BP Brochure
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Security Starts with the Basics<br />
Despite the mediocre results realized from significant investments in perimeter, network, and endpoint<br />
security defenses, many organizations can’t seem to come to the realization that their lack of<br />
success stems from focus on the wrong attack paths.<br />
Like most things, the solution to this problem starts with the basics; proper configuration of critical<br />
security settings and visibility into the tell-tale signs of breach. All the controls you need are already<br />
built in to what you’re trying to secure, you just have to make sure they’re turned on and configured<br />
properly.<br />
To help shine a light on where you’re most vulnerable, STEALTHbits has engineered a comprehensive<br />
set of security configuration and best practices checks for your Windows infrastructure into one, easyto-use<br />
assessment. In minutes, you’ll have clear insight into the security stature of the most critical<br />
configurations within Active Directory and your Windows Server infrastructure; configurations every<br />
attacker aims to exploit.<br />
Explore our report set and why each is critical to a layered, proactive security program.<br />
Domain Controller Logon Rights……………………………………………………………………………………………………………… 3<br />
DSRM Admin Security……………………………………………………………………………………………………………………………… 4<br />
Potential Plaintext Passwords…………………………………………………………………………………………………………………. 5<br />
AD Extended Rights…………………………………………………………………………………………………………………………………. 6<br />
Additional LSA Protection………………………………………………………………………………………………………………………. 7<br />
Restrict Anonymous Access……………………………………………………………………………………………………………………. 8<br />
Security Support Providers…………………………………………………………………………………………………………………….. 9<br />
WDigest Settings……………………………………………………………………………………………………………………………………… 10<br />
All Installed Applications……………………………………………………………………………………………………………………….. 11<br />
Run at Boot……………………………………………………………………………………………………………………………………………. 12<br />
Scheduled Tasks…………………………………………………………………………………………………………………………………….. 13<br />
Local Administrators……………………………………………………………………………………………………………………………… 14<br />
Microsoft LAPS Overview……………………………………………………………………………………………………………………….. 15<br />
Suspicious PowerShell Commands…………………………………………………………………………………………………………. 16<br />
Toxic Conditions……………………………………………………………………………………………………………………………………… 17<br />
Password Status……………………………………………………………………………………………………………………………………… 18<br />
2
Domain Controller Logon Rights<br />
Description: The Domain Controller Logon Rights report identifies potential vulnerabilities in enterprise privileged<br />
identities. Many organizations focus only on well-known privileged groups like Enterprise Admins/Domain Admins/<br />
Administrators, and forget or neglect to acknowledge that other groups can also allow interactive logon to Domain<br />
Controllers; a right that a select few in any organization should have.<br />
Impact: Not knowing who has this level of privilege results in an inability to protect privileged identities and any<br />
assets they can provide access to. It also equates to a significant blind-spot within any Privileged Identity Management<br />
program.<br />
3
DSRM Admin Security<br />
Description: The DSRM Admins report highlights potential vulnerability in the DSRM account, as it is the only real<br />
privileged “local” account on a Domain Controller.<br />
Impact: Because DSRM passwords aren’t controlled by policy, DSRM passwords are often never or rarely changed.<br />
Understanding if the DSRM account can log on to the Domain Controller interactively, versus in DSRM recovery mode,<br />
is a critical configuration to understand as the use of this account in a non-recovery mode indicates attacker activity.<br />
4
Potential Plaintext Passwords<br />
Description: This report produces results corresponding to searches performed for potential password<br />
vulnerabilities.<br />
Impact: Admins are notorious for pushing down local admin passwords via scripts or CMD/SYS files. These<br />
passwords are often stored in clear text within XML files. Being that Microsoft published the AES private key on MSDN,<br />
attackers are able to find and decrypt passwords stored in this manner, without elevated rights.<br />
5
Active Directory Extended Rights<br />
Description:<br />
Impact:<br />
6
Additional LSA Protection<br />
Description:<br />
Impact:<br />
7
Restrict Anonymous Access<br />
Description:<br />
Impact:<br />
8
Security Support Providers<br />
Description:<br />
Impact:<br />
9
WDigest Settings<br />
Description:<br />
Impact:<br />
10
All Installed Applications<br />
Description:<br />
Impact:<br />
11
Run at Boot<br />
Description:<br />
Impact:<br />
12
Scheduled Tasks<br />
Description:<br />
Impact:<br />
13
Local Administrators<br />
Description:<br />
Impact:<br />
14
Microsoft LAPS Overview<br />
Description:<br />
Impact:<br />
15
Suspicious PowerShell Commands<br />
Description:<br />
Impact:<br />
16
Toxic Conditions<br />
Description:<br />
Impact:<br />
17
Password Status<br />
Description:<br />
Impact:<br />
18
About STEALTHbits<br />
Identify threats. Secure data. Reduce risk.<br />
STEALTHbits Technologies is a data security software company focused on protecting an organization’s credentials<br />
and sensitive information. By removing inappropriate data access, enforcing security policy, and detecting<br />
advanced threats, we reduce security risk, fulfill compliance requirements and decrease operations expense.<br />
19
20