Clean up stale objects – By reducing the number of stale objects in AD, the attack surface can also be reduced by eliminating objects that can be exploited by a hacker
Don’t use complex passwords – Complex passwords are better than simple, easily guessed passwords, but not as good as complex easy to remember passphrases like Boat2open!Friday
Don’t let employees have admin accounts on their workstations – If an attacker compromises a workstation, having local admin access will make lateral movement easy. Most end users do not need to install additional software on their machines, and therefore, do not need admin permissions
Lock down service accounts – Service accounts are frequently targeted by hackers due to their elevated privileges. Take a look at them and restrict their permission as much as possible
Eliminate permanent membership in security groups – Make all membership in important security groups like Enterprise Admin, Schema Admin and Domain Admin temporary. A breach to one of these will seriously compromise an organization
Interested in learning more? Read the full blog post here for a detailed write up on each of these tips as well as one bonus tip!
Powered by DraculApp © All Rights Reserved
All product names, logos, and brands are property of their respective owners. All company, product and service names in this website are for identification purposes only.