Protect Your Network Against the No.1 Threat
Is your IT department aware of the perilous “pass-the-hash attacks”? If not, then it’s time for them to open their eyes to this dangerous, most feared computer threat out there today. IT support providers at government agencies and commercial organizations alike, cringe at the thought of suffering the consequences from such an attack. Also feared, behind the No. 1 pass-the-hash threat, is the infamous Hacktivism – a threat that sends chills up and down the spines of IT support providers.
To assert that these are “the” major threats out there today is definitely a matter of opinion. There have already been a series of previously uncharted territory of threats this year alone. And Malware, Trojans, and Hackers are operating at peak levels, stealing from bank accounts, duping users with fake bank login’s, and emails with links that contain viruses. The list goes on and on with little relief projected soon.
One of the reasons that pass-the-hash attacks are taken so seriously and feared so much, is that once a password’s hashes are captured, the hackers are easily able to manipulate and compromise network environments. They can do it with their hands tied behind their backs. Hashes can readily capture and access any secured resource, a condition that is worsened if an Administrator is already logged on to a computer. The attacker can easily obtain administrative authentication hashes just from the memory alone.
What should scare domain administrators the most is a hacker’s ability to obtain domain administrative access simply as a result of an admin being previously logged on. Once that has occurs, the domain credentials will be comprised for every computer that that administrator has used.
There are actions that can and should be taken to prevent such breaches. For example:
- Do not log on to a regular user’s workstation as the domain administrator. Try to contain the amount of logons to file servers;
- When performing tasks required for fixes, try and use remote console tools — tools which can prevent password credentials from being left behind in the memory on the remote computer; and,
- When it is urgent to log on with your domain admin credential, make sure to use a trusted computer.
These are just some of the steps to get your started. Keep in mind to always perform your due diligence when executing such tasks. I urge you to talk more with your IT service provider about securing your network and taking the proper security steps required to prevent breaches.