There have been many blog postings lately on the value of salting passwords to prevent attackers from discovering the actual password values.  Salting is very effective tool when implemented properly to protect passwords, but the problems are bigger than salting the passwords.  Attackers are able to access the systems where the passwords are stored and once they own the system then they can pretty much do whatever they want to.  Most will take the entire credential database and try to break the encryption/hashing schemes.  In addition to that, a lot of credential stores also include various bits of information about the users that own the passwords.  Encrypting/hashing/salting passwords is not enough and corporations need to go the next step of not only treating these as highly sensitive crown jewels of the company, but putting the controls on these systems to prevent/thwart the attackers/attacks in the first place.

Everybody has firewalls, network IDS/IPS, access controls and some form of monitoring.  A majority of the time, however, attackers are getting in through well-meaning insiders via spam.  The trick is how to make your credential store as impermeable as possible from attack.  I suggest adding a good host IDS/IPS to your arsenal of defense.  A well implemented and managed host IPS can have the potential to prevent attackers from attacking a server with their myriad of tools and, in some cases, prevent an attacker from even seeing the contents of a server.  Keep in mind that while I suggest adding a good host IDS/IPS to your arsenal, it’s but a simple piece that can help amongst many other things that could be done.  Many companies are deploying host IDS/IPS as a means to protect critical systems such as Active Directories, but adding an active monitoring capability that increases your visibility (i.e., correlation and analytics) to activities going on within your networks can also boost the ability to identify, contain, and/or eradicate problems.