專案

一般

配置概況

動作
複製連結

一般 #1222

已結束

Asia Cyber Security Service Portal (ACSSP) 【Reply in Jira】[INCGC-15458]-Low-Windows Bruteforce Attempt Detected

是由 益利 周25 天 前加入. 於 13 天 前更新.

狀態:
Closed-關閉
優先權:
Normal
被分派者:
政益 楊
分類:
-
開始日期:
2025-12-31
完成日期:
完成百分比:

100%

預估工時:
2:00 小時

概述


Analysis: The alert indicates a brute-force style authentication attempt targeting user A40008 from workstation YILANA40008 via the domain controller YILAND-SRV.YILAND1.COM.TW, which was blocked by the security system. Since the action is BLOCK and the description shows a Status OK, there were no successful logins.

Recommendations:

1. Investigate the time-of-day restrictions configured for the user to confirm if the login attempt was legitimate and aligned with the user's allowed login times

2. Review the account activity of user to check for any successful logins or suspicious behavior.

3. Implement account lockout policies after a certain number of failed login attempts to prevent passwords from being guessed

4. Review account policies to confirm and reinforce time-of-day restrictions.

檔案

clipboard-202512310850-qt51k.png (40.2 KB) clipboard-202512310850-qt51k.png 益利 周, 2025-12-31 08:50
動作
複製連結
 #1

是由 益利 周25 天 前更新

  • 狀態New-新增 變更為 Resolved-解决
  • 被分派者 設定為 政益 楊
  • 完成百分比0 變更為 100
  • 預估工時 設定為 2:00 小時

A40008為謝鈺晨組長的電腦,950668為林子堯組長電腦,今天因在AD要開通YILAND1.COM.TW網域的使用,故在Windows認證管理員寫入帳號及密碼,因為該兩員皆忘了這個密碼,故有各錯誤輸入的狀態,以上屬於正常。

動作
複製連結
 #2

是由 Joy Liao13 天 前更新

  • 狀態Resolved-解决 變更為 Closed-關閉
動作
複製連結

匯出至 Atom PDF