using siem system how can i monitor the event of someone remote login into a computer using a local adminstrator account. by using rdp you can remote login using local adminstrator account into computer without even being in the domain .. in a case where the password of the local adminstrator is the same in the whole network and the hash stored in the sam of one of the computers is compromised ... one can access any workstation he wants without being in the domain or being spotted... how can i detect remote login of local adminstrator... thanks for your help.
Aucun commentaire:
Enregistrer un commentaire