Txhua tus neeg tawm tsam xav tau yog lub sijhawm thiab kev txhawb siab txhawm rau txhawm rau hauv koj lub network. Tab sis peb txoj hauj lwm yog tiv thaiv nws los ntawm kev ua qhov no, los yog tsawg kawg yog ua kom txoj hauj lwm no nyuaj li sai tau. Koj yuav tsum pib los ntawm kev txheeb xyuas qhov tsis muaj zog hauv Active Directory (tom qab no hu ua AD) uas tus neeg tawm tsam tuaj yeem siv kom nkag tau thiab txav mus los ntawm lub network yam tsis raug kuaj pom. Niaj hnub no hauv tsab xov xwm no peb yuav saib cov cim qhia txog kev pheej hmoo uas cuam tshuam txog qhov tsis zoo uas twb muaj lawm hauv koj lub koom haum kev tiv thaiv cyber, siv AD Varonis dashboard ua piv txwv.
Cov neeg tawm tsam siv qee qhov kev teeb tsa hauv thaj chaw
Cov neeg tawm tsam siv ntau yam txuj ci ntse thiab qhov tsis muaj peev xwm nkag mus rau cov tuam txhab sib koom tes thiab txhawb nqa cov cai. Qee qhov tsis zoo no yog qhov chaw teeb tsa uas tuaj yeem hloov tau yooj yim thaum lawv raug txheeb xyuas.
AD dashboard yuav ceeb toom rau koj tam sim yog tias koj (lossis koj tus thawj tswj hwm lub cev) tsis tau hloov tus password KRBTGT hauv lub hli dhau los, lossis yog tias ib tus neeg tau lees paub nrog lub neej ntawd tus thawj tswj hwm tus account. Ob tus account no muab kev nkag mus rau koj lub network tsis txwv: cov neeg tawm tsam yuav sim nkag mus rau lawv kom yooj yim hla txhua qhov kev txwv hauv cov cai thiab kev tso cai nkag. Thiab, yog li ntawd, lawv tau nkag mus rau txhua cov ntaub ntawv uas lawv nyiam.
Tau kawg, koj tuaj yeem tshawb pom qhov tsis zoo no ntawm koj tus kheej: piv txwv li, teeb tsa daim ntawv qhia hnub ceeb toom los kuaj lossis khiav PowerShell tsab ntawv los sau cov ntaub ntawv no.
Varonis dashboard tab tom hloov kho cia li tau los muab kev pom sai sai thiab kev tshuaj xyuas ntawm cov ntsuas tseem ceeb uas qhia txog qhov muaj peev xwm tsis zoo yog li koj tuaj yeem ua tam sim ntawd los daws lawv.
3 Qhov Tseem Ceeb Domain Level Risk Indicators
Hauv qab no yog ib tug xov tooj ntawm cov widgets muaj nyob rau ntawm Varonis dashboard, kev siv uas yuav ua rau kom muaj kev tiv thaiv ntawm cov koom haum network thiab IT infrastructure tag nrho.
1. Tus lej ntawm tus lej uas Kerberos tus lej password tsis tau hloov pauv rau lub sijhawm tseem ceeb
Tus account KRBTGT yog tus account tshwj xeeb hauv AD uas kos npe rau txhua yam . Cov neeg tawm tsam uas tau nkag mus rau tus tswj hwm sau npe (DC) tuaj yeem siv tus lej no los tsim , uas yuav muab lawv unlimited nkag mus rau yuav luag txhua qhov system ntawm cov tuam txhab network. Peb tau ntsib ib qho xwm txheej uas, tom qab tau txais daim pib Golden, tus neeg tawm tsam tau nkag mus rau lub koom haum lub network tau ob xyoos. Yog tias KRBTGT tus lej password hauv koj lub tuam txhab tsis tau hloov pauv hauv plaub caug hnub dhau los, tus widget yuav ceeb toom rau koj txog qhov no.
Plaub caug hnub yog ntau tshaj sijhawm txaus rau tus neeg tawm tsam kom nkag mus rau lub network. Txawm li cas los xij, yog tias koj tswj hwm thiab ua tus txheej txheem ntawm kev hloov tus password no tsis tu ncua, nws yuav ua rau nws nyuaj dua rau tus neeg tawm tsam kom tawg rau hauv koj lub tuam txhab network.
Nco ntsoov tias raws li Microsoft qhov kev siv ntawm Kerberos raws tu qauv, koj yuav tsum KRBTGT.
Nyob rau yav tom ntej, AD widget no yuav ceeb toom koj thaum txog sijhawm hloov KRBTGT lo lus zais dua rau txhua qhov ntawm koj lub network.
2. Tus naj npawb ntawm qhov chaw uas tus thawj tswj hwm tus account tau siv tsis ntev los no
Raws li - Cov thawj tswj hwm tau muab ob qho nyiaj: thawj yog tus account rau kev siv txhua hnub, thiab qhov thib ob yog rau kev npaj ua haujlwm. Qhov no txhais tau hais tias tsis muaj leej twg yuav tsum tau siv tus thawj tswj hwm tus account.
Built-in tus thawj tswj account feem ntau yog siv los ua kom yooj yim rau kev tswj hwm cov txheej txheem. Qhov no tuaj yeem dhau los ua tus cwj pwm phem, ua rau muaj kev nyiag. Yog tias qhov no tshwm sim hauv koj lub koom haum, koj yuav muaj teeb meem sib txawv ntawm kev siv tus as-qhauj no kom raug thiab muaj peev xwm nkag mus tau zoo.
Yog tias tus widget qhia lwm yam uas tsis yog xoom, ces ib tus neeg ua haujlwm tsis raug nrog kev tswj hwm tus account. Hauv qhov no, koj yuav tsum tau ua cov kauj ruam los kho thiab txwv tsis pub nkag mus rau hauv tus thawj tswj hwm tus account.
Thaum koj tau ua tiav tus nqi widget ntawm xoom thiab cov thawj tswj hwm tsis siv tus lej no rau lawv txoj haujlwm lawm, tom qab ntawd, yav tom ntej, kev hloov pauv rau nws yuav qhia tau tias muaj peev xwm tawm tsam cyber.
3. Tus naj npawb ntawm cov npe uas tsis muaj pab pawg ntawm Cov Neeg Siv Tiv Thaiv
Cov ntawv qub ntawm AD txhawb nqa tsis muaj zog encryption hom - RC4. Hackers tau nyiag RC4 ntau xyoo dhau los, thiab tam sim no nws yog ib txoj haujlwm tseem ceeb heev rau tus neeg tawm tsam los nyiag tus account uas tseem siv RC4. Lub version ntawm Active Directory qhia hauv Windows Server 2012 tau qhia ib hom tshiab ntawm pab pawg neeg siv hu ua Protected Users Group. Nws muab cov cuab yeej kev ruaj ntseg ntxiv thiab tiv thaiv tus neeg siv kev lees paub siv RC4 encryption.
Cov widget no yuav qhia tau yog tias ib qho chaw hauv lub koom haum ploj lawm xws li pab pawg kom koj tuaj yeem kho nws, i.e. pab kom pab pawg neeg siv kev tiv thaiv thiab siv nws los tiv thaiv cov txheej txheem.
Lub hom phiaj yooj yim rau cov neeg tawm tsam
Cov neeg siv nyiaj yog lub hom phiaj thib ib rau cov neeg tawm tsam, los ntawm kev pib nkag mus rau kev nce ntxiv ntawm cov cai thiab zais lawv cov haujlwm. Cov neeg tawm tsam nrhiav cov hom phiaj yooj yim ntawm koj lub network siv PowerShell cov lus txib uas feem ntau nyuaj rau kev ntes. Tshem tawm ntau lub hom phiaj yooj yim no los ntawm AD li sai tau.
Cov neeg tawm tsam tab tom nrhiav rau cov neeg siv uas tsis tas yuav lo lus zais (lossis leej twg tsis xav tau tus password), cov nyiaj siv thev naus laus zis uas yog cov thawj coj, thiab cov nyiaj uas siv cov cuab yeej cuab tam RC4 encryption.
Ib qho ntawm cov nyiaj no yog qhov tsis tseem ceeb rau kev nkag los yog feem ntau tsis saib xyuas. Cov neeg tawm tsam tuaj yeem hla cov nyiaj no thiab txav mus los hauv koj lub vaj tse.
Thaum cov neeg tawm tsam nkag mus rau thaj tsam kev nyab xeeb, lawv yuav muaj peev xwm nkag mus rau yam tsawg kawg ib tus account. Koj puas tuaj yeem txwv tsis pub lawv nkag mus rau cov ntaub ntawv rhiab ua ntej qhov kev tawm tsam raug kuaj pom thiab muaj?
Varonis AD dashboard yuav taw qhia cov neeg siv nyiaj tsis zoo yog li koj tuaj yeem daws cov teeb meem tsis tu ncua. Qhov nyuaj dua nws yog nkag mus rau koj lub network, qhov zoo dua koj txoj hauv kev ntawm neutralizing tus neeg tawm tsam ua ntej lawv ua rau muaj kev puas tsuaj loj.
4 Qhov Ntsuas Tseem Ceeb Risk rau Cov Neeg Siv Khoom
Hauv qab no yog cov piv txwv ntawm Varonis AD dashboard widgets uas qhia txog cov neeg siv nyiaj yooj yim tshaj plaws.
1. Tus naj npawb ntawm cov neeg siv nquag nrog cov passwords uas tsis tas sijhawm
Rau txhua tus neeg tawm tsam kom tau txais kev nkag mus rau xws li tus account yog ib txwm ua tau zoo. Txij li thaum tus password yeej tsis tas sijhawm, tus neeg tawm tsam muaj qhov chaw ruaj khov hauv lub network, uas tuaj yeem siv tau los yog kev txav mus los hauv cov infrastructure.
Cov neeg tawm tsam muaj cov npe ntawm ntau lab tus neeg siv-password ua ke uas lawv siv hauv kev lees paub kev tawm tsam, thiab qhov yuav tshwm sim yog tias
tias kev sib xyaw ua ke rau cov neeg siv nrog tus password "eternal" yog nyob rau hauv ib qho ntawm cov npe no, ntau dua li xoom.
Cov nyiaj nrog cov passwords tsis tas yuav tsum tau yooj yim los tswj, tab sis lawv tsis ruaj ntseg. Siv cov widget no los nrhiav txhua tus account uas muaj cov passwords zoo li no. Hloov qhov chaw no thiab hloov kho koj tus password.
Thaum tus nqi ntawm qhov widget no tau teeb tsa rau xoom, txhua tus lej tshiab tsim nrog tus password yuav tshwm sim hauv dashboard.
2. Tus lej ntawm tus lej tswj hwm nrog SPN
SPN (Service Principal Name) yog tus cim tshwj xeeb ntawm qhov kev pabcuam. Cov widget no qhia tias muaj pes tsawg tus account cov kev pabcuam muaj cov cai tswj hwm tag nrho. Tus nqi ntawm tus widget yuav tsum yog xoom. SPN nrog rau cov cai tswj hwm tshwm sim vim tias kev tso cai rau cov cai no yooj yim rau cov neeg muag khoom software thiab cov neeg ua haujlwm daim ntawv thov, tab sis nws ua rau muaj kev pheej hmoo ntawm kev nyab xeeb.
Muab cov kev pabcuam tus as-qhauj tswj hwm txoj cai tso cai rau tus neeg tawm tsam kom tau txais kev nkag mus rau tus account uas tsis siv. Qhov no txhais tau tias cov neeg tawm tsam nrog kev nkag mus rau SPN cov nyiaj tuaj yeem ua haujlwm ywj pheej hauv cov txheej txheem yam tsis muaj lawv cov haujlwm saib xyuas.
Koj tuaj yeem daws qhov teeb meem no los ntawm kev hloov cov kev tso cai ntawm cov nyiaj pabcuam. Xws li cov nyiaj yuav tsum tau ua raws li txoj cai tsawg kawg nkaus thiab tsuas muaj kev nkag tau uas tsim nyog rau lawv txoj haujlwm.
Siv cov widget no, koj tuaj yeem ntes tag nrho SPNs uas muaj cai tswj hwm, tshem tawm cov cai no, thiab tom qab ntawd saib xyuas SPNs siv tib txoj cai ntawm kev nkag mus tsawg kawg nkaus.
Qhov tshiab SPN tshwm sim yuav tshwm rau ntawm lub dashboard, thiab koj tuaj yeem saib xyuas cov txheej txheem no.
3. Tus naj npawb ntawm cov neeg siv uas tsis xav tau Kerberos pre-authentication
Qhov zoo tshaj plaws, Kerberos encrypts daim pib authentication siv AES-256 encryption, uas tseem unbreakable rau hnub no.
Txawm li cas los xij, cov ntawv qub ntawm Kerberos siv RC4 encryption, uas tam sim no tuaj yeem tawg hauv feeb. Cov widget no qhia tau tias cov neeg siv nyiaj twg tseem siv RC4. Microsoft tseem txhawb nqa RC4 rau rov qab sib raug zoo, tab sis qhov ntawd tsis tau txhais hais tias koj yuav tsum siv nws hauv koj li AD.
Thaum koj tau txheeb xyuas cov nyiaj no, koj yuav tsum tshem tawm qhov "tsis xav tau Kerberos ua ntej tso cai" checkbox hauv AD kom yuam kom cov nyiaj siv ntau dua encryption.
Tshawb nrhiav cov nyiaj no ntawm koj tus kheej, tsis muaj Varonis AD dashboard, siv sijhawm ntau. Qhov tseeb tiag, kev paub txog txhua tus account uas tau kho kom siv RC4 encryption yog ib txoj haujlwm nyuaj dua.
Yog tias tus nqi ntawm widget hloov pauv, qhov no yuav qhia tau tias kev ua txhaum cai.
4. Tus naj npawb ntawm cov neeg siv tsis muaj tus password
Cov neeg tawm tsam siv PowerShell cov lus txib los nyeem "PASSWD_NOTREQD" chij los ntawm AD hauv cov khoom ntiag tug. Kev siv tus chij no qhia tau hais tias tsis muaj tus password yuav tsum tau lossis cov kev xav tau nyuaj.
Nws yooj yim npaum li cas los nyiag ib tus account nrog tus password yooj yim lossis dawb paug? Tam sim no xav txog tias ib qho ntawm cov nyiaj no yog tus thawj tswj hwm.
Yuav ua li cas yog tias ib qho ntawm ntau txhiab cov ntaub ntawv tsis pub lwm tus paub qhib rau txhua tus yog daim ntawv qhia txog nyiaj txiag yav tom ntej?
Tsis quav ntsej qhov yuav tsum tau tus password yuav tsum yog lwm txoj kev tswj hwm txoj cai uas feem ntau siv yav dhau los, tab sis tsis tuaj yeem lees txais lossis tsis muaj kev nyab xeeb hnub no.
Kho qhov teeb meem no los ntawm kev hloov kho cov passwords rau cov nyiaj no.
Saib xyuas cov widget yav tom ntej yuav pab koj kom tsis txhob muaj nyiaj tsis muaj tus password.
Varonis tseem muaj qhov sib txawv
Yav dhau los, kev ua haujlwm ntawm kev sau thiab tshuaj xyuas cov ntsuas tau piav qhia hauv tsab xov xwm no tau siv sijhawm ntau teev thiab xav tau kev paub tob txog PowerShell, xav kom pab pawg muaj kev nyab xeeb los faib cov peev txheej rau cov haujlwm no txhua lub lis piam lossis hli. Tab sis phau ntawv sau thiab ua cov ntaub ntawv no ua rau cov neeg tawm tsam pib nkag mus thiab nyiag cov ntaub ntawv.
Π‘ Koj yuav siv sijhawm ib hnub los siv AD dashboard thiab cov khoom siv ntxiv, sau tag nrho cov kev tsis sib haum xeeb tau tham thiab ntau ntxiv. Nyob rau hauv lub neej yav tom ntej, thaum lub sij hawm ua hauj lwm, lub vaj huam sib luag saib xyuas yuav raug hloov kho raws li lub xeev ntawm cov infrastructure hloov.
Kev tawm tsam cyber yog ib txwm muaj kev sib tw ntawm cov neeg tawm tsam thiab cov neeg tiv thaiv, tus neeg tawm tsam xav nyiag cov ntaub ntawv ua ntej cov kws tshaj lij kev ruaj ntseg tuaj yeem thaiv kev nkag mus rau nws. Kev tshawb pom ntxov ntawm cov neeg tawm tsam thiab lawv cov haujlwm tsis raug cai, ua ke nrog kev tiv thaiv cyber muaj zog, yog tus yuam sij ua kom koj cov ntaub ntawv muaj kev nyab xeeb.
Tau qhov twg los: www.hab.com