I’ve already harped on this a few times, but at nFront Security, we feel that this topic is often overlooked, and it can be a huge danger to some companies, especially after the Colonial Pipeline hack. People come and go in your company all the time. That is the way business works. Sometimes, these people leave to pursue greener pastures, and sometimes, they leave on not so happy terms. Regardless of the circumstances, inactive users are the perfect vehicle for a hacker to gain access to your network and roam around unnoticed.
Hackers will sometimes look for people, especially upper level executives that have left the company recently and begin their attack. Typically, a username is simple to guess, but the password is where the real work comes in. Even if you have a policy in place, it is still possible to crack the password and gain access to the users account. Once a hacker has access to your network, they are free to roam around as they please, virtually unnoticed. If you have a policy in place that will disable all inactive accounts, then this is not something you should be too worried about. However, my guess is since you are still reading this you don’t have an account disabler in place.
Checking for inactive accounts across all domains is an important part of a strong password policy. Make sure that your team is looking for accounts that have been inactive for a few months and that you ensure that their log on capabilities have been disabled to protect the rest of your network. Administrative accounts are the most vulnerable to this type of hacking, so it might be beneficial to check those for inactivity more often if you feel there might be some personnel changes before your set check time.
Implementing nFront’s Account Disabler will help you have peace of mind. It can search across all servers in your organization to show you the last true login of a user. If you have multiple servers that are spread out across the US or internationally and your product is incapable of displaying the last true login of a user, you might end up disabling a user that logged in to the Houston server nine months ago but logged on to the Atlanta server yesterday.
Have any questions? Let’s talk!