Home Data Center Citrix: Password Wars – Randomizing Local Admin Passwords in Non-persistent Environments

Citrix: Password Wars – Randomizing Local Admin Passwords in Non-persistent Environments

Citrix: Password Wars – Randomizing Local Admin Passwords in Non-persistent Environments

Achieving complete control over a company is a feat that requires a black belt and serious Jedi hacking skills. You must create a chain of multiple zero-day exploits to get into a network (we all know they are really “cheap”), use a hacking mask to bypass face recognition authentication and, finally, extract data using an FM radio receiver and video card — something only a true master can pull off.

Extreme examples sound great, but they usually belong to action novels and click-bait articles, as real-life hacks are less dramatic. Attackers tend to follow the path of least resistance. Very often, after reading detailed descriptions of the latest security breach, you can find out that admin/admin credentials were used, or hackers used some forgotten account with P@ssw0rd or Company123 passwords.

Unfortunately, many security teams believe that their focus can determine their reality. They expend a lot of effort trying to protect their assets from rare and exotic attack vectors while ignoring or underestimating the big hole right under their feet. The Pareto Principle applies to IT security as well: it is possible to spend 20% of your effort to protect your company from 80% of the attacks. I often recommend reading reliable analyses, such as DBIR (my favorite annual report) to find out about the most common attack techniques, how to stay on target, and how to set up your defenses. In the latest report, you’ll see that 81% of hacking-related breaches leveraged either stolen and/or weak passwords.

In a data center, very very close, not a long time ago… This is a story of how one weak password can bring down the whole empire.

Attack of the clones

The local administrator account is one of the most common security underdogs. It is often ignored – after all, it gives you only local privileges, right? Well, size matters not. This account is present on every Windows-based computer in your company, where it co-exists with other, more interesting accounts. Local accounts are decentralized in nature, but unfortunately, they often share the same password. This vulnerability can easily be used for privilege escalation.

Read the entire article here, Password Wars: Randomizing Local Admin Passwords in Non-persistent Environments

Via the fine folks at Citrix Systems, Inc.

Citrix Systems Citrix (NASDAQ:CTXS) aims to power a world where people, organizations and things are securely connected and accessible to make the extraordinary possible. Its technology makes the world’s apps and data secure and easy to access, empowering people to work anywhere and at any time. Citrix provides a complete and integrated portfolio of Workspace-as-a-Service, application delivery, virtualization, mobility, network delivery and file sharing solutions that enables IT to ensure critical systems are securely available to users via the cloud or on-premise and across any device or platform. With annual revenue in 2015 of $3.28 billion, Citrix solutions are in use by more than 400,000 organizations and over 100 million users globally. Learn more at www.citrix.com.

Featured Resources:

Related Articles:


White Papers

    Application Lifecycle Management with Stratusphere UX – White Paper

    Enterprises today are faced with many challenges, and among those at the top of the list is the struggle surrounding the design, deployment, management and operations that support desktop applications. The demand for applications is increasing at an exponential rate, and organizations are being forced to consider platforms beyond physical, virtual and cloud-based environments. Users […]


      Download Commvault VM Backup and Recovery: end-to-end VM backup, recovery and cloud management

      Commvault’s ability to provide end-to-end VM backup, recovery and cloud management creates a significantly better way to build, protect and optimize VMs throughout their lifecycle. Our best-in-class software for VM backup, recovery and cloud management delivers a number of significant benefits, including: VM recovery with live recovery options; backup to and in the cloud; custom-fit […]

      On-Demand Webinars

        What’s Going on in EUC Printing – A Technical Deep Dive!

        The IGEL Community and ThinPrint invite you to watch the following technical deep dive webinar. The agenda is to technically bring you up to speed on what’s going on in the EUC Printing space today along with a deep dive into new methods, technologies, printing scenarios and a discussion on why printing still matters. You […]

        Latest Videos

          Views All IT News on DABCC.com
          Views All IT Videos on DABCC.com
          Win big $$, visit ITBaller.com for more info!

          Visit Our Sponsors