I am going through the whitepaper: "https://bp.veeam.expert/proof-of-concep ... -hardening", and considering some of the important points made. One point that I find intriguing is the possibility of setting up a "virtual trip-wire". The point, as I understand it, is to set up an alert for activity on an unused admin account.
I would appreciate more info on how to set that up, preferably with concrete examples. Thank you!
-
rboynton
- Enthusiast
- Posts: 60
- Liked: 14 times
- Joined: Jun 25, 2015 12:59 am
- Full Name: Rick Boynton
- Contact:
-
Dima P.
- Product Manager
- Posts: 14415
- Liked: 1576 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: Infrastructure Hardening
Hello Rick.
Thank you for the good question. I've asked authors of the Infrastructure Hardening chapter to comment if they have any advice on the setup. Stay tuned, cheers!
Thank you for the good question. I've asked authors of the Infrastructure Hardening chapter to comment if they have any advice on the setup. Stay tuned, cheers!
-
ravatheodor
- VeeaMVP
- Posts: 18
- Liked: 5 times
- Joined: Dec 22, 2016 1:07 pm
- Full Name: Razvan Ionescu
- Contact:
Re: Infrastructure Hardening
Hi Rick,
You could create an "admin" account that has no privileges and monitor any failed logon attempts to it (windows security log, event ID 4625). Another practice is to rename the "Administrator" account to something else.
In any case, you need monitoring software in place that reads and aggregates Windows security events. For example in a VMware environment you could use vRealize Log Insight with Windows agents.
You could create an "admin" account that has no privileges and monitor any failed logon attempts to it (windows security log, event ID 4625). Another practice is to rename the "Administrator" account to something else.
In any case, you need monitoring software in place that reads and aggregates Windows security events. For example in a VMware environment you could use vRealize Log Insight with Windows agents.
Who is online
Users browsing this forum: EskBackupGuy23 and 67 guests