Pass-the-Hash: How Attackers Spread and How to Stop Them

Size: px
Start display at page:

Download "Pass-the-Hash: How Attackers Spread and How to Stop Them"

Transcription

1 Pass-the-Hash: How Attackers Spread and How to Stop Them SESSION ID: HTA-W03 Mark Russinovich Technical Fellow Microsoft Corporation Nathan Ide Principal Development Lead Microsoft Corporation

2 Pass-the-Hash: Agenda Pass-the-Hash Technique Pass-the-Hash on Windows Today New Windows Mitigations: Local Account Domain Account Restricted Remote Administration Authentication Policies and Silos 2

3 Single-Sign On, Explained Sue s Laptop Sue s User Session User: Sue Password hash: C9DF4E 2 File Server Sue s User Session 4 User: Sue Password hash: C9DF4E 3 User: Sue Password: a1b2c Sue enters username and password 2. PC creates Sue s user session 3. PC proves knowledge of Sue s hash to Server 4. Server creates a session for Sue 3

4 Pass-the-Hash Technique Fred s Laptop Fred s User Session User: Fred Password hash: A3D7 Malware User Session User: Fred Password hash: A3D7 User: Fred Hash:A3D7 Sue s Laptop Sue s User Session User: Sue Password hash: C9DF Malware User Session User: Fred Hash: A3D7 User: Sue Hash: C9DF User: Sue Hash:C9DF File Server Fred runs malware 2. Malware infects Sue s laptop as Fred 3. Malware infects File Server as Sue 4

5 Pass-the-Hash: Agenda Pass-the-Hash Technique Pass-the-Hash on Windows Today New Windows Mitigations: Local Account Domain Account Restricted Remote Administration Authentication Policies and Silos 5

6 Windows Pass-the-Hash in the News I wouldn t say the vendor had AD credentials but that the internal The virus erased data on three-quarters of Aramco s administrators would use their AD login corporate PCs documents, spreadsheets, s, files to replacing access the all of system it with from an image inside. of a This burning would mean American the sever flag. had access to the rest of the corporate network... 6

7 Windows Pass-the-Hash in Mark s Inbox 7

8 Windows Single-Sign On Architecture Local Security Authority (LSASS) NTLM NTOWF: C9DF4E56A2D1 Service Ticket PTHDemo-DC Digest Password: Sue s a1b2c3 Laptop User: Sue Hash: C9DF4E PTHDemo-DC Kerberos Ticket-Granting Ticket Service Ticket Ticket User: Sue Password: a1b2c3 Credential footprint 8

9 Windows Pass-the-Hash Discovery 9

10 Microsoft Guidance Microsoft published Pass-the-Hash guidance in December Highlighted best practices and dispelled urban legends 10

11 Pass-the-Hash Tools on Windows Local Security Authority (LSASS) NTLM NTOWF: C9DF4E56A2D1 A3D723B95DA Digest Password: Sue s a1b2c3 Laptop Kerberos Ticket-Granting Ticket Service Ticket Ticket Credential Store 11

12 Demo: Pass-the-Hash with Windows Credential Editor

13 Pass-the-Hash: Agenda Pass-the-Hash Technique Pass-the-Hash on Windows Today New Windows Mitigations: Local Account Domain Account Restricted Remote Administration Authentication Policies and Silos 13

14 Problem: Local Account Traversal Fred s Laptop Sue s Laptop Security Accounts Manager User: Admin Hash:A2DF User: Admin Hash:A2DF Security Accounts Manager User: Admin Hash:A2DF 14

15 Local Account Mitigations Two new well-known groups: Local account Local account and member of Administrators group Useful for restricting access 15

16 Demo: Local Account Mitigations

17 Pass-the-Hash: Agenda Pass-the-Hash Technique Pass-the-Hash on Windows Today New Windows Mitigations: Local Account Domain Account Restricted Remote Administration Authentication Policies and Silos 17

18 Problem: Domain Credential Harvesting Local Security Authority (LSASS) NTLM NTOWF: C9DF4E56A2D1 Digest Password: Sue s a1b2c3 Laptop Kerberos Ticket-Granting Ticket Service Ticket Ticket Credential Store 18

19 Domain Account Mitigations Reduced credential footprint Aggressive session expiry New Protected Users RID Hardened LSASS process

20 Demo: Domain Account Mitigations

21 Pass-the-Hash: Agenda Pass-the-Hash Technique Pass-the-Hash on Windows Today New Windows Mitigations: Local Account Domain Account Restricted Remote Administration Authentication Policies and Silos 21

22 Problem: Remote Administration Sue s Helpdesk PC Remote Desktop Client User: Sue Pass:a1b2c3 Fred s Laptop LSASS NTLM NTOWF: C9 Digest Pass: a1b2c3 Kerberos Ticket Mimikatz Credential Store

23 Restricted Administration Mode Restricted Administration Mode allows remote administrators to connect without delegation Attaches machine credentials to session

24 Demo: Restricted Remote Administration

25 Pass-the-Hash: Agenda Pass-the-Hash Technique Pass-the-Hash on Windows Today New Windows Mitigations: Local Account Domain Account Restricted Remote Administration Authentication Policies and Silos 25

26 Problem: Privileged User Credential Replay Lobby kiosk Fred IT admin terminal User: Sue Domain Controller Sue 26

27 Authentication Policies and Silos PTHDemo Domain Users Computers Enable isolation of users or resources Keeps user in their silo Prevents outside access to silo Fred Silo:Sue Sue Fred-PC Silo:Sue Sue-PC 2012R2 domains support Authentication Policies and Silos Sue Lockdown Authentication Policy Ticket lifetime:4 hours Conditions: Users use Silo PCs Sue Lockdown Authentication Silo Policy: Sue Lockdown Members: Sue; Sue-PC Policies allow custom ticket lifetime and issuance conditions Can restrict users and service accounts

28 Demo: Authentication Policies and Silos

29 Mitigations on Windows 7 and Windows 8 The following features will be available on Windows 7 and Windows 8: Local account well-known groups Reduced credential footprint RDP client /restrictedadmin Protected Users

30 Conclusion Comprehensive network security must address Pass-the-Hash New Windows mitigations are available Local account protections Domain account protections Protected domain accounts Authentication policies and Silos 30

Information Assurance Directorate

Information Assurance Directorate National Security Agency/Central Security Service Information Assurance Directorate Reducing the Effectiveness of Pass-the-Hash November 19, 2013 Revision 1 A product of the Network Components and Applications

More information

Five Steps to Improve Internal Network Security. Chattanooga ISSA

Five Steps to Improve Internal Network Security. Chattanooga ISSA Five Steps to Improve Internal Network Security Chattanooga ISSA 1 Find Me AverageSecurityGuy.info @averagesecguy stephen@averagesecurityguy.info github.com/averagesecurityguy ChattSec.org 2 Why? The methodical

More information

Managing Local Administrator Passwords with LAPS 10/14/2015 PENN STATE SECURITY CONFERENCE

Managing Local Administrator Passwords with LAPS 10/14/2015 PENN STATE SECURITY CONFERENCE Managing Local Administrator Passwords with LAPS 2015 PENN STATE SECURITY CONFERENCE DAN BARR DRB45@PSU.EDU SYSTEMS ADMINISTRATOR, APPLIED RESEARCH LABORATORY The Shared Password Threat Shared passwords

More information

Centralized Oracle Database Authentication and Authorization in a Directory

Centralized Oracle Database Authentication and Authorization in a Directory Centralized Oracle Database Authentication and Authorization in a Directory Paul Sullivan Paul.J.Sullivan@oracle.com Principal Security Consultant Kevin Moulton Kevin.moulton@oracle.com Senior Manager,

More information

Basic principles of infrastracture security Impersonation, delegation and code injection

Basic principles of infrastracture security Impersonation, delegation and code injection Basic principles of infrastracture security Impersonation, delegation and code injection Ondřej Ševeček GOPAS a.s. MCM: Directory Services MVP: Enterprise Security CHFI CEH CISA ondrej@sevecek.com www.sevecek.com

More information

Windows Attack - Gain Enterprise Admin Privileges in 5 Minutes

Windows Attack - Gain Enterprise Admin Privileges in 5 Minutes Windows Attack - Gain Enterprise Admin Privileges in 5 Minutes Compass Security AG, Daniel Stirnimann Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel +41 55-214 41 60 Fax +41

More information

Pass-the-Hash II: Admin s Revenge. Skip Duckwall & Chris Campbell

Pass-the-Hash II: Admin s Revenge. Skip Duckwall & Chris Campbell Pass-the-Hash II: Admin s Revenge Skip Duckwall & Chris Campbell Do you know who I am? Skip Co-presented PTH talk last year at BH, Derbycon http://passing-the-hash.blogspot.com @passingthehash on twitter

More information

Hacker s Perspective on your Windows Infrastructure: Windows 10 Mandatory Check List

Hacker s Perspective on your Windows Infrastructure: Windows 10 Mandatory Check List Hacker s Perspective on your Windows Infrastructure: Windows 10 Mandatory Check List Paula Januszkiewicz CQURE: CEO, Penetration Tester CQURE Offices: New York, Dubai, Warsaw MVP: Enterprise Security,

More information

Accessing the Media General SSL VPN

Accessing the Media General SSL VPN Launching Applications and Mapping Drives Remote Desktop Outlook Launching Web Applications Full Access VPN Note: To access the Media General VPN, anti-virus software must be installed and running on your

More information

Why You Need to Detect More Than PtH. Matt Hathaway, Senior Product Manager, Rapid7 Jeff Myers, Lead Software Engineer, Rapid7

Why You Need to Detect More Than PtH. Matt Hathaway, Senior Product Manager, Rapid7 Jeff Myers, Lead Software Engineer, Rapid7 Why You Need to Detect More Than PtH Matt Hathaway, Senior Product Manager, Rapid7 Jeff Myers, Lead Software Engineer, Rapid7 Who We Are! Matt Hathaway Senior Product Manager for Rapid7 UserInsight Former

More information

Undergraduate Academic Affairs \ Student Affairs IT Services. VPN and Remote Desktop Access from a Windows 7 PC

Undergraduate Academic Affairs \ Student Affairs IT Services. VPN and Remote Desktop Access from a Windows 7 PC Undergraduate Academic Affairs \ Student Affairs IT Services VPN and Remote Desktop Access from a Windows 7 PC Last edited: 4 December 2015 Contents Inform IT Staff... 1 Things to Note... 1 Setting Up

More information

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse

More information

Internal Penetration Test

Internal Penetration Test Internal Penetration Test Agenda Time Agenda Item 10:00 10:15 Introduction 10:15 12:15 Seminar: Web Application Penetration Test 12:15 12:30 Break 12:30 13:30 Seminar: Social Engineering Test 13:30 15:00

More information

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7. Enabling Integrated Windows Authentication For CitectSCADA Web Client Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.xx Summary: What is the difference between Basic Authentication and Windows

More information

Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques. Mitigating the risk of lateral movement and privilege escalation

Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques. Mitigating the risk of lateral movement and privilege escalation Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques Mitigating the risk of lateral movement and privilege escalation Mitigating Pass-the-Hash (PtH) Attacks and Other Credential

More information

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive 2014 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means

More information

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?).

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). Kerberos Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). 1 Kerberos Kerberos is an authentication protocol and a software suite implementing this

More information

How to Access UF Health Jacksonville VPN services

How to Access UF Health Jacksonville VPN services How to Access UF Health Jacksonville VPN services To access VPN services go to the hospital website at http://ufhealthjax.org/. Click on the For Employees link at the bottom of the screen. Under Remote

More information

Network Architecture & Active Directory Considerations for the PI System. Bryan Owen - OSIsoft Joel Langill - SCADAhacker

Network Architecture & Active Directory Considerations for the PI System. Bryan Owen - OSIsoft Joel Langill - SCADAhacker Network Architecture & Active Directory Considerations for the PI System By: Bryan Owen - OSIsoft Joel Langill - SCADAhacker Agenda Moore s Law Network Architecture Domain Services in a DMZ 2 HD Moore

More information

Computer Classroom Security Standard

Computer Classroom Security Standard Computer Classroom Security Standard Cal State Fullerton operates a heterogeneous network environment composed of centrally supported workstations, servers, and the network infrastructure. Along with administrative

More information

Cyber Essentials Questionnaire

Cyber Essentials Questionnaire Cyber Essentials Questionnaire Introduction The Cyber Essentials scheme is recommended for organisations looking for a base level Cyber security test where IT is a business enabler rather than a core deliverable.

More information

Pass-the-Hash. Solution Brief

Pass-the-Hash. Solution Brief Solution Brief What is Pass-the-Hash? The tools and techniques that hackers use to infiltrate an organization are constantly evolving. Credential theft is a consistent concern as compromised credentials

More information

Operating System Security

Operating System Security Operating System Security Klaus Schütz Windows OS Security Microsoft Redmond Before I start My VP love(d) me A frustrated friend 1 Agenda Evolution of Threats Client vs. Server Security Operating System

More information

WorkEngine Pre-Deployment Checklist

WorkEngine Pre-Deployment Checklist 01.06.2011.01 Contents 1.0 Installer s Knowledge Pre-requisites... 1 2.0 Software Prerequisites... 1 3.0 Required Information Prior to Installation... 3 4.0 Client Desktop (Optional)... 4 1.0 Installer

More information

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis

More information

PCI DSS Compliance: The Importance of Privileged Management. Marco Zhang marco_zhang@dell.com

PCI DSS Compliance: The Importance of Privileged Management. Marco Zhang marco_zhang@dell.com PCI DSS Compliance: The Importance of Privileged Management Marco Zhang marco_zhang@dell.com What is a privileged account? 2 Lots of privileged accounts Network Devices Databases Servers Mainframes Applications

More information

Remote Access via Appgate for School Users

Remote Access via Appgate for School Users Remote Access via Appgate for School Users Status/Version: Issue 1.3 Effective: November 2013 Document Ref: CITS SCH 004 1 of 6 CONTENTS Audience 3 Purpose 3 Definitions 3 Process 3 1 Logging in to AppGate

More information

Michael Mayer-Gishyan NSA IT Consulting e.u. @mike_srv02 mmg@nsa.co.at http://nsa.co.at. From Zero to Hero. Domain Admin in einem Tag

Michael Mayer-Gishyan NSA IT Consulting e.u. @mike_srv02 mmg@nsa.co.at http://nsa.co.at. From Zero to Hero. Domain Admin in einem Tag Michael Mayer-Gishyan NSA IT Consulting e.u. @mike_srv02 mmg@nsa.co.at http://nsa.co.at From Zero to Hero Domain Admin in einem Tag Agenda Vita Introduction to NTLM and Kerberos Pass-the-Hash Techniques

More information

Mary Immaculate. ICT Services. ICT Helpdesk. User Guide

Mary Immaculate. ICT Services. ICT Helpdesk. User Guide Mary Immaculate ICT Services ICT Helpdesk User Guide Table of Contents 1. Introduction 3 2. How To Log A Call With The ICT Helpdesk 3 2.1 Email 3 2.2 Phone 3 2.3 Voicemail 3 2.4 Web Self Service Option

More information

Exploiting Transparent User Identification Systems

Exploiting Transparent User Identification Systems Exploiting Transparent User Identification Systems Wayne Murphy Benjamin Burns Version 1.0a 1 CONTENTS 1.0 Introduction... 3 1.1 Project Objectives... 3 2.0 Brief Summary of Findings... 4 3.0 Background

More information

Connecting to the University Wireless Network

Connecting to the University Wireless Network Connecting to the University Wireless Network Wifi is available to staff and registered students of University in certain areas of the three campuses of the University. This area of coverage will be expanded

More information

Instructions for connecting to the LSC-O Secure Wireless Network

Instructions for connecting to the LSC-O Secure Wireless Network Instructions for connecting to the LSC-O Secure Wireless Network Wireless computer hot spots are available at various locations around the LSC-O campus. The Academic Center first floor, AHB first and second

More information

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names DataCove DT Active Directory Authentication In Active Directory (AD) authentication mode, the server uses NTLM v2 and LDAP protocols to authenticate users residing in Active Directory. The login procedure

More information

Secure Global Desktop (SGD)

Secure Global Desktop (SGD) Secure Global Desktop (SGD) Table of Contents Checking your Java Version...3 Preparing Your Desktop Computer...3 Accessing SGD...5 Logging into SGD...6 Using SGD to Access Your Desktop...7 Using SGD to

More information

Remote Desktop Connection user guide for Android.

Remote Desktop Connection user guide for Android. USER GUIDE Remote Desktop Connection user guide for Android. 1. Introduction These instructions apply to Android 4.1 or greater. This document is intended for any user wanting to access their office PC

More information

Remote Access Password Tips

Remote Access Password Tips Introduction: The following document was created to assist Remote Access users with password change and synchronization issues. IT&S has identified the following five (5) scenarios for remote access password

More information

How to Efficiently Protect Active Directory from Credential Theft & Large Scale Compromise

How to Efficiently Protect Active Directory from Credential Theft & Large Scale Compromise How to Efficiently Protect Active Directory from Credential Theft & Large Scale Compromise An Approach Based on Real-World Expertise Friedwart Kuhn, fkuhn@ernw.de Digital unterschrieben von Friedwart Kuhn

More information

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005

Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005 Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005 Revision 1.3: Cleaned up resources and added additional detail into each auditing table. Revision 1.4:

More information

SECURITY SUBSYSTEM IN WINDOWS

SECURITY SUBSYSTEM IN WINDOWS Operating Systems SECURITY SUBSYSTEM IN WINDOWS Zoltán Micskei http://www.mit.bme.hu/~micskeiz Budapesti Műszaki és Gazdaságtudományi Egyetem Neeraj Suri Méréstechnika és Információs Rendszerek Tanszék

More information

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access Vikas Jain Director, Product Management Intel Corporation Jesper Tohmo CTO, Nordic Edge (an Intel company) Session ID:

More information

Security. Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik. Copyright 2001-2004 Hermann Härtig, Ronald Aigner

Security. Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik. Copyright 2001-2004 Hermann Härtig, Ronald Aigner Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik Outline Ratings System Components Logon Object (File) Access Impersonation Auditing 2 Ratings National Computer Center (NCSC) part

More information

Quarantine Network for Specialised Equipment.

Quarantine Network for Specialised Equipment. Quarantine Network for Specialised Equipment. Using Remote Desktop to get data in and out of the quarantine network V1.2 It is now possible to connect through a gateway or terminal server to PCs connected

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

Virtualization and Cloud Computing

Virtualization and Cloud Computing Virtualization and Cloud Computing Virtualization, Cloud and Security Mgr. Michael Grafnetter Agenda Virtualization Security Risks and Solutions Cloud Computing Security Identity Management Virtualization

More information

Remote Desktop Solution, (RDS), replacing CITRIX Home Access

Remote Desktop Solution, (RDS), replacing CITRIX Home Access Remote Desktop Solution, (RDS), replacing CITRIX Home Access RDS Applications on a Computer Overview RDS has replaced citrix for remote access at home for College staff and pupils. This does not replace

More information

Who DIT It? Detecting and Mitigating Privilege Escalation Attacks on the Active Directory Data Store

Who DIT It? Detecting and Mitigating Privilege Escalation Attacks on the Active Directory Data Store Who DIT It? Detecting and Mitigating Privilege Escalation Attacks on the Active Directory Data Store Mike Middleton Justin Prosco Mandiant, A FireEye Company Mike Middleton Principal Consultant Joined

More information

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account

More information

Windows passwords security

Windows passwords security IT Advisory Windows passwords security ADVISORY WHOAMI 2 Agenda The typical windows environment Local passwords Secure storage mechanims: Syskey & SAM File Password hashing & Cracking: LM & NTLM Into the

More information

SANS Institute First Five Quick Wins

SANS Institute First Five Quick Wins #1 QUICK WIN- APPLICATION WHITELISTING SANS Critical Controls: #2: Inventory of Authorized and Unauthorized Software 1) Deploy application whitelisting technology that allows systems to run software only

More information

Securing Administrator Access to Internal Windows Servers

Securing Administrator Access to Internal Windows Servers Securing Administrator Access to Internal Windows Servers Contents 1. Introduction... 3 2. PKI implementation... 3 Require two-factor authentication for computers... 3 Require two-factor authentication

More information

mimikatz 2.0 Benjamin DELPY `gentilkiwi`

mimikatz 2.0 Benjamin DELPY `gentilkiwi` mimikatz 2.0 Benjamin DELPY `gentilkiwi` Our little story `whoami`, why am I doing this? mimikatz 2.0 & sekurlsa Focus on Windows 8.1 et 2012r2 Kerberos & strong authentication Questions / Answers And

More information

Secret Server Qualys Integration Guide

Secret Server Qualys Integration Guide Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server

More information

Web Meetings through VPN. Note: Conductor means person leading the meeting. Table of Contents. Instant Web Meetings with VPN (Conductor)...

Web Meetings through VPN. Note: Conductor means person leading the meeting. Table of Contents. Instant Web Meetings with VPN (Conductor)... Table of Contents Instant Web Meetings with VPN (Conductor)...2 How to Set Up a Scheduled Web Meeting with VPN (Conductor)...6 How to Set Up a Support Web Meeting with GVSU VPN Service (Conductor)...15

More information

CREDENTIAL MANAGER IN WINDOWS 7

CREDENTIAL MANAGER IN WINDOWS 7 CREDENTIAL MANAGER IN WINDOWS 7 What is Credential Manager Whenever we try to access some resource, whether it is local or remote resource, Windows always validates our credentials to make sure we have

More information

ecopy ShareScan v4.3 Pre-Installation Checklist

ecopy ShareScan v4.3 Pre-Installation Checklist ecopy ShareScan v4.3 Pre-Installation Checklist This document is used to gather data about your environment in order to ensure a smooth product implementation. The Network Communication section describes

More information

Undergraduate Academic Affairs \ Student Affairs IT Services. VPN and Remote Desktop Access from a Windows 7 PC

Undergraduate Academic Affairs \ Student Affairs IT Services. VPN and Remote Desktop Access from a Windows 7 PC Undergraduate Academic Affairs \ Student Affairs IT Services VPN and Remote Desktop Access from a Windows 7 PC Last edited: 1 December 2014 Contents Inform IT Staff... 1 Things to Note... 1 Setting Up

More information

Contents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS

Contents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS SonicOS User Identification Using the Domain Controller Security Log Contents Supported Platforms... 1 Event Viewer... 1 Configuring Group Policy to Enable Logon Audit... 2 Events in Security Log... 4

More information

Configuring and Monitoring Citrix Access Gateway-Linux Servers. eg Enterprise v5.6

Configuring and Monitoring Citrix Access Gateway-Linux Servers. eg Enterprise v5.6 Configuring and Monitoring Citrix Access Gateway-Linux Servers eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice.

More information

Name of the Project: e.g. Organization Development. By Roland Cheung @HKCERT

Name of the Project: e.g. Organization Development. By Roland Cheung @HKCERT Name of the Project: e.g. Organization Development By Roland Cheung @HKCERT Agenda Malware Trend Security Risk on Industry Sector Case Study Security Mitigations Malware Trend Reason Fun Profit Direct

More information

Use of Commercial Backup Software with Juris (Juris 2.x w/msde)

Use of Commercial Backup Software with Juris (Juris 2.x w/msde) Use of Commercial Backup Software with Juris (Juris 2.x w/msde) Juris databases hosted on a Microsoft SQL Server 2000 Desktop Engine (MSDE) instance can be backed up manually through the Juris Management

More information

Securing Remote Vendor Access with Privileged Account Security

Securing Remote Vendor Access with Privileged Account Security Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials

More information

Defender 5.7 - Token Deployment System Quick Start Guide

Defender 5.7 - Token Deployment System Quick Start Guide Defender 5.7 - Token Deployment System Quick Start Guide This guide describes how to install, configure and use the Defender Token Deployment System, based on default settings and how to self register

More information

Cloud Services ADM. Agent Deployment Guide

Cloud Services ADM. Agent Deployment Guide Cloud Services ADM Agent Deployment Guide 10/15/2014 CONTENTS System Requirements... 1 Hardware Requirements... 1 Installation... 2 SQL Connection... 4 AD Mgmt Agent... 5 MMC... 7 Service... 8 License

More information

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview

More information

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief Guide Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief October 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 21 Contents

More information

Xerox DocuShare Private Cloud Service. Security White Paper

Xerox DocuShare Private Cloud Service. Security White Paper Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard

More information

All your apps & data in the cloud, all in one place.

All your apps & data in the cloud, all in one place. The Cloud Desktop For Business Unify Your Business IT Experience All your apps & data in the cloud, all in one place. The Cloud Desktop houses all of your organization's applications and data in one easy-to-access

More information

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4 Page 1 Product Bulletin What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4 This document lists the new features available in Version 6.4 of the Secure Access SSL VPN product line. This

More information

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions Server Prerequisites Internet Information Server (IIS). It may be enabled in Windows Features (see Enabling IIS section).

More information

LifeCyclePlus Version 1

LifeCyclePlus Version 1 LifeCyclePlus Version 1 Last updated: 2014-04-25 Information in this document is subject to change without notice. Companies, names and data used in examples herein are fictitious unless otherwise noted.

More information

University of Maryland Active Directory Policies

University of Maryland Active Directory Policies University of Maryland Active Directory Policies Purpose of this policy Scope AD Forest Forest Schema & Data Visibility Account and Group Synchronization Account Creation and Password Forest Security Principle

More information

Active Directory Integration

Active Directory Integration Active Directory Integration Last updated March 2016 Contents Introduction:... 2 Administration configuration set up:... 2 Configuring for a single OU import... 3 User Importing... 3 Active Directory and

More information

Authentication Applications

Authentication Applications Authentication Applications CSCI 454/554 Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures Kerberos a symmetric-key

More information

Connecting to securevirtual Workspace

Connecting to securevirtual Workspace Connecting to securevirtual Workspace The following document provides information on connecting to securevirtual Workspace. This Document includes: Connecting Using Remote Desktop Connection (RDC) Connecting

More information

SAST, DAST and Vulnerability Assessments, 1+1+1 = 4

SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 Gordon MacKay Digital Defense, Inc. Chris Wysopal Veracode Session ID: Session Classification: ASEC-W25 Intermediate AGENDA Risk Management Challenges

More information

Lync SHIELD Product Suite

Lync SHIELD Product Suite Lync SHIELD Product Suite The Natural Solution For Securing Lync Connectivity For today s mobile enterprise, the need to connect smartphones to the corporate network has become a vital business requirement.

More information

Red vs. Blue: Modern Active Directory Attacks, Detection, and Protection Whitepaper

Red vs. Blue: Modern Active Directory Attacks, Detection, and Protection Whitepaper Red vs. Blue: Modern Active Directory Attacks, Detection, and Protection Whitepaper Author: Sean Metcalf CTO Dan Solutions, Inc. sean@dansolutions.com www.dansolutions.com ADSecurity.org Contents Introduction...

More information

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge Targeted Intrusion Remediation: Lessons From The Front Lines Jim Aldridge All information is derived from MANDIANT observations in non-classified environments. Information has beensanitized where necessary

More information

Windows servers. NT networks

Windows servers. NT networks Windows servers The NT security model NT networks Networked NT machines can be: Primary Domain controller Centralizes user database/authentication Backup Domain controller Domain member Non-domain member

More information

Multi-factor authentication

Multi-factor authentication CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

Agenda. How to configure

Agenda. How to configure dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services

More information

Note that if at any time during the setup process you are asked to login, click either Cancel or Work Offline depending upon the prompt.

Note that if at any time during the setup process you are asked to login, click either Cancel or Work Offline depending upon the prompt. USC Marshall School of Business Academic Information Services Configuring Outlook 2010 RPC Over HTTP Protocol For Windows 7 Home Computers or Wireless Laptops The steps in this document cover how to configure

More information

Comodo Endpoint Security Manager SME Software Version 2.1

Comodo Endpoint Security Manager SME Software Version 2.1 Comodo Endpoint Security Manager SME Software Version 2.1 Quick Start Guide Guide Version 2.1.111114 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Endpoint Security Manager - SME Quick

More information

Cyber Essentials KAMI VANIEA 2

Cyber Essentials KAMI VANIEA 2 Cyber Essentials DR. KAMI VANIEA KAMI VANIEA 2 First, the news Office of Personnel Management http://www.usatoday.com/story/news/politics/2015/06/23/op m-hack-senate-archuleta-hearing/29153773/ KAMI VANIEA

More information

Next Generation Jump Servers for Industrial Control Systems

Next Generation Jump Servers for Industrial Control Systems Next Generation Jump Servers for Industrial Control Systems Isolation, Control and Monitoring - Learn how Next Generation Jump Servers go beyond network separation to protect your critical infrastructure

More information

Windows Server 2008/2012 Server Hardening

Windows Server 2008/2012 Server Hardening Account Policies Enforce password history 24 Maximum Password Age - 42 days Minimum Password Age 2 days Minimum password length - 8 characters Password Complexity - Enable Store Password using Reversible

More information

Best Practices for PC Lockdown and Control Policies. By Dwain Kinghorn

Best Practices for PC Lockdown and Control Policies. By Dwain Kinghorn 4 0 0 T o t t e n P o n d R o a d W a l t h a m, M A 0 2 4 5 1 7 8 1. 8 1 0. 4 3 2 0 w w w. v i e w f i n i t y. c o m Best Practices for PC Lockdown and Control Policies By Dwain Kinghorn TABLE OF CONTENTS

More information

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see Deploy Inbox Rules below. Configure the E-mail Router After the E-mail Router has been installed, you can configure several aspects of it. Some of these configuration tasks are mandatory. Others are optional in that you use them

More information

User Guide. Version R91. English

User Guide. Version R91. English AuthAnvil User Guide Version R91 English August 25, 2015 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept EULATOS as updated from

More information

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,

More information

Best Practices for DanPac Express Cyber Security

Best Practices for DanPac Express Cyber Security March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction

More information

Network Security 1. Module 4 Trust and Identity Technology. Ola Lundh 070 69 86596 ola.lundh@edu.falkenberg.se

Network Security 1. Module 4 Trust and Identity Technology. Ola Lundh 070 69 86596 ola.lundh@edu.falkenberg.se Network Security 1 Module 4 Trust and Identity Technology Module 1 Trust and Identity Technology 4.1 AAA AAA Model Network Security Architecture Authentication Who are you? I am user student and my password

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

Chapter 1 Scenario 1: Acme Corporation

Chapter 1 Scenario 1: Acme Corporation Chapter 1 Scenario 1: Acme Corporation In This Chapter Description of the Customer Environment page 18 Introduction to Deploying Pointsec PC page 20 Prepare for Deployment page 21 Install Pointsec PC page

More information

Trusteer Rapport Virtual Implementation Scenarios

Trusteer Rapport Virtual Implementation Scenarios Trusteer Rapport Virtual Implementation Scenarios Technical White Paper Version 1.0 October 2012 new threats, new thinking Contents About this Document 1 1. Overview of Virtual Desktop/Machine Environments

More information

The VHD is separated into a series of WinRar files; they can be downloaded from the following page: http://www.scorpionsoft.com/evaluation/download

The VHD is separated into a series of WinRar files; they can be downloaded from the following page: http://www.scorpionsoft.com/evaluation/download Overview This document will serve as a quick setup guide to get the AuthAnvil Password Solutions virtual hard drive setup with Windows Hyper-V and Oracle Virtual Box. Downloading the VHD The VHD is separated

More information

Helpdesk Portal End User Guide

Helpdesk Portal End User Guide Helpdesk Portal End User Guide Contents Using the Portal... 3 Portal web page... 3 Log in... 3 Log out... 3 Managing your account... 4 Terminology... 4 Submit a ticket... 5 Help us to Help you... 6 Upload

More information