OK, so the quote is not exactly correct.
When dealing with a large network, you will often run into a problem with local admin access to a desktop. Which is to say, normal routine is to disable such accounts (a good idea) and use some sort of network based desktop admin account. That works, so long as the machine is authenticating to the network. What happens when that fails?
In many organizations they set a password for a local admin account that can be computed per-device off of the asset tag. Which is great, but what happens when a team member leaves the IT dept? Do you change the way its computed and then change all those local passwords? What happens if you miss one? How about when you have one person leave per month for three months?
Well, there is an answer. Its not perfect but its pretty damn good. Its SHIPS.
SHIPS stands for Shared Host Integrated Password System which tells you someone really wanted the acronym to spell ships. SHIPS is a system that automatically changes local admin passwords on Mac, Windows and Linux. It keeps track of current and past passwords, changes them regularly, keeps track of who checked them out and allows for full accountability.
Its the free Thycotic for the local admin accounts.
Its a great tool and an excellent addition to the IT Security toolbox.
(the install manual is here)
Wednesday, March 30, 2016
DNS?
Are you watching your DNS logs?
It is rare for anyone in your environment to look for a domain with more than 20 characters in its name. Actually, most have 8 characters according to this slightly out of date bit of research.
All of which means that if you see a spike in requests for LOONG name lookups, something is wrong.
The only way to tell is to look over your DNS logs, or even better have your log system (Elastic anyone?) alert you when it sees such lookups.
Dave Piscitello goes into it further here, but the basics are to monitor who is making what kinds of calls to your DNS and how often.
It is rare for anyone in your environment to look for a domain with more than 20 characters in its name. Actually, most have 8 characters according to this slightly out of date bit of research.
All of which means that if you see a spike in requests for LOONG name lookups, something is wrong.
The only way to tell is to look over your DNS logs, or even better have your log system (Elastic anyone?) alert you when it sees such lookups.
Dave Piscitello goes into it further here, but the basics are to monitor who is making what kinds of calls to your DNS and how often.
Subscribe to:
Comments (Atom)