Tag Archives: Windows

ACL: Automate Active Directory Downloads

Here’s a way to automate the download of data from Active Directory (AD), specifically group members, into ACL using adfind and the ACL Execute command.

I’ll walk you through it step-by-step.

Even if you don’t use ACL, you might gain a better understanding of AD and LDAP in general….

Continue reading

Advertisements

1 Comment

Filed under ACL, Audit, How to..., Scripting (ACL), Technology, Written by Skyyler

Server Audit for the Dauntless

dauntless server auditIf you’re looking for an insightful server audit, and you’re dauntless, you might want to jump on this train.

First, why do you need to be dauntless?

Because you’re going to need to obtain your data from a number of different sources; the bigger your company, the more likely you’ll need to call on and question more than a handful of people.

Because comparing and tracking all the servers that are on one list, but not another can be a challenge.

Because it his highly LIKELY that you WILL find something and the server team will not be happy.

Continue reading

3 Comments

Filed under Audit, How to..., Security, Technology

Periodic Access Review Problems

One of my current clients is trying really hard to do periodic access reviews.

They know that mistakes are made in granting access, that users get access and eventually don’t need it anymore, but don’t tell anyone, and that some users leave the company without their manager’s knowledge (I never have understood how that happens, but it does; it has happened in every Fortune 500 company in which I’ve worked).

Continue reading

7 Comments

Filed under Audit, Security, Technology

UnNeighborly Security

Hack me now!I recently ran into some unneighborly security. It happens all the time to those of us who know how to build, upgrade, secure, and troubleshoot hardware and software.

I’m over at my neighbor’s house and he says, “Hey, you work with computers, so can you take a look at mine?”

There goes the afternoon.

Continue reading

4 Comments

Filed under Security, Security Scout, Technology

How Virtualization Changes Audits

If you haven’t determined how server virtualization changes your audit plans, you better get moving. I’m not just talking about a virtualization audit (more on that later), but the audits that you typically do every year or on a multi-year cycle.

For example, if every year you do an audit on all networks, servers, applications, and databases that host your key financial reporting or PHI systems, you’re looking at policies and procedures, configuration management, security (including patching), user access, logging, and so on. But do you first consider whether those assets run on virtualized servers?

Continue reading

2 Comments

Filed under Audit, How to..., Security, Technology

Free CEH/Shon Harris Videos

Shon Harris is offering FREE Certified Ethical Hacking (CEH) videos for online viewing. According to Harris, all the videos together are over 25 hours long.

The videos are listed below and can be viewed at www.logicalsecurity.com/resources/resources_videos.html.

So what’s the catch? Make sure you read this entire post before you leap!

Leave a comment

Filed under Audit, Free, How to..., Security

Windows Widows

I’m surprised at the number of IT auditors who don’t understand Windows and Active Directory (AD) accounts. I can understand auditors who aren’t familiar with Unix, but Windows? Perhaps too many financial auditors are crossing over from the Far Side.

Continue reading

Leave a comment

Filed under Audit