Active Directory Account Lockout, Audit and Password Policies

בטרם החג ביצעתי בדיקה מקיפה עבור מדניות ה-Actvie Directory עבור אחד מלקוחתי אשר כללה:

•בדיקת מדניות סיסמאות.
•בדיקת מנגנוני בקרה (Audit).
•בדיקת מדניות חשבונות(משתמשים לא פעילים,משתמשים בעלי סיסמה קבועה וכו').
•חברות לקבוצות Domain Admins ו-Local Administrators .
•בדיקת הרשאות Share ו-NTFS בשרתים.

להלן כלים מומלצים לבחינת המערכת:

Ecora Auditor Professional -כלי חזק מאוד לחלול דוחות מקצועים רבים בין היתר מותאם ל-SOX, PCI, GLBA,FISMA/FISCAM, HIPAA.
לכלי מודול מיוחד עבור Active Directory ,למצגת בנושא יש ללחוץ כאן.
לצפיה בדו"ח לדוגמה יש ללחוץ כאן.

WinScanX -כלי המאפשר לנו לקבל מידע אודות:
Audit Policy Information
Display Information
Domain Information
LDAP Information
Administrative Local & Global Group Information
Local & Global Group Information
Installed Programs
Interactively Logged On Users
Logged On Users
Patch Information
Registry Information
Scheduled Task Information
Server Information
Service Information
Share Information
Share Permissions
SNMP Community Information
Get User Information
Get User Information via RA Bypass
Get User Rights Information
Get WinVNC3 & WinVNC4 Passwords
Save Remote Registry Hives
Ping Remote Host Before Scanning
Guess SNMP Community Strings
Guess Windows Passwords

כלי נוסף לבקרת חשבונות ואכיפת מדניות:

AccountAudit is a tool that allows you to examine the user account database of a Domain Controller
AccountAudit is a tool that allows you to examine the user account database of a Domain Controller (in a Windows Domain).

AccountAudit" allows you to report on:

Accounts with no password
Accounts that do not require password changes
Accounts with high bad password attempts
Accounts Locked out
Accounts with Expired Passwords
Accounts Passwords not Changed for long periods
Users last logon time
Users last logon Domain Controller
Domain wide, accurate, bad password attempt count

The Account Audit Report generated by AccountAudit is in HTML format and includes Notes, Recommendations and Risk Ratings.

קישור להורדה:
http://www.softpedia.com/get/Network-Tools/Network-Monitoring/AccountAudit.shtml

Softerra LDAP Browser-נמאס לכם לעבוד עם הפקודה DSQuery ? האפליקציה הזאת בין היתר תבצע עבורכם את העבודה ואפילו הרבה מעבר לכך תוך יכולת חללול דוחות:
http://www.ldapbrowser.com/download.htm
המגבלה היחידה של רשיון ה-Freeware הוא יכולת כתיבה ל-LDAP(מה שקיים בגרסה המסחרית).

Professor Messer’s Nmap-מי לומד קורס עם הפרופסור?

Unfortunately, most of Nmap’s usefulness is never realized by the majority of security professionals. Many Nmap users run the default scan with the default options, never realizing the potential that exists just underneath the surface. It’s like owning a high-performance racecar and never leaving your driveway!

It’s time to change all of that. We’ve created “Nmap Secrets,” a video-based training course designed to fit the needs of the beginning security manager as well as the seasoned professional. If you want to learn about the most popular Nmap features (and a few you might have never have heard of), then our “Nmap Secrets” training course is a perfect fit!

Module 1 – Getting Started with Nmap
Module One will provide you with an overview of the entire course, along with a sneak peek of the secrets that we’ll uncover along the way.

Module 2 – Nmap Basics
Module Two provides an overview of network protocols, the Nmap scan process, and we’ll learn the secrets for increasing the speed of this process. We’ll also run our first Nmap scan and analyze the results.

Module 3 – Scans for Every Occasion
Module Three introduces four of the most popular, most useful, and most versatile Nmap scanning methods. Even if you learn of no other scanning methods, these four scan types will get your through the vast majority of Nmap scanning situations. The TCP SYN scan, TCP connect() scan, Ping scan, and UDP scan provide different information for use in different situations. By the end of this module, you’ll be very familiar with these scans, and you’ll have a perfect understanding of when to use each scan. You may never run Nmap with just the default options ever again!

Module 4 – “Back Pocket” Scans
Sometimes, you’ll run into a situation where a normal Nmap scan isn’t providing you with all of the information you need. This may be a situation where remote devices aren’t responding, or perhaps you aren’t able to identify any available ports on a remote device – even though you can easily connect to its web server! In these situations, it’s useful to have a few tricks in your back pocket.

Module 5 – Useful Scanning Options
In module five, we’ll concentrate on some useful scanning options that will assist you with building Nmap scan sessions that are effective and efficient. First, we’ll show you the secrets to easily excluding or including target addresses for your Nmap scans. We’ll discover how to exclude from the command line, and we’ll also show you how building a file of IP addresses or names can integrate the Nmap scan process with other network utilities. During a scan, we’ll often want to know the status of a particular port. With Nmap’s port number options, we can limit our scans to specific applications and focus our efforts on identifying the systems that
interest us the most.

Module 6 – Nmap “Pings” – The Search for Hosts
There’s a lot to Nmap’s ping process, and we’ll start with defining a ping. From there, we’ll move to Nmap’s default pings – the ARP ping and the ICMP and TCP ACK ping combo. To really make the most of Nmap’s pings, we’ll also investigate the details of the TCP SYN ping and the UDP ping. And then, after spending all of that time and effort learning about Nmap’s ping process, we’ll show you how to turn it off. Why would you want to do that? Don’t worry, we’ll show you all of the secrets!
Module Six

Module 7 – Recon Scanning
In this module, we’ll investigate the secrets of network reconnaissance, and we’ll take you through the details of two major Nmap features – operating system fingerprinting and version detection. After this module is complete, you’ll understand the power behind the recon scans and know exactly why Nmap is one of the most impressive security tools available!

Module 8 – Ninja Scanning
In this module we’ll introduce you to Nmap’s art of invisibility. You’ll learn all of the secrets of using Nmap on a network in stealth mode, where you can come and go like the wind.

Module 9 – Output Options
Nmap includes a number of output options, and this module takes us through them all. We’ll show you the differences in the output options, including how to convert Nmap’s XML output into some great HTML-based reports. You won’t want to miss this!

Module 10 – Windows and Nmap
In this module, we’ll learn about the history of Nmap and Windows – both the good, and the bad. Although there have been some significant operational issues with Windows, the few Windows-related issues that exist today are easy to work around, and we’ll show you how. Although Windows handles Nmap well, it’s still not perfect. There are a few downsides to using Nmap in Windows, so we’ll walk you through the good with the bad.

Module 11 – Real-World Nmap Scanning
In this module we’ll discuss six Nmap scanning techniques that can get you through some pretty nasty security problems. First, we’ll look at identifying the remnants of a virus outbreak or spyware infestation. These situations often leave some residuals traces, and we’ll show you the secrets to finding all of the shrapnel. Then, we’ll move to a more traditional use of Nmap – vulnerability assessments. Once we’re sure our systems are secure, we’ll have a look at ongoing testing with some security policy compliance testing. Our administrative tasks then turn to asset management and keeping track of all of those systems throughout the network. Another great technique of Nmap is the ability to audit firewall configurations. Can Nmap make it through your barriers? We’ll find out! And finally, we’ll learn the secrets behind keeping your network safe every day of the year with perpetual network auditing techniques.