Experts Exchange

88

Solutions

300

Contributors

We connect you with people and information to solve problems, inspire learning and influence the future of technology.

Share tech news, updates, or what's on your mind.

Sign up to Post

Part Two of the two-part Q&A series with MalwareTech.
6
On Demand Webinar - Networking for the Cloud Era
LVL 9
On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Part One of the two-part Q&A series with MalwareTech.
7
Let's recap what we learned from yesterday's Skyport Systems webinar.
1
A look at what happened in the Verizon cloud breach.
4
 
LVL 16

Expert Comment

by:Kyle Santos
Comment Utility
I was able to do this easily last night by logging into my Verizon account online and going to settings to change the PIN.  I didn't even have to call customer service.
1
First of all let me say that the only language that I speak is English, but in answering questions here I often come across people whose English skills are not the best and I’d like to be able to communicate better with them, and the following describes what I’ve done on occasion.
0
Let's take a look back at the commercialization of the internet to understand why keeping it open and neutral is in our best interest as a society.
7
Q&A with Course Creator, Mark Lassoff, on the importance of HTML5 in the career of a modern-day developer.
5
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
6
 
LVL 7

Expert Comment

by:Nicholas
Comment Utility
1
Learn why we support net neutrality and why the topic is important to all internet users.
16
 
LVL 47

Expert Comment

by:David
Comment Utility
How it *should* be is that both you and your ISP have the option to make that decision in the first place.  An ISP is in business to make money, and if there is a market for a sustained throughput product,  you can bet your life they will offer it, and then customers will be free to decide if they want such a thing.  

Surely you don't have a problem allowing people to purchase internet packages of different bandwidths.   Yet you are arguing for a one-size-fits all package where you VOIP traffic or streaming video site has dropped packets and choppy sound because somebody using the same ISP is spamming mailboxes and spam traffic is treated exactly the same.

You can't have it both ways.   You can't make an argument against allowing people to buy a package from an ISP for bandwidth for one protocol without saying you're against allowing ISPs to offer more than one speed for all protocols.   It is hypocritical to say people shouldn't be allowed to buy faster internet speeds for a specific protocol ... unless you also say that providers should only offer one speed for everything, regardless of what their needs are.
0
 
LVL 7

Expert Comment

by:Brian Matis
Comment Utility
Thanks for the response, David! It's nice hearing the counterpoint. Something that's been very tricky about this issue is how there is certainly some potential for good improvements that could come of more technical freedom for the infrastructure. I could see allowing some sort of prioritization for "emergency" traffic, much like we do for fire trucks and ambulances on roadways, for example... But if left up to an ISP, what would be termed "emergency" traffic? The highest bidder?

If the ISP starts saying that some traffic types are more important than others (i.e. VOIP more important than mass emails) then won't some people start thinking that their email is more important than when I'm trying to play World of Warcraft (a claim I'll disagree with ;-)

I think the key dividing line may be in how much someone trusts the big carriers to use their powers for good. And personally, I really don't. Perhaps it's because the one truly terrible customer service experience I've ever encountered, the one time I got seriously angry, was with my cable company...

Another point: In your example, you mention VOIP service being impacted by spam. But ultimately, why would I not get my throughput? Is the argument for eliminating net neutrality in order to bring about speed improvements really just a way to try to avoid overall bandwidth improvements?
3
Make the most of your online learning experience.
5
Announcing the Most Valuable Experts of 2016
LVL 6
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Patch Pic
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server 2003 and 2008 - Both 32 and 64 Bit installs.
0
Here's how to start interacting with our community through Post.
7
 

Expert Comment

by:Daniella Barion
Comment Utility
Great suggestions. Good content and discussions on  Post can help people.  We can all be protagonists and help in the exchange, sharing, discussion, and construction of content and ideas. The content comes from the knowledge of the group that is organized in networks. Learning can occur all the time in any environment.
2
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
4
Here's a look at newsworthy articles and community happenings during the last month.
3
When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
8
 
LVL 66

Expert Comment

by:Jim Horn
Comment Utility
^^^ Looks to me like Martin should write an Apple and Skitch specific article on how to make custom screenshots.
1
 
LVL 48

Expert Comment

by:Martin Liss
Comment Utility
Good idea:.
1
Liquid Web and Plesk discuss how to simplify server management with a single tool in their webinar.
2
Ready for our next Course of the Month? Here's what's on tap for June.
3
Invest in your employees with these five simple steps to improve employee engagement and retention.
7
Check out this step-by-step guide for asking an anonymous question on Experts Exchange.
10
 

Expert Comment

by:Elisabeth Goldberg
Comment Utility
While I think this might be a great feature for some users, I personally don't use it as I am not afraid to ask a pertinent question if I need some help.
1
 
LVL 92

Expert Comment

by:nobus
Comment Utility
anonymous = = untrustworthy, you need to hide something
nowadays, the net is full of abuse because of this anonimosity : foul language use, scolding etc..
i find it a VERY bad idea to promote something like this

and yes - every option, even this one, has it's pro's - you have to weigh them against the cons
0
[Webinar] How Hackers Steal Your Credentials
LVL 9
[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

keylogger
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
4

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs of each program we employ. As luck would have it, our days are often spent with other important tasks, leaving us unable to thumb through 300-page guides.


To help Active Directory administrators understand Microsoft’s latest guidance, Skyport Systems hosted a webinar last week that detailed the high-level action items needed to secure Active Directory (AD) in its most recent update.


The main issues they see in companies mitigating AD security issues are threefold: operations, complexity, and cost. Not only are there so many teams involved in managing and securing active directory, but the complex application has many ports of connection, raising cost to implement best practices and install programs built to specifically secure this infrastructure.


And why is AD security so important? Easy—AD systems are the central point of authentication for most companies, Bhavik Shah, CISSP at Skyport Systems explained. Cloud based services, internal operations tools, external platforms, all tie back to AD. So if a hacker gains access to AD, they have access to so much more than simple credentials. This is why the system is so heavily targeted. If a hacker owns AD, they own the entire network.


Skyport Systems understands this problem and so does Microsoft. Microsoft has even tried to close the gaps by releasing new tools proven to work.


“But the problem with implementation is there are vague guidelines,” said Shah. “It takes money, expertise, and other programs to successfully secure Active Directory.”


So Skyport took Microsoft's 300 pages and broke it down into something consumable—a phased approach, broken out into buckets of focus into the modern security framework.


Active Directory Hygiene

Shah recommends looking into existing complexity of hygiene protocols, like whether you’re checking domains frequently enough. He compares this level of security to having a bunch of locks on a door, and that it isn’t a matter of whether or not the hackers will get in, but how long until they do.


“Hackers will get in quickly if this is the only area of focus,” Shah advised.


Secure Admin Workstation

“This is the biggest gap that I’ve seen as far as what Microsoft is telling you to do and what people are actually doing,” said Shah.


In this gap, there will be no jump server set up between a laptop and its domain controller, meaning credentials are cached locally on the device, sitting in the memory of the laptop. If not addresses, credentials can easily leak into the user environment.


Protect Domain Controller

In this level of security protection, administrators need to only allow ports AD needs to perform its job, protected by a firewall and shielded from the internet. In some cases, administrators may completely wipe AD’s connections and start from scratch to gain the level of protection they desire.


Admin Forest

As the final bucket of the security process, this step requires an effort to segregate credentials into separate forests, with users in different locations than admin credentials and so forth. Shah mentioned this step is usually reserved for large enterprises.


For more detailed information on how to implement these steps of security and how Skyport System’s SkySecure product includes hardware and software components to deliver a secure virtualization environment for Active Directory, check out the webinar!



2
In order to fulfill our mission of inspiring learning in the technology community, Experts Exchange is launching a Course of the Month program. Premium and Team Account members will have access to one course per month as a part of their membership, at no additional charge!
8

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the many intricate ways privileged accounts can compromise Active Directory environments.


On the subject of “Tracking and Securing Privileged Users in Active Directory”, Derek Melber, technical evangelist for the ADSolutions team at ManageEngine, outlined that number as Microsoft's own observation.


That’s why companies like ManageEngine are working to educate users and provide simple-to-use tools for protecting the popular Active Directory infrastructure.


Melber explained that when companies are breached, they usually aren’t aware of the breach for up to 146 days. That means a hacker can be in your organization with domain administrator credentials, undetected, for 5 months—something Melber appropriately described as a “terrifying level of access.” According to Microsoft’s research timeline, when the first host is compromised (typically a desktop) the admin domain credentials are compromised in two days or less.


So how do companies combat these risks and stay ahead of hackers?


Melber said a great place to start is to follow these 5 steps for tracking and securing privileged credentials:


  1. Run reports on privileged access accounts
  2. Analyze data from these reports
  3. Configure settings
  4. Monitor settings and access
  5. Set up alerts for when access changes


These steps help companies follow the practice of creating a least privileged environment, something ManageEngine believes in. Following this for all endpoints, Melber explained companies can reduce vulnerabilities within Internet Explorer by 100%.


Individual privileged accounts, however, aren’t the only thing to monitor. Melber discussed the importance of following the same protocol with privileged groups. In privileged groups, users have uninhibited access to important files. He gave the example of a privileged group member accessing financial servers and backing up files or folders, regardless of the permissions set on those documents.


In order to audit this activity, tools are needed to run reports and control access. With the right tool, Melber says it’s possible to track access, monitor settings and behaviors, configure password resets, receive real-time alerts, and launch automatic reports.


“It all goes back, unfortunately, to breaches. Attackers are one step ahead of us. Attackers are using configurations against us. We need to flip that around. We need to know who has privileges. We can then help reduce the breaches that are in our environment,” says Melber.


For more details on tips provided in this webinar—or to watch the presentation—click here.


*Please email Derek Melber with any Active Directory questions at derek@manageengine.com


3
Adults who share images on social media aren’t the only ones who need to worry about their privacy. Our culture’s tendency to share every move and celebration affects the privacy of our children, too.
7

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabilities to a minimum is necessary. This popular system has the ability to both help and hurt corporations.


Recently, Microsoft published a guide containing more than 300 pages on how to keep Active Directory systems safe and secure. While a thorough breakdown of all available techniques and best practices, most teams don’t have idle time available to spend thumbing through the document—especially in a moment of critical need.


In response to this, Skyport Systems is hosting a webinar to provide quick, easy-to-implement tips on the best ways to secure the most vulnerable parts of your Active Directory infrastructure. They’ve done the heavy lifting of understanding this document.


Join us Thursday, April 20th, to learn:

  • Easier ways to secure AD based on Microsoft’s guidance
  • How to secure workstations and domain controllers with their SkySecure product
  • How to create an admin/red forest with SkySecure


Register Now


0

Experts Exchange

88

Solutions

300

Contributors

We connect you with people and information to solve problems, inspire learning and influence the future of technology.

Vendor Experts

Craig KehlerExperts Exchange
Experts ExchangeExperts Exchange
Kyle SantosExperts Exchange