Archive for the ‘Auditing’ Category

Audit changes to Group Policy to stay secure and provide continuity of IT services. Group Policy is a critical component of Windows Server Active Directory (AD). It can be used to manage the user and system configuration of servers and end-user devices, including registry settings, user environment setup, security, and software configuration. As a powerful tool that can help organizations standardize system configurations across their environment, it also comes with … Read more

Auditing file and folder accesses on Windows File Servers enables you to see whether any users are accessing or trying to access resources without authrization. A large proportion of organisations are not making the most of file server auditing, choosing to stick to native auditing processes which can be both time-consuming and complex. At Lepide, we recommend deploying a third-party solution (obviously…), such as LepideAuditor. With an increasingly mobile workforce … Read more

Windows File Server act as a repository of files and folders, which can be accessed by many users. Though there are many benefits to a collaborative work environment, preventing unauthorized access by tracking permissions to shared folders can become tricky. In this article, we will show you how to detect shared folder permissions on Windows File Server using our award-winning LepideAuditor. Why is it important to track shared folder permissions … Read more

People generally think that auditing and monitoring are the same thing and, in some ways, they are. The differences between them are subtle, but important none-the-less. In short, auditing is done by auditors, and it is the auditors responsibility to make use of the available technology to aggregate and present the log data in a way that that can be understood and “monitored” by administrators and managers. While most modern … Read more

Misconfigured Domain Controllers (DCs) present a major security risk for Active Directory. To ensure that your Domain Controllers are configured correctly, you will need to closely review the default Domain Controller Policies, create Domain Controller GPOs (Group Policy Objects) and configure Group Policy Settings. Your policy will need to include patching and protecting Domain Controllers, and include an effective DC auditing strategy for monitoring and reporting changes to event logs. … Read more

Unlike an Information Security Analyst, to be a professional IT auditor, you are not strictly required to have an in-depth understanding of your operating system, nor do you need to be a hacker to be able to audit the files, folders and permissions on your network. However, it is imperative that the auditor knows exactly what they are auditing, which does require a high level of technical knowledge. There are … Read more

Attackers are persistent in their pursuit to compromise Active Directory services due to their role in authorising access to critical and confidential data. As organisations expand, their infrastructure becomes increasingly more complex, which makes them a lot more vulnerable to attack as it is harder to keep track of important system changes, events and permissions. It’s also becomes a lot harder for organisations to determine where their sensitive data is … Read more

Configuration drift is a naturally occurring phenomenon whereby configuration items (CIs), such as computers or devices on an organisation’s network, drift towards an inconsistent state. This problem occurs on both private and cloud-based networks. While there are a number of causes of configuration drift, it’s essentially the result of conflicting changes made to device’s, software, services and configuration files, which are not systematically monitored by the IT department. It is … Read more

The overall cost to the UK economy from cyber-crime alone is well over £20 billion, and businesses are the ones that feel the effects the most. Every year we see stories of network attacks, yet it appears that many businesses are still not taking steps to mitigate the risks. Surveys suggest that most companies that face a significant security breach go out of business within a year. The average cost … Read more

In many organizations, servers are managed without any oversight, and this often leads to unwanted configuration changes. Here are three reasons why you should consider implementing change control in your business, no matter how large or small. Change control is a business process that aims to ensure a systematic approach is taken to making configuration changes to IT systems. But many organizations don’t have a process for managing IT change, … Read more

Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2017 Lepide Software Private Limited. All Trademarks Acknowledged.