Posts tagged Authentication

2 min Authentication

Passwords and the Devolution of Computer Users

This is a guest post from our frequent contributor Kevin Beaver [/author/kevinbeaver]. You can read all of his previous guest posts here [/author/kevinbeaver]. Recently, I wrote about my thoughts on why we feel like we have to force short-term password changes in the name of “security.” [/2016/04/28/why-do-we-keep-forcing-short-term-password-changes] Since that time, Microsoft made an announcement to step in and help set its users (and itself) up for success [

3 min Authentication

Weekly Metasploit Wrapup

Steal all the passwords I talk a lot about Authenticated Code Execution, but of course that's not the only thing that authenticated access can get you. This week's update comes with a couple of modules for using known credentials to extract more credentials. The first is for Symantec Brightmail, an email filtering gateway that comes with a management interface for administrators. Any account with read access is allowed to look at the encrypted LDAP credentials stored in Brightmail. Fortunately f

3 min Authentication

If Employee Passwords Get Compromised, Does Your System Make a Sound?

Compromised credentials [] are the number one attack vector behind breaches, according to the Verizon Data Breach Investigations Report. Armed with an employee username and password, attackers can stealthily gain a foothold on the network, perform reconnaissance, and move laterally to critical targets – all without malware. Phishing and malware are great ways to steal credentials, but there's another much easier way that's largely outsi

3 min Authentication

Insider Threat or Intruder: Effective Detection Doesn't Care

For various reasons, I have recently had a lot of conversations about insider threats. What is the best solution for them? How can they be detected? Does InsightIDR [] detect them? Rather than answering these questions with more questions, here is what I say: when you are detecting the malicious activity properly, the precise actor is unimportant. It is extremely important for the follow-up investigation and response that you know whether the person w

2 min Authentication

Detecting Intruders Using Credentials: Lateral Movement Is Not Just for T3h 1337 h4x0|2

The largest challenge for organizations looking to detect and contain attackers is one of the hardest to overcome: disbelief. Disbelief that they will be targeted. Disbelief that someone will get past their perimeter. Disbelief that they will use stealth. Whether it is an expert group like APT1 or, more likely, just someone shelling out $50 to a phishing expert who sells his services on the open market, they will get in someday. Once they are in, most organizations are blind to the stealthy ac

3 min InsightIDR

Detect Corporate Identity Theft with a New Intruder Trap: Honey Credentials

If you're only looking through your log files, reliably detecting early signs of attacker reconnaissance can be a nightmare. Why is this important? If you can detect and react to an intruder early in the attack chain, it's possible to kick the intruder out before he or she accesses your critical assets. This is not only good for you (no monetary data is stolen), but it's also critical because this is the only time in the chain that the intruder is at a disadvantage. Once an attacker has an i

2 min Authentication

Why do we keep forcing short-term password changes?

This is a guest post from our frequent contributor Kevin Beaver [/author/kevinbeaver/]. You can read all of his previous guest posts here [/author/kevinbeaver/]. I'm often asked by friends and colleagues: Why do I have to change my password every 30 or 60 days? My response is always the same: Odds are good that it's because that's the way that it's always been done. Or, these people might have a super strict IT manager who likes to show - on paper - that his or her environment is "locked down."

4 min User Experience

Designing Authentication

At Rapid7 security is everything, and that doesn't exclude the UX team. Yes, we want to give you beautiful interactions, seamless workflows and screens that make you go ‘Wow!' But security is always there gently guiding our design decisions, which can sometimes cause conflict between security best practices and the best user experience. Following on from an excellent post from Roy Hodgman [/2016/03/01/the-attackers-dictionary], one of the most common examples of the impact of security on user e

4 min Incident Detection

IDC: 70% of Successful Breaches Originate on the Endpoint

This is part 2 of a blog post series on a new IDC infographic covering new data on compromised credentials and incident detection [] . Check out part 1 now [/2014/11/10/more-efficient-incident-detection-and-investigation-saves-400000-per-year-says-idc] if you missed it. Most organizations focus on their server infrastructure when thinking about security – a fact we often see in our Ne

4 min Authentication

Brute Force Attacks Using US Census Bureau Data

Currently one of the most successful methods for compromising an organization is via password-guessing attacks. To gain access to an organization using brute force attack methods, there are a minimum of three things a malicious actor needs: A username, a password, and a target. Often the targets are easy to discover, and typically turn out to be email systems such as Outlook Web Access (OWA) or VPN solutions that are exposed to the Internet. Once a malicious actor has a target, they next need a

6 min Research

The Attacker's Dictionary

Rapid7 is publishing a report about the passwords attackers use when they scan the internet indiscriminately. You can pick up a copy at booth #4215 at the RSA Conference this week, or online right here []. The following post describes some of what is investigated in the report. Announcing the Attacker's Dictionary Rapid7's Project Sonar [] periodically scans the internet across a variety of ports and protocols

3 min Authentication

Simple Network Management Protocol (SNMP) Best Practices

By Deral Heiland, Research Lead, and Brian Tant, Senior Consultant, of Rapid7 Global Services Over the past several years while conducting security research in the area of Simple Network Management Protocol (SNMP) and presenting those findings at conferences around the world we are constantly approached with the same question: “What are the best practices for securing SNMP”? The first thing to remember about SNMP versions 1, 2, and 2c is that the community strings used for authentication are c

1 min Incident Detection

Get the 2015 Incident Detection & Response Survey Results!

In order to learn more about the strategic initiatives, current tools used, and challenges security teams are facing today, we surveyed 271 security professionals hailing from organizations across the globe. We were able to get fantastic responses representing companies from all sizes and industries, including healthcare, finance, retail, and government. On January 21st, we will be hosting a webcast with full analysis of the results. Register now and get the full report today. [http://www.ra

3 min Nexpose

Nexpose Two Factor Authentication

For organizations that want additional security upon login, Nexpose and the Rapid7 Nexpose-Client Ruby Gem will support Two Factor Authentication as of the January 6, 2016 release. Two Factor Authentication requires the use of a time-based one-time password application such as Google Authenticator. Two Factor Authentication can only be enabled by a Global Administrator on the Security Console. To enable Two Factor Authentication: 1. As a Global Administrator, go to the Administration tab. 2.

2 min Authentication

Understanding User Behavior Analytics

Hey everyone! I'm pleased to announce that we've put together another pretty fun research report here in the not-terribly-secret overground labs here at Rapid7: Understanding User Behavior Analytics. You can download it over here [] . Modern enterprise breaches tend to make heavy use of misbehaving user accounts. Not the users -- the people typing at keyboards or poking at their smartphones -- but user accounts. Th