Technologies Begging to be Ransomwared
-
@dashrender said in Technologies Begging to be Ransomwared:
So yeah, those machines are all on the same network, or nearly so, so yeah, once one is compromised, the rest on that network would also be compromised.
This is not how it works. Local accounts cannot remote into another machine and do anything.
-
@dashrender said in Technologies Begging to be Ransomwared:
@stacksofplates said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
@travisdh1 said in Technologies Begging to be Ransomwared:
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.
it's jumpcloud just an AD replacement? If not - forgive because I've never used it.
It creates local users/groups on the systems using an agent. It also does limited configuration management.
-
@dashrender said in Technologies Begging to be Ransomwared:
@stacksofplates said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
@travisdh1 said in Technologies Begging to be Ransomwared:
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.
it's jumpcloud just an AD replacement? If not - forgive because I've never used it.
It is a t-shirt
-
@jaredbusch said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
So yeah, those machines are all on the same network, or nearly so, so yeah, once one is compromised, the rest on that network would also be compromised.
This is not how it works. Local accounts cannot remote into another machine and do anything.
d'fuck they can't! Unless you remove network access to them.. granted, you can do that...
Though - I suppose the firewall could also block general remote access as well, I'd have to test that.FYI - my experience in all of this is through the use of shares - so if shares aren't enabled.. then I'm guessing you're probably correct due to configuration.
-
@jaredbusch said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
@stacksofplates said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
@travisdh1 said in Technologies Begging to be Ransomwared:
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.
it's jumpcloud just an AD replacement? If not - forgive because I've never used it.
It is a t-shirt
LOL - I have that shirt too.
-
@dashrender said in Technologies Begging to be Ransomwared:
d'fuck they can't!
No, a local account has zero remote access even to it’s own machine.
What in the fuck are you doing to make that not true.
-
@dashrender said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
It's not AD. Don't just assume AD problems happen to all technologies, they don't. Yes, having shared passwords and accounts increases risk, a lot. But not to the degree you are assuming. It's not automatic like that.
First, just because something doesn't 100% fix AD doesn't make it bad. There is always some risk.
Two, AD assumes that the computers are able to communicate with one another. Other technologies do not necessarily assume that. They might, but they might not. With AD the computers have to have shared communications through mapped drives, even if only the management drive. But most tech does not require that and can have shared users and passwords without creating shared exposure. Compromising system A does not necessarily allow you to even find System B, let alone access it.
Of course your topic is generic, and my discussion is less so (about my own environment). So yeah, those machines are all on the same network, or nearly so, so yeah, once one is compromised, the rest on that network would also be compromised.
No - of course the regular users wouldn't be admins, but there are so many privilege escalation hacks these days, that seems almost a moot point.
Each machine is as isolated from each other as if they were random devices on the Internet. Any cross machine machine risk is purely a discussion of how the machines have been misconfigured. If you use stock Windows, macOS, or Linux, they are locked down and there is no risk outside of zero day and even that is pretty isolated when talking "no online services."
-
@dashrender said in Technologies Begging to be Ransomwared:
d'fuck they can't! Unless you remove network access to them.. granted, you can do that...
There is no network access by default. You have to add that.
-
@dashrender said in Technologies Begging to be Ransomwared:
Though - I suppose the firewall could also block general remote access as well, I'd have to test that.
That's an extra layer, but unnecessary. As by default there is no sharing.
-
@dashrender said in Technologies Begging to be Ransomwared:
FYI - my experience in all of this is through the use of shares - so if shares aren't enabled.. then I'm guessing you're probably correct due to configuration.
Shares aren't on by default. But even when they are, nothing is shared out that a local non-admin user could access.
-
@scottalanmiller said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
FYI - my experience in all of this is through the use of shares - so if shares aren't enabled.. then I'm guessing you're probably correct due to configuration.
Shares aren't on by default. But even when they are, nothing is shared out that a local non-admin user could access.
Yeah, and this is ultimately what saves you - OK now we're on the same page.
Thanks
