Predavač: Aram Kanjić. Računi sa širokim ovlastima nad kritičnim sustavima organizacije.  Daju pristup:  Operativnim sustavima  LDAP/AD servisi  Bazama.

Slides:



Advertisements
Similar presentations
The following is intended to outline our general product direction
Advertisements

Copyright line. Configuring Server Roles in Windows 2008 Exam Objectives New Roles in 2008 New Roles in 2008 Read-Only Domain Controllers (RODCs) Read-Only.
Auditing Microsoft Active Directory
© 2010 Quest Software, Inc. ALL RIGHTS RESERVED Quests solutions for Windows Management Lee Elliott & Jonathan Culver – Technical Account Managers Windows.
Security for Mobile Devices
Mobile Device Protocol Sunil Vallamkonda 11/19/2012.
Eric J. Oszakiewski MCTS: SharePoint Application Development SharePoint Configuration.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Welcome to the GIG Event 1. MICROSOFT ACTIVE DIRECTORY SERVICES Presenter: Avinesh MCP, MCTS 2.
BalaBit Shell Control Box
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Privileged Account Management Jason Fehrenbach, Product Manager.
COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
1 The New Cyber Battleground: Inside Your Network Chad Froomkin Major Account Executive Southeast.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Single Identity – Multiple services how do I stay compliant? Wade Tongen NA Commercial SE.
Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.
DPM v1 Disk-based replication of files End-user Restore without Help Desk Centralized Backup of Branch Office DPM v2 Seamless Disk- and Tape-protection.
Directory services Unit objectives
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Your storage on the ground; Your files in the cloud.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
CN1276 Server (V3) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
W2k Security At FNAL Jack Schmidt FNAL W2K Migration Working Group Chair April 16.
Part I.  NOS  Directory Data Store(directory service, database)  Located on Domain Controllers (DCs), globally distributed, replicated (no longer PDCs/BDCs)
Dell Connected Security Solutions Simplify & unify.
Netwrix product briefing n4.0 Unified Auditing for Critical IT Systems.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
Brandon Traffanstedt Systems Engineer - Southeast
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Operating System Hardening. Vulnerabilities Unique vulnerabilities for: – Different operating systems – Different vendors – Client and server systems.
Module 7: Designing Security for Accounts and Services.
Chapter 6 Server Management: Domains Workgroup Domain Trust Relationship Examples.
Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Stopping Attacks Before They Stop Business
Basharat Institute of Higher Education
Performing Risk Analysis and Testing: Outsource or In-house
Tactic 1: Adopt Least Privilege
O365 & AZURE ADDS Mladen Baranek, Miadria
Microsoft /20/2018 9:26 AM BRK1037 Win the IT security battle: automate password changes, privileged access & Minimize Cyber Losses Christopher.
#ISUCIT.
Active Directory Administration
MCSA VCE
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
BOMGAR REMOTE SUPPORT Karl Lankford
Dynamic DNS support for EGI Federated cloud
Server Security Policy
Company Overview & Strategy
PRIVILEGED ACCOUNT ABUSE
Offices: DC, London, Sydney
User Monitoring Appliance Secures Microsoft Azure by Auditing Privileged Users in the Cloud “Microsoft Azure provides an easily accessible platform for.
Brandon Traffanstedt Systems Engineer - Southeast
Protecting your data with Azure AD
ACTIVE DIRECTORY An Overview.. By Karan Oberoi.
Information Protection
Features Overview.
Hush Smart Baby Monitor Exploit
SharePoint Server Assessment Results
System Administration (LTAT )
Information Protection
Presentation transcript:

Predavač: Aram Kanjić

Računi sa širokim ovlastima nad kritičnim sustavima organizacije.  Daju pristup:  Operativnim sustavima  LDAP/AD servisi  Bazama podataka  Aplikacijama  VM  Backup  SAN/NAS ...  Koliko ih ima?  Procjena: na 4 admina sa 100 servisa = 400  Tko ima pristup?

Prijetnje “Cyber Crime costs can range from $1M to $52M per year per company” Ponemon Institute, First Annual Cost of Cyber Crime Study, July 2010 “Cyber Crime costs can range from $1M to $52M per year per company” Ponemon Institute, First Annual Cost of Cyber Crime Study, July Insiders >Insiders have 2 things hackers don’t: access and trust >Malicious insider attacks can take up to 42 days or more to resolve ( Ponemon Institute, July 2010) Regulativa > Compliance and audit questions are going deeper and wider > On average, non-compliance cost is 2.65 times the cost of compliance (Ponemon Insititute, The True Cost of Compliance, Jan 2011) Cloud Computing > CIO Survey: Security is the single biggest barrier to cloud computing adoption > Migrating to the cloud means losing control over the human factor Vanske prijetnje > Better planned, sophisticated and targeted attacks > Targeting the most valuable assets > Go after the most powerful privileged system accounts

ŠTO ŠTITIMO?KAKO?  Povjerljivost  Integritet  Raspoloživost  Sastav  Distribucija i prijenos  Pohrana  Istek  Promjena  Nadzor

 Discover all privileged accounts across datacenter  Manage and secure every credential  Enforce policies for usage  Record and monitor privileged activities  React and comply

 Rješenja:  Dijeljeni računi  Svatko svugdje  Specijalizirano rješenje

'=============================================== 'Rand - Return a random number in a given range. 'Create "random" password '=============================================== Randomize 'init random number seed High = 9999 ' high number value Low = 2 'low number value Rand = Int((High - Low + 1) * Rnd) + Low strpassword = "Secret" & Rand '=============================================== 'Change password '=============================================== strUser = fullusername 'Enter full name of username strOU = userou 'Enter OU where user's account resides here Set objUser = GetObject("LDAP://CN=" & strUser & ",OU=" & strOU & ",DC=testdomain,DC=local") objUser.SetPassword strpassword '=============================================== 'SEND '=============================================== Set obj = CreateObject("CDO.Message") obj .From = obj .To = obj .Subject = "PASSWORD CHANGED" obj .Textbody = "The password for jsmith has been changed to " & strpassword obj .Configuration.Fields.Item _ (" = 2 obj .Configuration.Fields.Item _ (" = _ "nycexch02" obj .Configuration.Fields.Item _ (" = 25 obj .Configuration.Fields.Update obj .Sendhttp://schemas.microsoft.com/cdo/configuration/sendusinghttp://schemas.microsoft.com/cdo/configuration/smtpserverhttp://schemas.microsoft.com/cdo/configuration/smtpserverport

 PsPasswd  PsPasswd \\computer -u username -p password Username Newpassword  \\*  net user  user_name * /domain  \\ username  dsquery user -samid DoeJ | dsmod user -pwd Pa$$word1!

Unified Workflows for Accessing Privileged Accounts 9 External Vendors Unix Admins Business Applications Auditor/ Security & Risk Privileged Identity Management Suite Networ k Devices Virtual Servers Windows Window s Servers Unix Linux Unix /Linux Servers AS400 iSeries Mainframes Databases Applications Security Appliances OS390 zSeries Mainframes AIM Workflow Windows Admins DBAs VM Admins SSH / X / Telnet OPM Workflow AIM Workflow EPV Workflow Monitoring & Reporting Workflow

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.