Part 1 consisted of multiple scans for weaknesses like missing patches and gathering NTLM hashes to decrypt passwords etc, keypoint here is to consider disabling cached credentials for internal pc’s which doesn’t leave the building or limit the amount of cached credentials (the default is 10 cached credentials on Windows). The scan was performed by a company specialized in IT related security audits, you can also say the scan was performed by a group of legal hackers □ġ: Scan from an unauthorized internal perspective (plug in the UTP cable and see how far you can get without any account)Ģ: Scan from an unauthorized external perspective (try to gain access from outside the corporate network trough external components)ģ: Scan from an authorized user perspective (logged in with standard user credentials and see what kind of damage can be done) Lets begin with a short description about the security scan : Lately I was involved in a security and penetration scan at a customer servicing in Healthcare, because they store privacy sensitive information they need to apply to certain security regulations which are audited on a regular basis. Based on the results of this scan I will provide some findings and tips that you can use to further enhance the security of your XenApp environment. This tips are primarily focused on XenApp in combination with RES Workspace manager, but elements can also apply to other environments containing other UEM products. ** This post was updated on 13-5-2013 and contains, besides additional information, also statements from RES Software. They responded very quick on the outcome of the security audit and would like to thank them for the nice collaboration **
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |