May 2, 2019 Training Users on Password Management - WST Passwords are the bane of our existence, and with the number of logins required by employees to do their jobs, it can be overwhelming. While institutions are training their users on creating strong passwords, are any training their users on how to manage them? Using a (unique) memorable passphrase would be ideal for each login, however, remembering all those phrases or passwords gets difficult after a while. Users will likely want to either reuse their passwords or write them down somewhere. Training users to use a password [...]
About Daniel SheridanThis author has not yet filled in any details.
So far Daniel Sheridan has created 3 blog entries.
What’s in a Penetration Test? Penetration testing has become a standard requirement for the majority of our clients, and there are myriad factors that go into a successful penetration testing engagement for both the client and the evaluator. Let’s take a look at what commonly comprises a penetration test, and the related testing actions that are performed. External Penetration Testing This is generally the type of test people think of when they hear about a Penetration Test. An External Penetration Test is a simulated cyber-attack launched against the target institution and may include both technical and social engineering methods. The [...]
50 Shades of Administration During our work, both our auditors and engineers have noticed a common issue our clients large and small have – overly permissive administration accounts. Many times, we see all IT users given a Domain Admin account, from the greenest helpdesk tech, to the person overseeing the network. Microsoft’s Active Directory has a couple of different ways to grant rights to a user, group, or organizational unit, allowing the target the ability to perform certain tasks without giving them the keys to the kingdom. Here are just a couple simple examples. In the Springfield.local domain, Lisa Simpson [...]