Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Getting Started with Identity Governance and Administration

Identity governance and administration (IGA) helps organizations give each person the right access to the right IT resources, at the right time and for the right reasons. Let’s take a look at 6 core best practices for successfully implementing IGA, as well as some tips for choosing the right tool.

What Is the Kerberos PAC?

The Privileged Attribute Certificate (PAC) is an extension to Kerberos service tickets that contains information about the authenticating user and their privileges. A domain controller adds the PAC information to Kerberos tickets when a user authenticates in an Active Directory (AD) domain. When Kerberos ticket services are used to authenticate to other systems, they can retrieve the PAC from a user’s ticket to determine their level of privileges without having to query the domain controller.

Firewall Log Management and SIEMs

Firewalls are the first line of defense in any network. Firewalls can be software or appliances, and organizations can configure them up to allow or disallow some or all IP traffic, or to verify specific traffic types based on rules that use deep packet inspection. For maximum effectiveness, it’s critical to monitor the operation of your firewalls to spot threats and misconfiguration.

What is Database Hardening and Why Is It Critical?

Hardening the various systems across your network helps you improve your cybersecurity posture level and block attacks. Hardening includes regular patching of known software vulnerabilities and turning off nonessential services on each system to reduce the number of processes that can be exploited. Hardening your database servers is a vital part of this information security strategy.

Event Log Monitoring and Log Audit Software Basics

Event logs can help you spot and troubleshoot security events so you can protect your systems and data. However, log records can be hard to read, and logs so noisy that you often have to sift through pages of events to identify critical events and potential threats. Read on to learn more about audit logs, log analysis and log auditing software.

How NTFS Alternate Data Streams Introduce Security Vulnerability

You may not be familiar with NTFS file streams, but you use them every day when you access files on any modern Windows system. This blog post explains this feature of NTFS ADS, shows how hackers can exploit file stream functionality in cyberattacks, and offers strategies for defending your organization.

Using LDAP Ping to Enumerate Active Directory Users

LDAP Nom Nom is a recently discovered brute-force technique for enumerating valid usernames in Active Directory — anonymously and without leaving any log entries behind. It abuses LDAP Ping, a little-known mechanism in Active Directory normally used by computers to check whether a domain controller is alive. This blog post explains how LDAP Ping works and how adversaries can abuse it with LDAP Nom Nom.