PaulDotCom mailing list archives
defence from incognito
From: robin at digininja.org (Robin Wood)
Date: Fri, 7 May 2010 23:29:46 +0100
On 7 May 2010 20:50, Rob Fuller <jd.mubix at gmail.com> wrote:
Tokens area a core functionality of Windows, there isn't a way to really 'fix' it. However there are group policy settings that limit remote logon (and their token)'s validity time, as well as having Domain Admins have separate accounts (std user + "admin") accounts that they only use when they absolutely have to. Also, don't have services running with Domain Admins ;-). Hope some mitigations will suffice..
That is kind of the conclusions I came to talking to friends. Its hard to tell a client that you just popped their box through cached credentials and tell them that there isn't much they can do as it is a windows feature. Oh well, glad I'm not missing something obvious. Robin
-- Rob Fuller | Mubix Room362.com | Hak5.org | TheAcademyPro.com Ignore this: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* On Wed, May 5, 2010 at 8:26 AM, Robin Wood <robin at digininja.org> wrote:Hi Has anyone got any good references I can pass on to clients I've owned through incognito? Beyond suggesting be careful who you log in as and using least privileges what else can I suggest? Robin _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- defence from incognito Robin Wood (May 05)
- defence from incognito Rob Fuller (May 07)
- defence from incognito Robin Wood (May 07)
- defence from incognito Rob Fuller (May 07)