SlideShare a Scribd company logo

8 Holes in Windows Login Controls and How UserLock Fills Them

IS Decisions
IS Decisions

This document summarizes 8 holes in Windows login controls related to security and regulatory compliance. UserLock is a software that fills these holes by providing controls like concurrent login limits, logon/logoff reporting, session monitoring, remote logoff, time restrictions by group, workstation restrictions by group, forcible logoff after time expires, and displaying previous logon details. It was positively reviewed in PC Mag for providing tight user access control for organizations with mandatory security requirements.

1 of 42
Download to read offline
5 minute presentation 8 Holes in Windows® Login Controls and how UserLock® fills them in …
Windows® lacks important security controls No concurrent login No logon time restrictions control by group No workstation restrictions No logon/logoff reporting by group No logon session No forcible logoff when monitoring allowed logon time expires No previous logon time and No remote logoff of computer display when user workstation logon logs on sessions
These security controls are required for an Information System to comply with major regulatory constraints and efficiently mitigate insider threat
2011 CyberSecurity Watch Survey How bad is the insider threat? Electronic crimes committed by Insiders Outsiders Unknown 21% 21% 58% Source: 2011 CyberSecurityWatch Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, January 2011.
2011 CyberSecurity Watch Survey How damaging is an insider incident? Most costly or damaging electronic crimes are committed by Insiders Outsiders Unknown 29% 33% 38% Source: 2011 CyberSecurityWatch Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, January 2011.
Best practices for the prevention of insider threat recommended in the Common Sense Guide to Prevention and Detection of Insider Threats Log, monitor, and audit employee online actions Collect and save usable evidence in order to preserve response options Make all activity from any account attributable to its owner Deactivate computer access following termination
Windows native login controls do not enable efficient implementation of such practices.
Hole #1 No concurrent login control There is no way in Windows to limit a given user account from only logging on one computer at a time.
Why is controlling concurrent logins so important? It increases the risk of users sharing their credentials, as there is no consequence to their own access on the network.
Why is controlling concurrent logins so important? It widens the attack surface of a network as a hacker can seamlessly use valid credentials at the same time as their legitimate owner.
Why is controlling concurrent logins so important? It means that several workstations can unduly be blocked by one user, thus preventing proper sharing of resources.
Why is controlling concurrent logins so important? It can very easily corrupt roaming profiles and create versioning conflicts for offline files.
NOT CONTROLLING CONCURRENT LOGINS CREATES A REAL ACCOUNTABILITY AND NON-REPUDIATION ISSUE.
Controlling concurrent logins is required to comply with ICD 503, NISPOM Chap. 8 and NIST 800-53
UserLock® allows you to limit or prevent concurrent logins.
Hole #2 No logon/logoff reporting There is no way in Windows to get a report saying “John logged on at 8:00 and he logged off at 11:00.”
Why is logon/logoff reporting so important? It gives the ability to answer crucial questions when it comes to investigations following an incident. How long did they remain Who was really logged on? logged on? When did they log on? Where were they logged on? At any given time, which people When did they log off? were actually logged on at their systems?
Logon/logoff reporting is required to comply with major international regulations Loi sur la Sécurité Financière
UserLock® records all session logging and locking events in an ODBC database for reporting.
Hole #3 No logon session monitoring Native Windows features do not allow SysAdmins to answer the following questions in real time: Who is logged on at which computers? Which computers are being used by a given user? Who are the users currently logged on at this particular computer?
Logon/logoff monitoring is required to comply with major US regulations
UserLock® allows real time session monitoring and alerts.
Hole #4 No remote logoff of workstation sessions Windows features do not provide System Administrators with a practical way to remotely logoff a specific user.
Why is remote logoff of workstation sessions really useful? secure computers that are left unattended free up locked-down resources handle emergency situations
Remote logoff ability is required to comply with GLBA and FISMA
With UserLock®, a SysAdmin can remotely lock or logoff any session.
Hole #5 No logon time restriction by group Windows only provides logon time restriction functionality on a user-by-user basis.
Enforcing time restrictions is required to comply with major international regulations Loi sur la Sécurité Financière
UserLock® enforces time restrictions by group and OU.
Hole #6 No workstation restriction by group Windows only provides logon workstation restriction functionality on a user-by-user basis.
Why does workstation restriction by group secure access to your network? It reduces the number of computers on which stolen credentials can be used or exploited; therefore reducing your Windows network attack surface.
Workstation restriction is required to comply with GLBA, FISMA and HIPAA
UserLock® enforces workstation restrictions by group and OU.
Hole #7 No forcible logoff when allowed logon time expires The “Automatically logoff users when logon time expires” feature in Windows only applies to file and print servers (SMB components). There is absolutely nothing in Windows that will log a user off of his workstation where he is logged on.
Forcible logoff ability is required to comply with the US Patriot Act, FISMA and HIPAA
Outside of authorized timeframe(s) or when time is up, UserLock® will really disconnect users with prior warning.
Hole #8 No previous logon time and computer display when users log on Windows does not display previous logon time and computer when users log on.
Why does displaying previous logon time and computer increase the security of your network? This is one of the most effective ways to detect people impersonating user accounts.
Displaying previous logon time and computer is required to comply with ICD 503, NISPOM Chap. 8 and NIST 800-53
UserLock® allows notifying all users prior to gaining access to a system with a tailor-made warning message.
UserLock reviewed in PC Mag Overall, UserLock is a solid tool that any Windows Network Administrator should consider adding to their network management toolkit if tight user access control is mandatory for their organization … … BOTTOM LINE: it’s an impressive product.
Download a free fully-functional trial now www.UserLock.com

Recommended

UserLock 9 Technical Presentation
UserLock 9 Technical PresentationUserLock 9 Technical Presentation
UserLock 9 Technical PresentationIS Decisions
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iPrecisely
 
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...Lacoon Mobile Security
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
Security Testing
Security TestingSecurity Testing
Security TestingISsoft
 
Website vulnerability to session fixation attacks
Website vulnerability to session fixation attacksWebsite vulnerability to session fixation attacks
Website vulnerability to session fixation attacksAlexander Decker
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET Journal
 
Delivering Security with GFI MAX - Mark Petrie
Delivering Security with GFI MAX - Mark Petrie Delivering Security with GFI MAX - Mark Petrie
Delivering Security with GFI MAX - Mark Petrie MAXfocus
 

Recommended

UserLock 9 Technical Presentation
UserLock 9 Technical PresentationUserLock 9 Technical Presentation
UserLock 9 Technical PresentationIS Decisions
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iPrecisely
 
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...Lacoon Mobile Security
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
Security Testing
Security TestingSecurity Testing
Security TestingISsoft
 
Website vulnerability to session fixation attacks
Website vulnerability to session fixation attacksWebsite vulnerability to session fixation attacks
Website vulnerability to session fixation attacksAlexander Decker
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET Journal
 
Delivering Security with GFI MAX - Mark Petrie
Delivering Security with GFI MAX - Mark Petrie Delivering Security with GFI MAX - Mark Petrie
Delivering Security with GFI MAX - Mark Petrie MAXfocus
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
Vulnerabilities In Industrial Control System
Vulnerabilities In Industrial Control SystemVulnerabilities In Industrial Control System
Vulnerabilities In Industrial Control SystemCentextech
 
Android security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesAndroid security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesLeMeniz Infotech
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risksIslam Azeddine Mennouchi
 
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iPrecisely
 
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solutionguestd1c15
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSIJNSA Journal
 
How to Stop Man in the Browser Attacks
How to Stop Man in the Browser AttacksHow to Stop Man in the Browser Attacks
How to Stop Man in the Browser AttacksImperva
 
TM - product overview
TM - product overviewTM - product overview
TM - product overviewJason Pears
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
Whitelist Tutorial 1
Whitelist Tutorial 1Whitelist Tutorial 1
Whitelist Tutorial 1tafinley
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
 
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...FilGov
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10jpmccormack
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarDaniel Versola
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing AttacksRapid7
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...Anton Chuvakin
 
Keyloggers A Malicious Attack
Keyloggers A Malicious AttackKeyloggers A Malicious Attack
Keyloggers A Malicious Attackijtsrd
 

More Related Content

What's hot

Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
Vulnerabilities In Industrial Control System
Vulnerabilities In Industrial Control SystemVulnerabilities In Industrial Control System
Vulnerabilities In Industrial Control SystemCentextech
 
Android security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesAndroid security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesLeMeniz Infotech
 
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iPrecisely
 
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solutionguestd1c15
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksVladimir Jirasek
 
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSIJNSA Journal
 
How to Stop Man in the Browser Attacks
How to Stop Man in the Browser AttacksHow to Stop Man in the Browser Attacks
How to Stop Man in the Browser AttacksImperva
 
TM - product overview
TM - product overviewTM - product overview
TM - product overviewJason Pears
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
Whitelist Tutorial 1
Whitelist Tutorial 1Whitelist Tutorial 1
Whitelist Tutorial 1tafinley
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
 
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...FilGov
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10jpmccormack
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarDaniel Versola
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing AttacksRapid7
 

What's hot (20)

Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 
Vulnerabilities In Industrial Control System
Vulnerabilities In Industrial Control SystemVulnerabilities In Industrial Control System
Vulnerabilities In Industrial Control System
 
Android security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesAndroid security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defenses
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
 
IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.IS Decisions Company Overview. Solutions to secure your Windows Network.
IS Decisions Company Overview. Solutions to secure your Windows Network.
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
 
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security SolutionMobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution
 
Mobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risksMobile security summit - 10 mobile risks
Mobile security summit - 10 mobile risks
 
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
 
How to Stop Man in the Browser Attacks
How to Stop Man in the Browser AttacksHow to Stop Man in the Browser Attacks
How to Stop Man in the Browser Attacks
 
TM - product overview
TM - product overviewTM - product overview
TM - product overview
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
 
Whitelist Tutorial 1
Whitelist Tutorial 1Whitelist Tutorial 1
Whitelist Tutorial 1
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
 
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security Seminar
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 

Similar to 8 Holes in Windows Login Controls and How UserLock Fills Them

How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...Anton Chuvakin
 
Keyloggers A Malicious Attack
Keyloggers A Malicious AttackKeyloggers A Malicious Attack
Keyloggers A Malicious Attackijtsrd
 
UserLock Datasheet
UserLock DatasheetUserLock Datasheet
UserLock DatasheetIS Decisions
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)Wail Hassan
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watchJim Porell
 
Security Breaches from Compromised User Logins
Security Breaches from Compromised User LoginsSecurity Breaches from Compromised User Logins
Security Breaches from Compromised User LoginsIS Decisions
 
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMIJNSA Journal
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
Self Monitoring System to Catch Unauthorized Activity
Self Monitoring System to Catch Unauthorized ActivitySelf Monitoring System to Catch Unauthorized Activity
Self Monitoring System to Catch Unauthorized ActivityIRJET Journal
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinderObserveIT
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slidesBassam Al-Khatib
 
Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?SolarWinds
 
INTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITORINTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITORInfosec Train
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...appsec
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET Journal
 

Similar to 8 Holes in Windows Login Controls and How UserLock Fills Them (20)

How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
 
Keyloggers A Malicious Attack
Keyloggers A Malicious AttackKeyloggers A Malicious Attack
Keyloggers A Malicious Attack
 
UserLock Datasheet
UserLock DatasheetUserLock Datasheet
UserLock Datasheet
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
 
Security Breaches from Compromised User Logins
Security Breaches from Compromised User LoginsSecurity Breaches from Compromised User Logins
Security Breaches from Compromised User Logins
 
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEMARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
ARCHITECTURE OF A IDENTITY BASED FIREWALL SYSTEM
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
 
Self Monitoring System to Catch Unauthorized Activity
Self Monitoring System to Catch Unauthorized ActivitySelf Monitoring System to Catch Unauthorized Activity
Self Monitoring System to Catch Unauthorized Activity
 
3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder3 steps to 4x the risk coverage of CA ControlMinder
3 steps to 4x the risk coverage of CA ControlMinder
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slides
 
Is4560
Is4560Is4560
Is4560
 
43 automatic
43 automatic43 automatic
43 automatic
 
Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?Why Workstation Log Management is Crucial for Network Security?
Why Workstation Log Management is Crucial for Network Security?
 
Audit Controls Paper
Audit Controls PaperAudit Controls Paper
Audit Controls Paper
 
INTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITORINTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITOR
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal Thing
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
 

More from IS Decisions

Mitigating Insider Threats within the Banking & Financial Sector
Mitigating Insider Threats within the Banking & Financial SectorMitigating Insider Threats within the Banking & Financial Sector
Mitigating Insider Threats within the Banking & Financial SectorIS Decisions
 
Windows Network Access Control for Government Traffic Department
Windows Network Access Control for Government Traffic DepartmentWindows Network Access Control for Government Traffic Department
Windows Network Access Control for Government Traffic DepartmentIS Decisions
 
Risk from internal users in Banking. A Case-Study of UserLock and Bank of Cyprus
Risk from internal users in Banking. A Case-Study of UserLock and Bank of CyprusRisk from internal users in Banking. A Case-Study of UserLock and Bank of Cyprus
Risk from internal users in Banking. A Case-Study of UserLock and Bank of CyprusIS Decisions
 
Windows Active Directory Security with IS Decisions
Windows Active Directory Security with IS DecisionsWindows Active Directory Security with IS Decisions
Windows Active Directory Security with IS DecisionsIS Decisions
 
Oklahoma City Public Schools stops users sharing Windows Network Login with U...
Oklahoma City Public Schools stops users sharing Windows Network Login with U...Oklahoma City Public Schools stops users sharing Windows Network Login with U...
Oklahoma City Public Schools stops users sharing Windows Network Login with U...IS Decisions
 
RemoteExec DataSheet
RemoteExec DataSheetRemoteExec DataSheet
RemoteExec DataSheetIS Decisions
 
School Network Security. Camden City School District Case Study
School Network Security. Camden City School District Case StudySchool Network Security. Camden City School District Case Study
School Network Security. Camden City School District Case StudyIS Decisions
 
Information Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockInformation Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockIS Decisions
 
FileAudit Presentation | Windows File System Auditing
FileAudit Presentation | Windows File System AuditingFileAudit Presentation | Windows File System Auditing
FileAudit Presentation | Windows File System AuditingIS Decisions
 
UserLock Presentation | Access Security for Windows Networks
UserLock Presentation | Access Security for Windows NetworksUserLock Presentation | Access Security for Windows Networks
UserLock Presentation | Access Security for Windows NetworksIS Decisions
 
FileAudit Datasheet
FileAudit DatasheetFileAudit Datasheet
FileAudit DatasheetIS Decisions
 
RemoteExec Presentation
RemoteExec PresentationRemoteExec Presentation
RemoteExec PresentationIS Decisions
 
IS Decisions in the NUMB3RS
IS Decisions in the NUMB3RSIS Decisions in the NUMB3RS
IS Decisions in the NUMB3RSIS Decisions
 
IS Decisions Company Presentation
IS Decisions Company PresentationIS Decisions Company Presentation
IS Decisions Company PresentationIS Decisions
 
WinReporter Presentation
WinReporter PresentationWinReporter Presentation
WinReporter PresentationIS Decisions
 

More from IS Decisions (15)

Mitigating Insider Threats within the Banking & Financial Sector
Mitigating Insider Threats within the Banking & Financial SectorMitigating Insider Threats within the Banking & Financial Sector
Mitigating Insider Threats within the Banking & Financial Sector
 
Windows Network Access Control for Government Traffic Department
Windows Network Access Control for Government Traffic DepartmentWindows Network Access Control for Government Traffic Department
Windows Network Access Control for Government Traffic Department
 
Risk from internal users in Banking. A Case-Study of UserLock and Bank of Cyprus
Risk from internal users in Banking. A Case-Study of UserLock and Bank of CyprusRisk from internal users in Banking. A Case-Study of UserLock and Bank of Cyprus
Risk from internal users in Banking. A Case-Study of UserLock and Bank of Cyprus
 
Windows Active Directory Security with IS Decisions
Windows Active Directory Security with IS DecisionsWindows Active Directory Security with IS Decisions
Windows Active Directory Security with IS Decisions
 
Oklahoma City Public Schools stops users sharing Windows Network Login with U...
Oklahoma City Public Schools stops users sharing Windows Network Login with U...Oklahoma City Public Schools stops users sharing Windows Network Login with U...
Oklahoma City Public Schools stops users sharing Windows Network Login with U...
 
RemoteExec DataSheet
RemoteExec DataSheetRemoteExec DataSheet
RemoteExec DataSheet
 
School Network Security. Camden City School District Case Study
School Network Security. Camden City School District Case StudySchool Network Security. Camden City School District Case Study
School Network Security. Camden City School District Case Study
 
Information Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockInformation Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLock
 
FileAudit Presentation | Windows File System Auditing
FileAudit Presentation | Windows File System AuditingFileAudit Presentation | Windows File System Auditing
FileAudit Presentation | Windows File System Auditing
 
UserLock Presentation | Access Security for Windows Networks
UserLock Presentation | Access Security for Windows NetworksUserLock Presentation | Access Security for Windows Networks
UserLock Presentation | Access Security for Windows Networks
 
FileAudit Datasheet
FileAudit DatasheetFileAudit Datasheet
FileAudit Datasheet
 
RemoteExec Presentation
RemoteExec PresentationRemoteExec Presentation
RemoteExec Presentation
 
IS Decisions in the NUMB3RS
IS Decisions in the NUMB3RSIS Decisions in the NUMB3RS
IS Decisions in the NUMB3RS
 
IS Decisions Company Presentation
IS Decisions Company PresentationIS Decisions Company Presentation
IS Decisions Company Presentation
 
WinReporter Presentation
WinReporter PresentationWinReporter Presentation
WinReporter Presentation
 

8 Holes in Windows Login Controls and How UserLock Fills Them

  • 1. 5 minute presentation 8 Holes in Windows® Login Controls and how UserLock® fills them in …
  • 2. Windows® lacks important security controls No concurrent login No logon time restrictions control by group No workstation restrictions No logon/logoff reporting by group No logon session No forcible logoff when monitoring allowed logon time expires No previous logon time and No remote logoff of computer display when user workstation logon logs on sessions
  • 3. These security controls are required for an Information System to comply with major regulatory constraints and efficiently mitigate insider threat
  • 4. 2011 CyberSecurity Watch Survey How bad is the insider threat? Electronic crimes committed by Insiders Outsiders Unknown 21% 21% 58% Source: 2011 CyberSecurityWatch Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, January 2011.
  • 5. 2011 CyberSecurity Watch Survey How damaging is an insider incident? Most costly or damaging electronic crimes are committed by Insiders Outsiders Unknown 29% 33% 38% Source: 2011 CyberSecurityWatch Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, January 2011.
  • 6. Best practices for the prevention of insider threat recommended in the Common Sense Guide to Prevention and Detection of Insider Threats Log, monitor, and audit employee online actions Collect and save usable evidence in order to preserve response options Make all activity from any account attributable to its owner Deactivate computer access following termination
  • 7. Windows native login controls do not enable efficient implementation of such practices.
  • 8. Hole #1 No concurrent login control There is no way in Windows to limit a given user account from only logging on one computer at a time.
  • 9. Why is controlling concurrent logins so important? It increases the risk of users sharing their credentials, as there is no consequence to their own access on the network.
  • 10. Why is controlling concurrent logins so important? It widens the attack surface of a network as a hacker can seamlessly use valid credentials at the same time as their legitimate owner.
  • 11. Why is controlling concurrent logins so important? It means that several workstations can unduly be blocked by one user, thus preventing proper sharing of resources.
  • 12. Why is controlling concurrent logins so important? It can very easily corrupt roaming profiles and create versioning conflicts for offline files.
  • 13. NOT CONTROLLING CONCURRENT LOGINS CREATES A REAL ACCOUNTABILITY AND NON-REPUDIATION ISSUE.
  • 14. Controlling concurrent logins is required to comply with ICD 503, NISPOM Chap. 8 and NIST 800-53
  • 15. UserLock® allows you to limit or prevent concurrent logins.
  • 16. Hole #2 No logon/logoff reporting There is no way in Windows to get a report saying “John logged on at 8:00 and he logged off at 11:00.”
  • 17. Why is logon/logoff reporting so important? It gives the ability to answer crucial questions when it comes to investigations following an incident. How long did they remain Who was really logged on? logged on? When did they log on? Where were they logged on? At any given time, which people When did they log off? were actually logged on at their systems?
  • 18. Logon/logoff reporting is required to comply with major international regulations Loi sur la Sécurité Financière
  • 19. UserLock® records all session logging and locking events in an ODBC database for reporting.
  • 20. Hole #3 No logon session monitoring Native Windows features do not allow SysAdmins to answer the following questions in real time: Who is logged on at which computers? Which computers are being used by a given user? Who are the users currently logged on at this particular computer?
  • 21. Logon/logoff monitoring is required to comply with major US regulations
  • 22. UserLock® allows real time session monitoring and alerts.
  • 23. Hole #4 No remote logoff of workstation sessions Windows features do not provide System Administrators with a practical way to remotely logoff a specific user.
  • 24. Why is remote logoff of workstation sessions really useful? secure computers that are left unattended free up locked-down resources handle emergency situations
  • 25. Remote logoff ability is required to comply with GLBA and FISMA
  • 26. With UserLock®, a SysAdmin can remotely lock or logoff any session.
  • 27. Hole #5 No logon time restriction by group Windows only provides logon time restriction functionality on a user-by-user basis.
  • 28. Enforcing time restrictions is required to comply with major international regulations Loi sur la Sécurité Financière
  • 29. UserLock® enforces time restrictions by group and OU.
  • 30. Hole #6 No workstation restriction by group Windows only provides logon workstation restriction functionality on a user-by-user basis.
  • 31. Why does workstation restriction by group secure access to your network? It reduces the number of computers on which stolen credentials can be used or exploited; therefore reducing your Windows network attack surface.
  • 32. Workstation restriction is required to comply with GLBA, FISMA and HIPAA
  • 33. UserLock® enforces workstation restrictions by group and OU.
  • 34. Hole #7 No forcible logoff when allowed logon time expires The “Automatically logoff users when logon time expires” feature in Windows only applies to file and print servers (SMB components). There is absolutely nothing in Windows that will log a user off of his workstation where he is logged on.
  • 35. Forcible logoff ability is required to comply with the US Patriot Act, FISMA and HIPAA
  • 36. Outside of authorized timeframe(s) or when time is up, UserLock® will really disconnect users with prior warning.
  • 37. Hole #8 No previous logon time and computer display when users log on Windows does not display previous logon time and computer when users log on.
  • 38. Why does displaying previous logon time and computer increase the security of your network? This is one of the most effective ways to detect people impersonating user accounts.
  • 39. Displaying previous logon time and computer is required to comply with ICD 503, NISPOM Chap. 8 and NIST 800-53
  • 40. UserLock® allows notifying all users prior to gaining access to a system with a tailor-made warning message.
  • 41. UserLock reviewed in PC Mag Overall, UserLock is a solid tool that any Windows Network Administrator should consider adding to their network management toolkit if tight user access control is mandatory for their organization … … BOTTOM LINE: it’s an impressive product.
  • 42. Download a free fully-functional trial now www.UserLock.com