Mr. Cucu is a graduate of both business and law Universities in Bucharest and holds an MBA from Northwood Universtity in Michigan USA. As a cyber-security professional he is also certified as CISA, CISM and CRISC.
Passionate about information security, Mr. Cucu was involved in all BISS projects, from security base lining, to valid protection, remediation and resolution. Current interests outline security intelligence and architecture, mapped on the Romanian security ecosystem.
Eyes on the User!
(Paper delivered with Bogdan Toporan)
Because your attackers are watching them too. Users are not responsible and not aware – you need to cover their back. Eg: Wherever and whenever users log on to any Windows workstation or servers they leave the password credentials behind. The common knowledge is that when we set up our password in Windows it is hashed and stored either in SAM or a ntds.dit database in Active Directory. This is useful for verification purposes, but if your operating system can re-use the password it means others can decrypt it!
Another thing is that when a hash is cached, it may be reused for authentication later => Brute-force or better Pass-The-Hash attacks. What about your power users?! What if half your admins just quit or move to your competitor; or they constantly move from a government organization to a private one for a better paycheck? Exactly who does what and where in your network – you need to establish and inforce that – monitor it, keep it updated – look for privilege access management and privilege identity management.
In addition, the headlines these days seem to focus on suspected hacking by third-party nation states like North Korea and Russia, leading many to assume incorrectly that the biggest privileged access threats posed to organizations are external. Despite the rash of high profile breaches involving abused or misused privileges garnering headlines recently, there has not been much progress in control over privileged access.
So there is more one should really care about, on all levels, and our proactive approach to security is to stay close to our customers and partners, to go beyond the deployment of perimeter and email security and touch the Internet together with the users and be there when they are on the verge of becoming victims.