Technologies Begging to be Ransomwared
-
@dashrender said in Technologies Begging to be Ransomwared:
@obsolesce said in Technologies Begging to be Ransomwared:
The last two enterprises I was at we decommissioned AD and did away with local accounts. Totally not needed anymore with Windows.
You decomm'ed AD and did away with local accounts? Then how did you log in?
AAD
-
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
-
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
-
@travisdh1 said in Technologies Begging to be Ransomwared:
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
I haven't - I haven't been in an environment that it would have been possible to even suggest it. Now that I am in the Private sector again - I MIGHT be able to . But that would be a heavy load to work with right now.
-
@travisdh1 said in Technologies Begging to be Ransomwared:
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
-
@dashrender said in Technologies Begging to be Ransomwared:
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
How? because you cannot remotely log in to all the machines.
You didn't make those all admin account did you? -
@dashrender said in Technologies Begging to be Ransomwared:
@travisdh1 said in Technologies Begging to be Ransomwared:
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.
-
@jaredbusch said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
How? because you cannot remotely log in to all the machines.
You didn't make those all admin account did you?Exactly. How would it compromise them because they are all different machines, not connected together, with different accounts. If your computer that you are on now is compromised it does not impact my computer because there is nothing tying them together. That's the issue with AD and mapped drives, they are technologies for attaching machines together.
-
@dashrender said in Technologies Begging to be Ransomwared:
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
It's not AD. Don't just assume AD problems happen to all technologies, they don't. Yes, having shared passwords and accounts increases risk, a lot. But not to the degree you are assuming. It's not automatic like that.
First, just because something doesn't 100% fix AD doesn't make it bad. There is always some risk.
Two, AD assumes that the computers are able to communicate with one another. Other technologies do not necessarily assume that. They might, but they might not. With AD the computers have to have shared communications through mapped drives, even if only the management drive. But most tech does not require that and can have shared users and passwords without creating shared exposure. Compromising system A does not necessarily allow you to even find System B, let alone access it.
-
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
What do you mean, it's a script. The script would create the accounts and set the passwords on every machine, probably in seconds. Even a thousand computers would only take a couple seconds in most cases. Faster than AD, most likely.
-
@obsolesce said in Technologies Begging to be Ransomwared:
But, a major factor in all this ransomware is the fact that nobody should have "full" permissions to to the data in a mapped drive in the first place.
this is the key. Local or remote accounts are kind of all the same. It's the data exposure issue that is the problem. Traditional AD and mapped drives, while it didn't HAVE to do this, was designed around the assumption that you limit only what you absolutely have to, not provide access only to what is absolutely necessary. And you provide access at the file level, rather than the application level. So the potential for damage is high and the potential for protection is low.
-
@stacksofplates said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
@travisdh1 said in Technologies Begging to be Ransomwared:
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.
I haven't used Jumpcloud because the free tier is so limited, even for my home lab I'd have to pay.
-
@travisdh1 said in Technologies Begging to be Ransomwared:
@stacksofplates said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
@travisdh1 said in Technologies Begging to be Ransomwared:
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.
I haven't used Jumpcloud because the free tier is so limited, even for my home lab I'd have to pay.
Why use it for anything other than laptops/workstations? I wouldn't use it for server logins. I assumed this discussion was about client devices not servers.
-
@stacksofplates said in Technologies Begging to be Ransomwared:
@travisdh1 said in Technologies Begging to be Ransomwared:
@stacksofplates said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
@travisdh1 said in Technologies Begging to be Ransomwared:
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.
I haven't used Jumpcloud because the free tier is so limited, even for my home lab I'd have to pay.
Why use it for anything other than laptops/workstations? I wouldn't use it for server logins. I assumed this discussion was about client devices not servers.
That was my assumption, too.
-
@stacksofplates said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
@travisdh1 said in Technologies Begging to be Ransomwared:
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.
it's jumpcloud just an AD replacement? If not - forgive because I've never used it.
-
@scottalanmiller said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
It's not AD. Don't just assume AD problems happen to all technologies, they don't. Yes, having shared passwords and accounts increases risk, a lot. But not to the degree you are assuming. It's not automatic like that.
First, just because something doesn't 100% fix AD doesn't make it bad. There is always some risk.
Two, AD assumes that the computers are able to communicate with one another. Other technologies do not necessarily assume that. They might, but they might not. With AD the computers have to have shared communications through mapped drives, even if only the management drive. But most tech does not require that and can have shared users and passwords without creating shared exposure. Compromising system A does not necessarily allow you to even find System B, let alone access it.
Of course your topic is generic, and my discussion is less so (about my own environment). So yeah, those machines are all on the same network, or nearly so, so yeah, once one is compromised, the rest on that network would also be compromised.
No - of course the regular users wouldn't be admins, but there are so many privilege escalation hacks these days, that seems almost a moot point.
-
@dashrender said in Technologies Begging to be Ransomwared:
So yeah, those machines are all on the same network, or nearly so, so yeah, once one is compromised, the rest on that network would also be compromised.
This is not how it works. Local accounts cannot remote into another machine and do anything.
-
@dashrender said in Technologies Begging to be Ransomwared:
@stacksofplates said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
@travisdh1 said in Technologies Begging to be Ransomwared:
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.
it's jumpcloud just an AD replacement? If not - forgive because I've never used it.
It creates local users/groups on the systems using an agent. It also does limited configuration management.
-
@dashrender said in Technologies Begging to be Ransomwared:
@stacksofplates said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
@travisdh1 said in Technologies Begging to be Ransomwared:
@hobbit666 said in Technologies Begging to be Ransomwared:
@scottalanmiller said in Technologies Begging to be Ransomwared:
If, for whatever reason, you need lots of users on lots of machines there are ways to do that. Like a simple script of net user and voila, 20 users and 100 machines, as fast or faster than AD will do it. And without the confusing caching and time out issues.
So how does that create the 20 users on all 100 machines?
Have you not used Salt or Ansible? It's one file to set user information and then deploy that to any arbitrary group of computers you want.
yeah I haven't yet either, but it's a tool that allows you to break free from the likes of AD for centralized management.
But if you are deploying the same usernames/passwords to all 20 machines, then when one is compromised, all 20 are.
I'd just use Jumpcloud. It's purpose made for this. Ansible on windows is annoying. Jumpcloud is cross platform and just works.
it's jumpcloud just an AD replacement? If not - forgive because I've never used it.
It is a t-shirt
-
@jaredbusch said in Technologies Begging to be Ransomwared:
@dashrender said in Technologies Begging to be Ransomwared:
So yeah, those machines are all on the same network, or nearly so, so yeah, once one is compromised, the rest on that network would also be compromised.
This is not how it works. Local accounts cannot remote into another machine and do anything.
d'fuck they can't! Unless you remove network access to them.. granted, you can do that...
Though - I suppose the firewall could also block general remote access as well, I'd have to test that.FYI - my experience in all of this is through the use of shares - so if shares aren't enabled.. then I'm guessing you're probably correct due to configuration.
