Visibility of your Enterprise's Security Strength
Why Account Auditor?
After conducting thousands of infrastructure tests, Pure Hacking found that in almost every circumstance we are able to gain access through weak passwords. With this in mind, Pure Hacking developed the Account Auditor service. Once we can obtain encrypted versions of the passwords (hashes), weak passwords are cracked almost immediately. If it’s an admin account, it’s game over. This applies to both internal and external infrastructure.
Improving your passwords improves the overall security of your internal infrastructure because there is such a reliance on authentication. With Account Auditor, you know the state of every single account on your Domain Controller. The result is that people stop using simple passwords, the business is more secure and you are using what you already have in a more intelligent way. From a cultural change perspective, Account Auditor improves end user awareness because it shows the impact of a poor password and how quickly they are broken. It gives breadth and depth for all accounts on a system, not just wide and shallow or deep and narrow.
Once we collect and interpret the results they are represented in an easy to digest report available through a secure online portal. The interactive portal will enable you to identify:
- Which accounts with weak passwords you need to change.
- When new accounts with weak passwords are added to the domain.
- Visual breakdowns of how passwords are used across the environment.
- Misconfigured service accounts
- Accounts that should not have interactive logins
- Accounts that are using insecure encryption
- Provides a month by month comparison of your AD security posture
- Expired Accounts – Shows all expired accounts across your domain
How Account Auditor Works
The Account Auditor is a client-server application. The client is executed on the domain controller (either as a scheduled task or on demand) and communicates to the server at Pure Hacking using an encrypted channel, with IP-based access controls in place.
The client extracts the Active Directory database using a non-intrusive method and transfers it over SSL to Pure Hacking. The processing phase is then performed on a GPU cluster to accelerate the computations. Once the processing is finalised (approximately 4-6 hours), the results (i.e., complexity analysis, various statistics, account information, etc.) are accessible by the client in the interactive portal. Access to the portal is restricted by IP and requires user authentication.
The information stored in the portal does not contain clear text passwords (all passwords are masked). The storage media on the server is encrypted using AES-256. Only the last four sets of results are stored in the database for comparison in order to determine any improvements or deteriorations in password policies.
Q. I already have complex password policy enabled, do I really need this?
A. Password complexity and length are easily bypassed and often not enforced to the level that administrators believe. Account Auditor will tell you which accounts are in violation of your policy and which accounts are at risk. Your policy may have been created using best knowledge at a point in time however, as always, these need updating regularly. Now you can validate where things are really at.
Q. Can my data be viewed by anyone else other than Pure Hacking?
A. No. There is no shared databases or servers between any clients. The authentication is credential and IP-based, completed with Network Access Controls at Pure Hacking. Within Pure Hacking, this data is restricted and the data displayed in the portal is masked so that if a compromise was to happen at the client end, the passwords remain confidential.
Q. How secure is your channel?
A. AD database is encrypted natively, then for extra precaution Pure Hacking will encrypt it again. The file is then transferred over SSL (with IP-based restrictions), decrypted at Pure Hacking and then we attempt the cracking of the encrypted accounts on your AD Database. These four layers of security: native AD encryption (LM or NTLM); Pure Hacking Public / Private key Encryption; SSL Encryption and IP-based restrictions ensure your data is safe. No data is kept in clear text at Pure Hacking
Please contact us for scoping and pricing details.