rename domain active directory

Risks of Renaming Your Domain in Active Directory

As a sysadmin, there might be moments where you’ll find the need to change, merge, or rename your domain. There are many reasons why you might need to do this, for instance: an organizational restructuring, merger, buyout or expansion. Keep in mind that a rename is not designed to accommodate forest mergers or the movement…

What's the difference between hacking and phishing

What’s the Difference between Hacking and Phishing?

Because I’ve boldly assigned myself the task to explain hacking and phishing, I feel compelled to define both terms concisely because, as Einstein’s been quoted countless times, “If you can’t explain it simply, you don’t understand it well enough.” Simply put, in my opinion: Hacking is using exploits to gain access to something you do…

keys

On Authentication

The basis of any modern security system is authentication—ensuring someone is who they say they are.  By far, the most prevalent means of authentication in use today was invented in the 1960s: the username and password. In the ensuing five decades, so much has changed: computers aren’t kept in glassed off rooms, hard drives aren’t the size of…

Automate Exchange Distribution List Management

From a business perspective, distribution lists (DLs) for email communications are a powerful and well-understood concept in IT. And they are popular: Exchange admins have voted with their right-clicks, creating lots of these Active Directory objects in their corporate domains. DLs speed up overall collaboration and leverage the power of groups to answer questions, share…

The Dangers of Shared Links

Many web applications give users the ability to share private information with unauthenticated users via obscure, publicly accessible URLs.  These URLs, often called “external links” or “shared links,” are a convenient way to collaborate with people without giving them a username and password. But how in the world is it secure if the URLs are publicly accessible?…

Start Sweating the Small Stuff

In his recent New York Times article, “That Daily Shower Can Be a Killer,” renowned geographer Jared Diamond observes how Americans tend to greatly exaggerate risks that are sensational and beyond our control—like plane crashes and nuclear radiation—yet underestimate the mundane, but more common risks that we can control—like slipping in the shower or falling…

The Definitive Guide to Cryptographic Hash Functions (Part II)

Last time I talked about how cryptographic hash functions are used to scramble passwords.  I also stressed why it is extremely important to not be able to take a hash value and work backwards to figure out the plain text input.   That was Golden Rule #1 (pre-image resistance). But if hashes can’t be reversed, why…

The Definitive Guide to Cryptographic Hash Functions (Part 1)

Give me any message and I will create a secret code to obscure it. Try it! Try another one. This is called hashing—a technique often used to secure passwords (among other things).  Instead of keeping your secret, “dog”, in plain text for everyone to see, I’ll store the ugly 32-character code (the code is commonly…

The Difference Between Everyone and Authenticated Users

In order to maintain proper access controls, it’s crucial to understand what every entity on an access control list (ACL) represents, including the implicit identities that are built into a Windows environment. There are a lot of built-in accounts with obscure names and vague descriptions, so it can be confusing. One question I often get…

Who Is TRYING To Access Your Data?

In our previous post we discussed how over 80% of data breaches are considered “opportunistic.” The majority of them are regular employees who have excess permissions, who abuse their access to obtain sensitive information. When we take these two things into account we can confidently say that a primary area of risk is where regular…