Discussions specific to the VMware vSphere hypervisor
Post Reply
rboynton
Enthusiast
Posts: 57
Liked: 7 times
Joined: Jun 25, 2015 12:59 am
Full Name: Rick Boynton
Contact:

Infrastructure Hardening

Post by rboynton » Aug 13, 2018 1:49 pm

I am going through the whitepaper: "https://bp.veeam.expert/proof-of-concep ... -hardening", and considering some of the important points made. One point that I find intriguing is the possibility of setting up a "virtual trip-wire". The point, as I understand it, is to set up an alert for activity on an unused admin account.

I would appreciate more info on how to set that up, preferably with concrete examples. Thank you!

Dima P.
Product Manager
Posts: 10709
Liked: 881 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Infrastructure Hardening

Post by Dima P. » Aug 15, 2018 5:59 pm

Hello Rick.

Thank you for the good question. I've asked authors of the Infrastructure Hardening chapter to comment if they have any advice on the setup. Stay tuned, cheers!

ravatheodor
Influencer
Posts: 10
Liked: 1 time
Joined: Dec 22, 2016 1:07 pm
Full Name: Razvan Ionescu
Contact:

Re: Infrastructure Hardening

Post by ravatheodor » Aug 16, 2018 9:55 am 1 person likes this post

Hi Rick,
You could create an "admin" account that has no privileges and monitor any failed logon attempts to it (windows security log, event ID 4625). Another practice is to rename the "Administrator" account to something else.

In any case, you need monitoring software in place that reads and aggregates Windows security events. For example in a VMware environment you could use vRealize Log Insight with Windows agents.

Post Reply

Who is online

Users browsing this forum: Asahi and 11 guests