PaulDotCom mailing list archives
defence from incognito
From: jd.mubix at gmail.com (Rob Fuller)
Date: Fri, 7 May 2010 15:50:22 -0400
Tokens area a core functionality of Windows, there isn't a way to really 'fix' it. However there are group policy settings that limit remote logon (and their token)'s validity time, as well as having Domain Admins have separate accounts (std user + "admin") accounts that they only use when they absolutely have to. Also, don't have services running with Domain Admins ;-). Hope some mitigations will suffice.. -- Rob Fuller | Mubix Room362.com | Hak5.org | TheAcademyPro.com Ignore this: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* On Wed, May 5, 2010 at 8:26 AM, Robin Wood <robin at digininja.org> wrote:
Hi Has anyone got any good references I can pass on to clients I've owned through incognito? Beyond suggesting be careful who you log in as and using least privileges what else can I suggest? Robin _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- defence from incognito Robin Wood (May 05)
- defence from incognito Rob Fuller (May 07)
- defence from incognito Robin Wood (May 07)
- defence from incognito Rob Fuller (May 07)