What you don’t know can hurt you. Every device and every system on your network is a source of risk and part of your IT Asset discovery state. To fully appreciate this it’s often necessary to tackle a widely held misconception which the following statements should dispel:
Active Directory Domains are not firewalls.
Many organizations modelled their networks around the misconception that AD domains were some kind of security boundary – they are not. You might be amazed how many times I’ve heard “Domain B is a separate untrusted domain so they can’t access anything here in domain A.” That all depends on what you mean by “they”; if you mean domain B user accounts – sure that’s true. Domains are identity boundaries. So if domain A doesn’t trust domain B then user accounts in domain B can’t be granted access to or even logon to systems in domain A. But that in no way means that people or systems in domain B can’t attack domain A. As long as you are on one big, routed IP network, then domain A is exposed to attack.
Here's an example. A very large insurance company that dealt with thousands of independent agents divided their Windows environment into 2 forests: one for corporate and the other for all their dealers to whom they provided managed Windows endpoints. They believed their corporate systems were protected from dealers because the corporate forest didn’t trust the dealer forest. However, if one of their dealer systems were compromised attacks could be launched at any system in the corporate forest. This is especially true because the corporate forest was already known to be vulnerable to password spray attacks.
But it’s not just other domains and forests. The same goes for standalone Windows systems that don’t belong to any domain at all. On a typical corporate network that hasn’t implemented 802.1x or another zero-trust technology, anyone can deploy one of these. And it’s not just Windows systems. Today nearly every device out there with an IP address is running some form of Linux and as such can be compromised and subsequently used as an angle of attack to other systems.
So, it behooves us to systematically discover undocumented, unauthorized, rogue, and otherwise unknown systems and devices on the network. This is a first step in IT Asset Discovery, where the goal is to gain unparalleled visibility into your IT ecosystems, transforming chaos into clarity.
Moreover, beyond individual systems, it’s not uncommon to discover entire network branches, such as hyper-visors that host multiple VMs, with their own internal network segments or gateways. These can have entire networks sitting behind them exposed through a NAT (network address translation) boundary.
In this real training for free webinar, we will explore a systematic method for discovering unknown systems on your network. Don’t imagine this is as easy as running a ping scan over your IP address space. Sure, that’s a first step but there’s so many blind spots left. A few of the areas we’ll explore include:
- The importance of collecting information from managed switches
- How to identify systems and devices in terms of operating system and related factors
- Discovering segments of your network hosted in the cloud
- Using logs to identify unknown systems
- Passive vs. active scanning
- Visibility into IT infrastructure
- Efficient change management
- Optimized resource utilization and cost management
- Improved security and risk management
Lansweeper is the perfect sponsor for this real training for free session because they have a leading discovery engine for accomplishing exactly what we are discussing in this event. Lansweeper will show you:
- Passive vs Active vs Agent-based scanning vs OT scanning and how to use the combination to discover all devices.
- Utilizing Risk insights to get an automated overview of all vulnerabilities in your environment.
- Diagrams show you potential dependencies within your organization and help you manage VLANs better from a security view.
- Detailed asset data can be used to investigate potential security issues or identify breach causes using fully customizable reports.
- Lansweeper's distributed architecture allows for flexibility and scalability for any size company.
Please join me for this practical and educational real training for free session.