Ever wonder if someone is accessing your network without your knowledge? Maybe you’ve had a recent virus or security incident, and you’re curious if someone is using a new backdoor into your data. We’ve seen everything from ransomware to Bitcoin mining operations run in the background, without anyone’s knowledge.
We use a combination of automated and manual systems to continually monitor our clients’ systems for unexpected behavior, but if you’re feeling tech-savvy and want to perform a quick inspection yourself, or you want to double-check the thoroughness of your current IT provider, here are 15 things you can check on your own to look for obvious signs of intrusion:
- New user accounts, local or domain
- New software installed / new services or programs running
- Recent interactive logins from service accounts
- Users are recently added to Domain Administrators or Administrators groups
- Audit policy changes
- New user right assignments
- Local account authentication policy changes
- Local user account changes
- Local account enumeration
- Logon rights changes
- Local group membership changes
- Failed logon attempts
- Any attempt to logon as the Administrator account
- Firewall policy change
- New device attached to servers or the internal network
Want some help with these items? We have audit tools to help speed-up your inspection. Call us if you would like us to perform a snapshot security assessment, so we can share the data with you in an easy-to-digest summary and help identify suspicious activity.
