Security Basics mailing list archives

RE: Unknown user found in AD and SonicWall

From: "Matan Hirom" <matan () hirom co il>
Date: Mon, 2 Jul 2012 10:30:13 +0300

Hey alex,

First, Try to  audit specific logon events on the DC's. you might want to
use an automatic task to collect the logs. That way you can see what the AD
user have been up to.
Second, what firewall do they have ? did they established a log server for
it? If so, try to correlate between the FW log and the AD log.

In a future look, you might want to suggest your client to establish "Honey
Pots" over the network. For example - monitoring an AD user with Domain
Admins permission and a weak password.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Alex Dolan
Sent: Monday, July 02, 2012 10:02 AM
To: security-basics () securityfocus com
Subject: Unknown user found in AD and SonicWall

In a recent audit of one of our clients networks, I came across a new user
in active directory, and a dial in access through the firewall.
It was " Syn IT development access"

The Program, Syn, is a legitimate program used by the client, so we called
the developers and they said the port is used on only special occasions,
none of which the client had ever needed.

What I want to set up is a trap-and-trace for the user, see where they are
connecting from and what they're getting up to.

Any suggestions on how to do this? OS is Windows server 2008R2

Thanks in advance

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate.  We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Unknown user found in AD and SonicWall Alex Dolan (Jul 02)
- Re: Unknown user found in AD and SonicWall Rob (Jul 02)
- RE: Unknown user found in AD and SonicWall Matan Hirom (Jul 02)
  - Re: Unknown user found in AD and SonicWall Keith Kooyman (Jul 03)