Protect access to your log files. Time and time again, I've conducted penetration test and have gained access to authentication logs on some box along the way. Often times, somewhere in the numerous entries, you'll find someone who has mistakenly entered their password as their username.
Take that user/password gain access to other systems. There is no telling where it can take you.
No comments:
Post a Comment