What is the best way to discover admin, root and other privileges in an organization?

Toggle sidebar Toggle sidebar
M

motleyblush

Junior Member
Nov 7, 2016
20
0
6
What is the best way to discover admin, root and other privileges in an organization? We want to onboard all privileged accounts and assets, so we could deliver unmatched visibility and control over the IT environment as well as to avoid breaches of sensitive systems and data.
 

Elixer

Lifer
May 7, 2002
10,376
762
126
You don't mention OS or environment, so do a security audit for starters.
And by the lack of details in the initial post, I recommend you hire pros to do it.
Don't forget to air gap sensitive systems.
 

Gunbuster

Diamond Member
Oct 9, 1999
6,852
23
81
I applaud you ratcheting up to "unmatched visibility and control" immediately on a subject you know nothing about. Dream big buzzword typist.
 

John Connor

Lifer
Nov 30, 2012
22,840
617
121
You can WAF and firewall the crap out of it all, but your biggest single point of failure will be the user. i.e, E-mail, web surfing, etc.

But I do recommend you patch any and all bugs no matter how small. Stay abreast of this and perhaps create a few honey pots.
 

PliotronX

Diamond Member
Oct 17, 1999
8,883
107
106
As far as vulnerability assessment goes, I liked Nessus Professional when we tried it out but I can't recall if it attempts credentials. Qualys has a great VA tool but quite expensive. Come to think of it, most windows based VA tools are expensive but a lot less expensive than hiring someone. You can use their reporting features to show with followup scans that vulnerability remediation is being aggressively pursued (which is what our MSP is planning to do). I am trying to think of the catch for scanning for default passwords, something like accompanying public keys for SSH or domain credentials to check LDAP.. If you find a suitable solution lemme know because I am interested especially if it doesn't cost as much as a car per year.

Oh I just remembered, we have been using a Netwrix tool for password compliance with domain accounts. I don't know if it will do IoT. The qualys software did check Cisco devices for common passwords.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |