You have to plan for breaches and misuse and devise ways to limit the impact and slow down the advance of external attackers and internal threat actors. If someone can gain privileged access they obviously can move much faster and freely through your network. So being vigilant to signs of privileged account abuse or tampering is critical.
But there are so many levels in “the stack” where privileged authority can be obtained and there are so many different ways to try it. In this real training for free ™ webinar we will explore both dimensions of privileged authority risks and show you how to detect and respond.
My goal is to provide you with a list of the top indicators that someone or something is tampering with privileged accounts. We will look at directory and OS levels including Active Directory, Windows, and Linux. But we'll also go up to the database level with SQL Server and further up to common applications like SharePoint and Exchange. In each of these components we'll identify how admin authority can be obtained (or stolen) and how to detect it through audit logs and other means.
There's more to gaining privileged access than just being a member of Domain Admins or getting the password to root. I'll show you:
- user rights in Windows that allow you to become administrator
- obscure ways to use Group Policy to gain admin authority on target systems
- the role Pass-the-Hash (PtH) attacks play
- common ways to elevate authority on Linux without having the root password
- how privileged authority works in SQL Server, Exchange and SharePoint
- why running application service accounts with privileged accounts opens up opportunities for application admins to elevate authority
This will be a wide-reaching and technical webinar. Alexey Korotich from Dell Software (our sponsor) will briefly show you how Dell InTrust and other Dell GRC products help you detect and respond to privileged access changes. Don't miss this real training for free ™ event. Please register now.