Security Monitoring: Detecting Wdigest Authentication

One of the noisier items in the Security Monitoring Management Pack is the monitor that triggers against all Windows 2008 R2 and below systems if the proper WDigest post patch configurations have not been applied. WDigest is another older protocol that was addressed with KB 2871997. Prior to 2008R2, Wdigest credentials remained in the LSA…

0

Security Monitoring: Using SCOM to Detect SMB1 Authentications

I think at this point, we are all aware of the dangers posed by continuing SMB1 authentication in an environment. The virus wannacry infected more than 400,000 machines and caused a number of outages across many organizations. Detecting SMB1 is unfortunately not quite as easy as some protocols. A colleague of mine, Leanne Livingstone, provided…

0

Security Monitoring: Using SCOM to detect NTLMv1 and LanManager Authentication Types

  One of the big changes in the next release of the Security Monitoring management pack will be reports designed to let administrators if they are using older protocols in their environments. It goes without saying that many older protocols are often full of vulnerabilities. As well, they tend to be on by default due…

0

Post Configuration Tasks for the Security Monitoring Management Pack

  As I have mentioned in the initial posts, using the security monitoring management pack is going to require certain practices in procedures be in place.  Simply importing the management pack will not give you a picture of everything that it is designed to monitor.  Ultimately, this management pack serves two purposes.  The first is…

0