Unauthorized Network Access Inspection

Ever wonder if someone is accessing your network without your knowledge? Maybe you’ve had a recent virus or security incident, and you’re curious if someone is using a new backdoor into your data. We’ve seen everything from ransomware to Bitcoin mining operations run in the background, without anyone’s knowledge.


We use a combination of automated and manual systems to continually monitor our clients’ systems for unexpected behavior, but if you’re feeling tech-savvy and want to perform a quick inspection yourself, or you want to double-check the thoroughness of your current IT provider, here are 15 things you can check on your own to look for obvious signs of intrusion:


  1. New user accounts, local or domain
  2. New software installed / new services or programs running
  3. Recent interactive logins from service accounts
  4. Users are recently added to Domain Administrators or Administrators groups
  5. Audit policy changes
  6. New user right assignments
  7. Local account authentication policy changes
  8. Local user account changes
  9. Local account enumeration
  10. Logon rights changes
  11. Local group membership changes
  12. Failed logon attempts
  13. Any attempt to logon as the Administrator account
  14. Firewall policy change
  15. New device attached to servers or the internal network


Want some help with these items? We have audit tools to help speed-up your inspection. Call us if you would like us to perform a snapshot security assessment, so we can share the data with you in an easy-to-digest summary and help identify suspicious activity.