defence from incognito

[jd.mubix at gmail.com (Rob Fuller)]

Tokens area a core functionality of Windows, there isn't a way to
really 'fix' it. However there are group policy settings that limit
remote logon (and their token)'s validity time, as well as having
Domain Admins have separate accounts (std user + "admin") accounts
that they only use when they absolutely have to. Also, don't have
services running with Domain Admins ;-).

Hope some mitigations will suffice..


--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com
Ignore this:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*




On Wed, May 5, 2010 at 8:26 AM, Robin Wood <robin at digininja.org> wrote:
> Hi
> Has anyone got any good references I can pass on to clients I've owned
> through incognito? Beyond suggesting be careful who you log in as and
> using least privileges what else can I suggest?
>
> Robin
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com