Configure and Deploy Microsoft LAPS

IT Security is essentially a risk mitigation game. There is no such thing as a totally secure system, certainly nothing you can ‘set and forget’ and so we are left to decide what we can do, to best protect our systems.

We don’t want an unauthorised person to use our computer, so we use a password. We know passwords can be guessed, or cracked, so we choose more difficult passwords. More powerful attackers can crack more difficult passwords, so we use 2 Factor Authentication.

The list goes on and on and on, but with each risk we can look for a mitigation that works in our environment, knowing that there is nothing we can do to fully protect ourselves but we can make things as difficult as possible for a would be attacker, in the hopes that he or she may look for some lower hanging fruit elsewhere.

With that in mind we are going to look at managing the Local Administrator password for your client computers to help prevent lateral movement through your network.

Read more of this post

Spear Phishing: What Can you do?

I have seen a sharp rise in the number of spear phishing attempts my clients are subjected to. I’m sure this trend will continue. Of course our best line of defence when protecting our clients is user education. We can of course try and make things easier for them.

Our most recent example was quite lacklustre by comparison, they hadn’t even bothered to try and find a similar address, just some random Comcast account and setting the ‘From’ name to that of the Executive they were trying to impersonate.

I decided that to counter this we can tag the subject of any such email and then also generate an incident response within Office 365.

Read more of this post

<span>%d</span> bloggers like this: