Eliminating Plaintext Passwords With Microsoft Advanced Threat Analytics Using LDAP

Happy New Year to everyone!

 To start off 2017 on an easy note, have a look at this article regarding the use of Microsoft Advanced Threat Analytics (ATA) to identify those applications and services that may still be sending passwords in plaintext in your network environment.  This is typically the result of simple LDAP binds being used for authentication purposes, which exposes your environment to attacks focused on privilege escalation.

 https://blogs.technet.microsoft.com/enterprisemobility/2017/01/09/eliminating-plaintext-passwords-with-microsoft-advanced-threat-analytics-using-ldap/

Comments

  1. alvinaJuly 27, 2019 at 10:38 PM

    Very informative blog... Advanced threat analytics provides real-time analysis of user activity and identifies and flags any activity considered anomalous.

    ReplyDelete

Post a Comment

Popular posts from this blog

Microsoft Customer Guidance for WannaCrypt Attacks

As you no doubt are aware, the WannaCrypt attacks over the last couple of weeks have been quite pervasive. Microsoft has provided some guidance on the WannaCrypt attacks that I thought you should be aware of, both for Azure as well as on-premises. https://azure.microsoft.com/en-us/blog/wannacrypt-attacks-guidance-for-azure-customers/ https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ Of note, Microsoft has released security patches for OS versions that are no longer in mainstream support, i.e. Windows XP, Windows 8 and Windows Server 2003.
Read more

ILM 2007 Certificate Management Customizations

ILM 2007, through its Certificate Management solution, or Certificate Lifecycle Manager (CLM) as it used to be known, allows an organization to manage credentials within their Windows Server 2003 and 2008 certification authorities. It acts like an administrative proxy, allowing you issue and manage digital certificates and smartcards through a web interface. The solution provides three different APIs (i.e. Provision, SQL and Notification) and a number of customizable interfaces, all of which allow you to customize CLM. This gives you the ability to greatly extend and expand the product's capabilities. For an overview of these APIs and interfaces, have a look at the Certificate Lifecycle Manager Overview on MSDN. Over the next few postings, I'll be looking at these APIs and interfaces in greater detail, to show you how they work and how they could be put to use in your CLM deployment. And I'd like to add a quick shout-out to David Lundell, over at ILM Best Practices , f
Read more