Archive for the ‘Auditing’ Category

According to the 2019 Data Exposure Report (DER), commissioned and published by Code42, employees are still considered to be the #1 cause of data breaches. The survey was carried out by independent UK-based research group, Sapio Research, and included 1,028 IT security professionals and 615 business executives from companies across Europe and the United States. When questioned about whether they had experienced a breach, and what they thought was the … Read more

Monitoring file activity is not as straight forward as it sounds. After all, in order to detect and respond to suspicious or troublesome file activity, we need to know in advance what it is we are actually looking for. Below are 8 of the most common scenarios that can compromise either the security or integrity of our critical files, along with a brief summary describing how LepideAuditor can help us … Read more

In this blog, we will be going through how the AdminSDHolder object in Active Directory can be used in Active Directory attacks. We will also go through what you can do to help defend against AdminSDHolder attacks and how LepideAuditor can help make this process easier. What is an AdminSDHolder? Essentially, the AdminSDHolder is an object in Active Directory that acts as a security descriptor template for protected accounts and … Read more

Disclaimer – the perfect overall security strategy will include endpoint security. I am in no means saying that endpoint security is worthless. However, in this article I will attempt to justify why I think it is far more beneficial to look at your security strategy from a data-centric standpoint. I believe that many organizations are still adopting old methods of data protection, believing that firewalls, anti-virus and network access controls … Read more

First things first, what is Group Policy? Group Policy is a feature of Windows that facilitates a wide variety of advanced settings that network administrators can use to control the working environment of users and computer accounts in Active Directory. It essentially provides a centralized place for administrators to manage and configure operating systems, applications and users’ settings. Group Policies, when used correctly, can enable you to increase the security … Read more

Active Directory plays such an important part in the makeup of most organizations’ IT infrastructure, that it automatically becomes the first target for attackers. If an attacker gets into one of your user accounts, any you don’t know that it’s happened, it’s only a matter of time before you are the victim of a disastrous data breach (especially is this user account has special privileges). Understanding LDAP plays an important … Read more

Recently we published a blog about five key PowerShell commands that you need to help you better manage Active Directory. As this blog was so well received, we decided to do a follow up. If you want to read the original blog, then click here. Before We Begin Before you get started, you’re going to have to import Module Active Directory. Without importing the corresponding module into the PowerShell session, … Read more

PowerShell was developed so that IT operations and administrative tasks in operating systems like Active Directory could be drastically simplified and automated to save huge amounts of time and effort. PowerShell is able to integrate with services and applications to help administrators get complete control over the management of both clients and servers. With every new update of the underlying framework, PowerShell becomes more advanced and more features become available. … Read more

Auditing any of your critical IT infrastructure is a process that involves collecting information into readable reports, analyzing those reports and taking the required action to ensure the security and integrity of that system. Group Policy is no different. For effective Group Policy Auditing, you need to be able to report on changes in such a way that enables you to take the right steps to ensure restrictions and controls … Read more

Both share and NTFS permissions serve the same purpose within Windows environments; namely, to help you prevent unauthorized access to your critical folders. However, there are some critical differences between the two that will determine which one you use. In this blog we will learn about what share permissions and NTFS permissions are, what the differences between the two are and the best practices for using them. What Are Share … Read more