Warning: Creating default object from empty value in /nfs/c09/h03/mnt/132495/domains/blog.nfrontsecurity.com/html/wp-content/themes/headlines/functions/admin-hooks.php on line 160

How Inactive Users can be Harming Your Network

I’ve already harped on this a few times in Top Ten Ways and Five Human Habits Hackers Exploit, but we at nFront Security feel that this topic is often overlooked and it can be a huge danger to some companies. People come and go in your company all the time, that is the way business works. Sometimes these people leave to pursue greener pastures and sometimes they leave on not so happy terms. Regardless of the circumstances, inactive users are the perfect vehicle for a hacker to gain access to your network and roam around unnoticed.

Hackers will sometimes look for people, especially upper level executives that have left the company recently and begin their attack. Typically a username simple to guess, the password is where the real work comes in. Even if you have a policy in place it is still possible to crack the password and gain access to the users account. Once a hacker has access to your network they are free to roam around as they please, virtually unnoticed. If you have a policy in place that will disable all inactive accounts then this is not something you should be too worried about. However, my guess is since you are still reading this you don’t have an account disabler in place.

Checking for inactive accounts across all domains is an important part of a strong password policy. Make sure that your team is looking for accounts that have been inactive for a few months and that you ensure that their log on capabilities have been disabled to protect the rest of your network. Administrative accounts are the most vulnerable to this type of hacking so it might be beneficial to check those for inactivity more often if you feel there might be some personnel changes before your set check time.

There are products on the market that can check your domain for user inactivity. Make sure you have allowed for such a product in your password policy budget as this is usually a requirement for most industry regulations and audits. Make sure that when you are purchasing these products that they can search across all servers your organization to show you the last true login of a user. If you have multiple servers that are spread out across the US or internationally and your product is incapable of displaying the last true login of a user, you might end up disabling a user that logged in to the Houston server nine months ago, but logged on to the Atlanta sever yesterday.

For more information on account disabling products check out nFront Security.

Twitter Digg Delicious Stumbleupon Technorati Facebook Email

About Laine Hoke

For more news on recent hacks follow @LainenFront on Twitter

Comments are closed.