1. OCAU Merchandise now available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion here.
    Dismiss Notice

Consolidated Business & Enterprise Computing Rant Thread

Discussion in 'Business & Enterprise Computing' started by elvis, Jul 1, 2008.

  1. Scarpetta

    Scarpetta Member

    Joined:
    Nov 19, 2016
    Messages:
    1,896
    Location:
    Brisbane
    A four letter word with c u and t?

    Damn right they're cute!
     
  2. wazza

    wazza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,593
    Location:
    NSW
    I've mentioned before that one of our software suppliers have a clown based service that's just a forklift move of their app to Azure with RDP open to the web, and no security beyond complex usernames/passwords (no account lockouts, no IP bans for constant incorrect attempts etc) and they were getting significant numbers of actual attempts on both usernames and passwords - enough that the security event log didn't last a full day due to how many incorrect username/password attempts they were getting - they were also unaware of this until I flagged it as a major concern.

    Well we had to remove the account lockout policy....our accounts kept getting locked out for some unknown reason :rolleyes:
     
  3. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    5,912
    Location:
    NSW
    Yes cert based auth. and these were active attempts, windows security logs were showing fairly common names (So list based) but not common to the business. and all accounts have a hard limit of 10 attempts and account locked, this also includes firewall based accounts as well as AD.
     
  4. dakiller

    dakiller (Oscillating & Impeding)

    Joined:
    Jun 27, 2001
    Messages:
    8,135
    Location:
    3844
    Account lockouts after X attempts on an account looks like a nice way to DOS someone. Just find a company's list of logins and spam them all.

    Lockout based on attempts from an IP would be the better way to go.
     
  5. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    41,734
    Location:
    Brisbane
    This is how fail2ban works by default. Can be configured any way you like of course.
     
    GumbyNoTalent likes this.
  6. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,059
    [​IMG]
     
  7. wazza

    wazza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,593
    Location:
    NSW
    A combination of the 2 is likely needed (and/or other layers), especially for commonly attacked things such as RDP - just blocking by IP doesn't prevent a botnet attempting to brute force as they could change the IP used to attack every X attempts to get around IP blocks.
     
  8. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    8,856
    Location:
    Briz Vegas
    So script kiddies could guess account names?

    BAN the offending IP for 48hrs and whitelist the appropriate IPs of your infrastructure, I do this everyday on systems I build and after 2 days banned IPs level off and months later you have 20ish IPs instead of 100s as the script kiddies move to greener pastures.

    Why is this even a debate, it is IDS 101, first layer policy!
     
    Last edited: Jul 31, 2020 at 5:19 PM
    cvidler likes this.
  9. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    41,734
    Location:
    Brisbane
    LinkedIn.
     
  10. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    8,856
    Location:
    Briz Vegas
    Guess thats why certificate rule my world, passwords are for sudo only.
     
  11. wazza

    wazza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,593
    Location:
    NSW
    Not sure if you missed it but I was being intentionally obtuse there. But to answer your question anyway yes it is sometimes possible to determine account names, and I'd say that a vast majority of business use a standard naming practice for their account names which both makes it easier to guess the standard and makes it far easier to extrapolate further once you determine the standard in use (get your employee lists from linkedin, facebook, call them and see if they have an IVR/Phone directory, check their website for an employee directory etc).

    As you say it's a first layer policy, not an only layer policy - I'm agreeing there, use IP bans, they are a very valid layer of security, they're just not the only layer you should use.
     
  12. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,059
    We tattoo GUIDs on new employees and they login with that.
     
    looktall and GumbyNoTalent like this.
  13. wazza

    wazza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,593
    Location:
    NSW
    I know, I've done my OSINT on your company - please tell the employee ending in CBED8 they post too many damn selfies on facebook.
     
  14. Aetherone

    Aetherone Member

    Joined:
    Jan 15, 2002
    Messages:
    8,743
    Location:
    Adelaide, SA
    He's probably lucky the IT guy didn't set the cat's third eye for retina scan login.
    "To login, please present your cat's arse..."
    Windows OHELLNO?
     
    CptVipeR and Rass like this.
  15. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,059
    Jokes on you, that was a honey-employee.
     
    wazza likes this.
  16. wazza

    wazza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,593
    Location:
    NSW
    So that wasn't really her in the fursuit pics‽ Damn.
     
    elvis likes this.
  17. looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    26,393
    It was probably Pablo.
     
    wazza likes this.
  18. Unframed

    Unframed Member

    Joined:
    Mar 30, 2010
    Messages:
    9,149
    Location:
    Hella south west
  19. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    41,734
    Location:
    Brisbane
    Updoot for interrobang.
     
    BAK and wazza like this.
  20. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    11,149
    Location:
    Melbourne
    I have a rather strange friend who has had a RFID chip implanted in his hand. I think he's gotten Mkyi (local public transport pass) working on it OK.
     

Share This Page

Advertisement: