Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Access this computer from the network - best practices for DC and Member Server

This policy setting determines whether the LDAP server requires LDAP clients to negotiate data signing. Using the default configuration of this value allows LDAP clients to communicate with Active Directory in an insecure fashion.

Server hardening is a bigger challenge today than ever before. When infrastructure becomes more and more complex, it is impossible to achieve compliance using manual tools to harden servers. CalCom offers an automated solution for server hardening for easy policy enforcement and maximum compliance.

Auditing Kerberos service ticket operations is important for detecting hackers trying to use Kerberos as an attack vector. The default value of this configuration is to audit only successful events. This may eventually result in missing an attack or not having enough information to investigate it.

This video will discuss the recommended setting for Symbolic Links in your servers, since as much as they are useful, Symbolic Links can also be used maliciously to gain access and control in your network.

This policy specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. If a value is configured to Disabled or Not Configured, the attacker can leverage it to map the client’s LPT ports. In addition, he can use the port to redirect data from the Terminal Server to the local LTP ports.

Do Not Allow COM Port Redirection will determine whether the redirection of data to client COM ports from the remote computer will be allowed in the RDS session. By default, RDS allows COM port redirection. It can be used, for example, to use a USB dongle in an RDS session.

NTLM is Microsoft’s old mythological authentication protocol. Although new and better authentication protocol has already been developed, NTLM is still very much in use. NTLM protocol has proven to have many flaws that result in potential vulnerabilities. One caution measure that can be taken is auditing and logging any NTLM traffic events.