Privileged Account Discovery for UNIX



Similar documents
Discovery Guide. Secret Server. Table of Contents

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Secret Server Qualys Integration Guide

Laboration 3 - Administration

Install and configure SSH server

FREQUENTLY ASKED QUESTIONS

4. Getting started: Performing an audit

Network Load Balancing

Knowledge Base Article: Article 218 Revision 2 How to connect BAI to a Remote SQL Server Database?

USER GUIDE. Snow Inventory Data Receiver Version 2.1 Release date Installation Configuration Document date

Monitoring Clearswift Gateways with SCOM

How To - Implement Single Sign On Authentication with Active Directory

Novell ZENworks Asset Management 7.5

How To Install The Snow Active Directory Discovery Service On Windows (Windows) (Windows 7) (Powerbook) (For Windows) (Amd64) (Apple) (Macintosh) (Netbook) And (Windows

Tenable for CyberArk

Distributed convex Belief Propagation Amazon EC2 Tutorial

Contents. Introduction. Prerequisites. Requirements. Components Used

Post Exploitation. n00bpentesting.com

TELNET CLIENT 5.11 SSH SUPPORT

Penetration Testing Report Client: Business Solutions June 15 th 2015

Remote Access to Unix Machines

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

How to Tunnel Remote Desktop using SSH (Cygwin) for Windows XP (SP2)

Stratusphere UX Prerequisites & Preparation Overview. Stratusphere Requirements Stratusphere Hub Appliance (SHA)... 2

Configuring MailArchiva with Insight Server

IIS, FTP Server and Windows

Extending Remote Desktop for Large Installations. Distributed Package Installs

Lab 2: Secure Network Administration Principles - Log Analysis

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Using GhostPorts Two-Factor Authentication

Security Configuration Guide P/N Rev A05

INSTALLATION GUIDE. Snow License Manager Version 7.0 Release date Document date

Snow Active Directory Discovery

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

Integrating with IBM Tivoli TSOM

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

Network. Overview. LabTech

Step-by-step installation guide for monitoring untrusted servers using Operations Manager (Part 1 of 3)

Setup and configuration for Intelicode. SQL Server Express

Setting Up Scan to SMB on TaskALFA series MFP s.

Document Exchange Server 2.5

CLEARSWIFT SECURE Web Gateway HTTPS/SSL decryption

Scan to FTP Guide. Version 0 ENG

Using Device Discovery

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

USER GUIDE. Snow Inventory Client for Unix Version Release date Document date

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Defender Token Deployment System Quick Start Guide

Scan to FTP (File Transfer Protocol)

Integration Guide. SafeNet Authentication Client. Using SAC with Putty-CAC

SMART Vantage. Installation guide

1 Disabling Access to USB Mass Storage Devices

CREDENTIAL MANAGER IN WINDOWS 7

Paranet Solutions Network Discovery Client. Paranet Professional Services

SSH to Ubuntu Server Authenticating Users Using SecurAccess Server by SecurEnvoy

Installing and configuring Microsoft Reporting Services

How To Set Up The Barclaycard Epdq Cardholder Payment Interface (Cpi) On Papercut (Barclay Card) On A Microsoft Card (For A Credit Card) With A Creditcard (For An Account)

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N REV A01 January 14, 2011

Smart Card Authentication. Administrator's Guide

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments

Configuring High Availability for VMware vcenter in RMS Distributed Setup

Frequently Asked Questions for New Electric Mail Administrators 1 Domain Setup/Administration

Enabling Active Directory Authentication with ESX Server 1

Secure Messaging Server Console... 2

Rebasoft Auditor Quick Start Guide

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Apache Server Implementation Guide

vrealize Air Compliance OVA Installation and Deployment Guide

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

How do I load balance FTP on NetScaler?

Creating a DUO MFA Service in AWS

Installing and Configuring vcenter Multi-Hypervisor Manager

Google Drive. Administrator's Guide

Quick Scan Features Setup Guide

Using Internet or Windows Explorer to Upload Your Site

Smart Card Authentication Client. Administrator's Guide

NovaBACKUP xsp Version 15.0 Upgrade Guide

Penetration Testing Report. Client: xxxxxx Date: 19 th April 2014

SSH access to databases at DIMDI

Secret Server Installation Windows Server 2012

Agent Configuration Guide

Computer networks - Administration 1DV202 Lab 2 Monitoring a small network

Linux Network Security

Quick Start Guide. Sendio System Protection Appliance. Sendio 5.0

Establishing two-factor authentication with Check Point and HOTPin authentication server from Celestix Networks

Tunnel VNC through SSH Tutorial Version 1

Managing UNIX Generic and Service Accounts with Active Directory

OneLogin Integration User Guide

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE

XIA Configuration Server

Installing GFI FAXmaker

Veeam Task Manager for Hyper-V

Securing Windows Remote Desktop with CopSSH

Creating an ESS instance on the Amazon Cloud

How To - Implement Clientless Single Sign On Authentication with Active Directory

RP Pocket PC Scanner Reference Manual For PPT8800

EMR Link Server Interface Installation

Using GhostPorts Multi-Factor Authentication

OnCommand Performance Manager 1.1

Transcription:

Prerequisites The UNIX Free Discovery Tool runs on the following operating systems and frameworks: Windows 7, 8, 8.1, and 10.NET Framework 4.5.1 or higher Scan Credentials The credentials used to scan for account need access to the following files on the UNIX machine in order to retrieve all of the needed information for the accounts on that machine. SUDO /etc/passwd /etc/shadow (Mostly Debian) /etc/master.passwd (Mostly BSD) /etc/group /etc/login.defs The UNIX Free Discovery Tool attempts to read the files on the system using the privileges that the logged in user has. If the user is unable to read a file then it will attempt to read it using sudoer privileges. However, the sudoer must be able to perform the action without a prompt for password. This is done to help ensure that passwords are not passed to a terminal where they could be recorded. Authentication with Keys The UNIX Free Discovery Tool allows for users to connect via public key authentication. This can be done by providing the private key and passphrase in the privileged credentials list of the application. The application supports loading of standard PEM and PuTTY PPK keys. Ports The Discovery scan makes use of the standard SSH TCP port to connect to the target UNIX machines and scan for local accounts. Traffic Type Ports Used SSH 22 Digest Whitelist The UNIX Free Discovery Tool provides the ability for users to provide a map of IP addresses and their associated SSH server host key digests. This allows the UNIX Free Discovery Tool to check if the machine it is connecting to is a known and trusted host helping prevent Man-in-the-Middle attacks. If the host is not in the digest whitelist the tool will stop authentication to that machine and record it is an untrusted computer on the network after the full Page 1

Discovery is complete. This feature is particularly useful for discovering possible malicious hosts or Honeypots on a network that are attempting to steal user credentials or reroute traffic while stealing data. This feature may also be used as a quick way to verify the current SSH host key digests on the network. To use this feature add a KeyDigests.txt file in the same directory as the UNIX Free Discovery Tool executable. To enable the whitelisting, add at least one entry. Each entry must be on its own line and in the format of an IP address comma separated with a SHA-1 SSH host key digest. For example: 192.168.1.5, 00:01:02:03:04:05:06:07:08:09:0A:0B:0C:0D:0E:0F Page 2

Walkthrough After downloading the Discovery Tool, unzip it and run ThycoticPrivilegedAccountsDiscoveryForUnix.exe. Privileged Credentials In the first step, you will need to enter credentials that will be used to connect to discovered UNIX machines. If there are multiple different sets of usernames/passwords that are used for UNIX machines on your network, you can enter multiple accounts. These will be used for scanning but are not saved by the privileged account scanner tool. When scanning, the tool will attempt to authenticate with each account on each computer discovered. The end report will state which account worked for each UNIX machine. Privileged Credentials Scan Settings Scan Settings For running the scan, you can choose which IP address ranges you would like to scan for UNIX machines. The IP Address range can either be a list of single IP addresses, or any combination of lines in the following format. 10.0.0.1/24 10.10.10.1-100 10.10.11.1-10.10.12.255 Page 3

Discovering Accounts Before starting the scan, review the number of computers the discovery tool retrieved from the initial machine scan based on the list of IP addresses you listed to scan. Once you have confirmed that the settings look correct, click Start Scan. While the scan runs, you will see the number of computers scanned progress. You can stop the scan at any point and generate the reports based off of the accounts discovered so far. Note The time to complete the scan will vary based on network latency, number of machines, and how many machines actually exist. Testing in a large environment resulted in a scan of approximately 1,000 UNIX machines in slightly under an hour. Results Once the scan is completed, you can generate the executive summary report and the detailed CSV reports. Just enter a company name and click Generate Reports. Page 4

The reports will be created in a folder you choose and include the following files: File (Local Accounts)ThycoticUnixAccountAnalysis.csv (Secret Server Import)ThycoticUnixAccountAnalysis.csv ThycoticUnixAccountAnalysis.html ThycoticUnixAccountAnalysis.pdf (Untrusted Computers)ThycoticUnixAccountAnalysis.csv Description Detailed inventory of local accounts discovered List of accounts in a format that can be used to import into Thycotic Secret Server Summary report of findings Summary report of findings (Optional) A list of computers found that were not on the whitelist of thumbprints or did not match. This file will only appear if the thumbprint whitelist is provided. FAQs Q: What can I do to increase the security of the scan? A: The first and foremost way to ensure the security of the authorized privileged accounts is to use Digest Whitelisting. By using the whitelist of trusted machines, the tool will not present authentication tokens to potentially malicious machines. The next step is to use privileged accounts with appropriate permissions. It is recommended to use sudoers that have no password access to just the cat command. Q: How long will it take to scan my domain? Page 5

A: The time to discover accounts will vary depending on network latency and number of machines that respond. A test environment of approximately 1,000 UNIX machines took 50 minutes. We recommend testing out your scan first on a smaller IP address range to get a sense of time and results before scanning a larger range or your full network. Q: The PDF report has inconsistent margins or page breaks. A: Depending on some display drivers, or screen resolutions, you may see a margin in the PDF report. Either run the scan from a different machine or use the HTML version. The HTML file is the exact same information as the PDF. Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information