Page 5 - Cyber Warnings
P. 5
Veiled Vulnerability
AD
by Charles Parker, II
In this day, there are vulnerabilities throughout the environment. These are blatant with
malicious websites and more camouflaged as with phishing and ransomware. With another
unique view, these vulnerabilities may be external. There are attackers across the globe all with
one singular mission to attack you and compromise your system. These persons are actively
completing their reconnaissance and gauging the potential data to steal or analyzing the
possibility of a success ransomware attack.
The data having value may be the client list, employee listing, banking information, healthcare
records, and many other sources of data. The internal version of this is from the business
employees. The employees may click inadvertently or negligently on malicious websites or links.
This may create the opportunity for ransomware or scareware to infect the system. From this
door being opened by the unsuspecting employee, the attackers could abscond with trade
secrets, CAD schematics, or new technology.
To alleviate these issues to some extent, there are ample well-utilized remediation techniques,
including scanning for vulnerabilities and malware, log management, third parties conducting
pentests and vulnerability assessments, SIEM apps, log acquisition and analysis tools (e.g.
Splunk), and many other options.
There is however one area that is also pertinent, however has not garnered the attention the
other aspects and defensive measures have. This act of simply working with this is another tool
to secure the enterprise.
Active Directory (AD)
AD is in use in one form or another is most medium- and larger-sized businesses. This
application is exceptionally useful and functional.
This may be used with employees, in combination of employees and hardware, for tracing and a
number of other uses. If this is not fully used, the administrators are not actively using all of the
capabilities.
With AD, the normal usage includes setting up the new employee or making adjustments to the
employee’s record as needed. Each person’s role in the organization is different. This directly
impacts the person’s responsibilities, as part of their job. As each person has a unique role in
their group, the same set of rules should not be applied to everyone.
Granted applying a boilerplate set of rules to everyone, or all employees except the C-level, is
quicker and easier, however this would be mostly ill-advised.
5 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
