Dell SecureWorks researchers have created a solution known as DCEPT (Domain Controller Enticing PassPosted On: 2016-01-18 | Total Views: 321
High-profile network breaches are occurring with increasing frequency, and when details of the attack are revealed, an all-too-familiar pattern is repeated: the attacker gains a foothold on a single computer on the network, then uses network-administrator credentials stolen from that systemís memory cache to compromise the rest of the computers in the domain. In Microsoft Windows networking, a domain is a group of computers that have registered with a central database known as the domain controller. Using a Windows component known as Active Directory (AD), network administrators can manage all user accounts, processes, and permissions on devices that have joined the domain. A special administrative account known as the domain administrator can authenticate to and control any computer in the domain. This all-powerful account can simplify and streamline network administration tasks, but can also provide unfettered network access to attackers. Many network administrators are unaware that using this account to log in casually to network workstations for routine maintenance carries great risk.
Go to Log-in