure Engineering HPES Introduction Les Chafin; Infrastructure Engineering Manager» HPES NASA ACES Responsible for:»
More informationAdministering Windows Server 2012
Course 20411D: Administering Windows Server 2012 Page 1 of 8 Administering Windows Server 2012 Course 20411D: 4 days; Instructor-Led Introduction Get hands-on instruction and practice administering Windows
More informationSymantec Event Collector 4.3 for Microsoft Windows Quick Reference
Symantec Event Collector 4.3 for Microsoft Windows Quick Reference Symantec Event Collector for Microsoft Windows Quick Reference The software described in this book is furnished under a license agreement
More informationSymantec Endpoint Protection Analyzer Report
Symantec Endpoint Protection Analyzer Report For Symantec Customer Table of Contents Statement of Confidentiality... 3 1. Introduction... 4 2. Environmental Analysis Overview... 5 2.1 Findings Overview...
More informationGetting Started. Symantec Client Security. About Symantec Client Security. How to get started
Getting Started Symantec Client Security About Security Security provides scalable, cross-platform firewall, intrusion prevention, and antivirus protection for workstations and antivirus protection for
More informationAdministering Windows Server 2012
www.etidaho.com (208) 327-0768 Course 20411D: Administering Windows Server 2012 5 Days About this Course Get hands on instruction and practice administering Windows Server 2012, including Windows Server
More informationEvaluation Guide. iprism Web Security. 800-782-3762 www.edgewave.com V7.000
800-782-3762 www.edgewave.com Welcome to EdgeWave Web Security! This short guide is intended to help administrators set up and test the iprism Web Filtering appliance for evaluation purposes. A more detailed
More informationServiceDesk 7.1 Installation and Upgrade. ServiceDesk 7.1 Installation and Upgrade - Using Domain Service Credentials A Step by Step Guide
ServiceDesk 7.1 Installation and Upgrade - Using Domain Service Credentials A Step by Step Guide Contents ServiceDesk 7.1 Installation and Upgrade - Using Domain Service Credentials A Step by Step Guide...
More informationEndpoint Security Solutions (Physical & VDI Environment) Comparative Testing Analysis
Endpoint Security Solutions (Physical & VDI Environment) Comparative Testing Analysis Vendors Tested: McAfee Sophos Symantec Trend Micro Executive Summary Indusface was commissioned by Trend Micro Inc.
More informationPineApp Surf-SeCure Quick
PineApp Surf-SeCure Quick Installation Guide September 2010 WEB BASED INSTALLATION SURF-SECURE AS PROXY 1. Once logged in, set the appliance s clock: a. Click on the Edit link under Time-Zone section.
More informationGetting started. Symantec AntiVirus Business Pack. About Symantec AntiVirus. Where to find information
Getting started Symantec AntiVirus Business Pack Copyright 2004 Symantec Corporation. All rights reserved. Printed in the U.S.A. 03/04 Symantec and the Symantec logo are U.S. registered trademarks of Symantec
More informationMicrosoft 10969 - Active Directory Services with Windows Server
1800 ULEARN (853 276) www.ddls.com.au Microsoft 10969 - Active Directory Services with Windows Server Length 5 days Price $4070.00 (inc GST) Version B Overview Get hands-on instruction and practice administering
More informationUser Identification and Authentication
User Identification and Authentication Vital Security 9.2 Copyright Copyright 1996-2008. Finjan Software Inc.and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included
More informationMicrosoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005
Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005 Revision 1.3: Cleaned up resources and added additional detail into each auditing table. Revision 1.4:
More informationAutomate PCI Compliance Monitoring, Investigation & Reporting
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationNet Protector Admin Console
Net Protector Admin Console USER MANUAL www.indiaantivirus.com -1. Introduction Admin Console is a Centralized Anti-Virus Control and Management. It helps the administrators of small and large office networks
More informationCisco AnyConnect Secure Mobility Client VPN User Messages, Release 3.1
Cisco AnyConnect Secure Mobility Client VPN User Messages, Release 3.1 October 15, 2012 The following user messages appear on the AnyConnect client GUI. A description follows each message, along with recommended
More information70-290 Q&A. DEMO Version
Managing and Maintaining a Microsoft Windows Server 2003 Environment Q&A DEMO Version Copyright (c) 2010 Chinatag LLC. All rights reserved. Important Note Please Read Carefully For demonstration purpose
More informationTEXAS AGRILIFE SERVER MANAGEMENT PROGRAM
TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM Policy Compliancy Checklist September 2014 The server management responsibilities described within are required to be performed per University, Agency or State
More informationConfiguring Windows Server 2008 Active Directory
Configuring Windows Server 2008 Active Directory Course Number: 70-640 Certification Exam This course is preparation for the Microsoft Technical Specialist (TS) exam, Exam 70-640: TS: Windows Server 2008
More informationSIEM Implementation Approach Discussion. April 2012
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationQuick Install Guide. Lumension Endpoint Management and Security Suite 7.1
Quick Install Guide Lumension Endpoint Management and Security Suite 7.1 Lumension Endpoint Management and Security Suite - 2 - Notices Version Information Lumension Endpoint Management and Security Suite
More informationAdministering Windows Server 2012
20411D - Version: 1 25 June 2016 Administering Windows Server 2012 Administering Windows Server 2012 20411D - Version: 1 5 days Course Description: Get hands-on instruction and practice administering Windows
More information"Charting the Course... MOC 20411 D Administering Windows Server 2012. Course Summary
Course Summary Description Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2, in this five-day Microsoft Official Course. This course is part two
More information