I've changed that employee's password but during the course of my investigation I noticed hundreds of EventID 4776's being logged in the Event Viewer. Recently I noticed login attempts by an ex-employee using the login credentials of a still-current employee. We have an open RDP server configured on our network - port 3389, Network Level Authentication enabled, used by several remote users to connect to our system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |