8-step Guide to Administering Windows without Domain Admin Privileges
•
2 recomendaciones•2,332 vistas
In this presentation from his highly popular webinar, Windows security expert, Russell Smith, explains how to effectively administer Windows systems without using privileged domain accounts, enabling you to drastically reduce your organization’s threat surface.
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a 8-step Guide to Administering Windows without Domain Admin Privileges
Similar a 8-step Guide to Administering Windows without Domain Admin Privileges (20)
Más de BeyondTrust
Más de BeyondTrust (20)
Último
Último (20)
8-step Guide to Administering Windows without Domain Admin Privileges
- 1. 8-Step Guide to Administering Windows Without Domain Admin Privileges Presenter: IT Security Consultant Russell Smith @smithrussell
- 4. Do you issue IT staff with domain admin privileges?
- 5. Privileged access = Increased RISK
- 6. Risks Associated with Privileged Account Use ▪ Malware, viruses, and ransomware ▪ Pass-the-Hash and Pass-the-Token attacks ▪ Brute-force attacks ▪ Unsanctioned configuration changes ▪ Ability to disable security defences ▪ Data leakage ▪ Privilege abuse
- 7. Privileged Accounts Not Required ▪ Everyday AD management tasks ▪ Connecting to remote devices using Remote Desktop ▪ Using PowerShell Remoting ▪ Managing end-user devices ▪ Managing servers
- 8. 1. Enforce Separation of Administration
- 10. Separate Roles DC DNS DHCP Exchange File server
- 11. 2. Enforce Least Privilege by Limiting Privileged Group Membership
- 12. Enforce Least Privilege by Limiting Privileged Group Membership Domain Admins Enterprise Admins Schema Admins
- 13. Enforce Least Privilege by Limiting Privileged Group Membership Domain Admins Enterprise Admins Schema Admins
- 14. Enforce Least Privilege by Limiting Privileged Group Membership Domain Admins Enterprise Admins Schema Admins Backup Operators Print Operators Group Policy Owner Creators Read-only Domain Controllers Server Operators BUILTINAdministrators Cryptographic Operators Account Operators Domain Controllers
- 15. 3. Fine-Grained User/Privileged User Account Management
- 16. Privileged User Account Management Domain Admins Enterprise Admins Schema Admins Custom OU
- 17. Privileged User Account Management Domain Admins Enterprise Admins Schema Admins Custom OU
- 18. Delegation of Control Wizard (ADUC)
- 19. Delegation of Control Wizard (ADUC) Remote Server Administration Tools (RSAT) Standard user managing Active Directory
- 20. 4. Manage Administrative Access to End-User Devices
- 21. Group Policy Preferences or Restricted Groups Policy
- 22. 5. Manage Privileged Access to Servers
- 23. Local Administrator Password Solution (LAPS) Active Directory
- 24. Manage Privileged Access to Servers AD group 'Server 1' AD group 'Server 2' AD group 'Server 3'
- 25. Manage Privileged Access to Servers AD group 'Server 1' AD group 'Server 2' AD group 'Server 3' BUILTIN Admini strators BUILTIN Admini strators BUILTIN Admini strators
- 26. 6. Leverage PowerShell Just Enough Administration
- 27. Leverage PowerShell Just Enough Administration PowerShell Remoting ServerManagement PC Default Endpoint Groups: Administrators, Remote Management Users Exposes all cmdlets, modules, and functions
- 28. Leverage PowerShell Just Enough Administration PowerShell Remoting ServerManagement PC Constrained Endpoint Groups: Any Limited cmdlets, modules, and functions Per-session JEA account (optional)
- 29. 7. Use Privileged Access Management Across Domain Controllers
- 30. Leverage PowerShell Just Enough Administration ▪ Privileged Access Management (PAM) ▪ Tiered AD administration ▪ Privileged Access Workstations (PAWs)
- 31. Privileged Access Management in Windows Server 2016
- 32. TIER 0 Privileged Access Workstations PAW PAW PAW DC RSAT
- 33. 8. Enable WSUS and Centralize Events
- 34. TIER 0 Windows Server Update Services (WSUS) WSUS DC
- 35. Windows Event Forwarding Collector DC TIER 0 TIER 1
- 36. PowerBroker for Windows Jason Silva Product Manager
- 37. Who is BeyondTrust? EXPERIENCED Prevents privilege abuse and stops data breaches for 4,000+ customers worldwideCOMPLETE PAM SOLUTION Integrated privilege & vulnerability management, threat & behavioral analytics LEADER Gartner, Forrester, KuppingerCole
- 38. BeyondTrust Stops the Cyber Attack Chain • Reduce attack surfaces by eliminating credential sharing, enforcing least privilege, and prioritizing and patching system vulnerabilities • Monitor and audit sessions for unauthorized access, changes to files and directories, and compliance • Analyze behavior to detect suspicious user, account and asset activity
- 39. Endpoint Privilege Management Remove excessive user privileges and control applications on endpoints WINDOWS | MAC Enterprise Password Security Provide accountability and control over privileged credentials and sessions APPS | DATABASES | DEVICES SSH KEYS | CLOUD | VIRTUAL Server Privilege Management Control, audit and simplify access for DevOps and business-critical systems UNIX | LINUX | WINDOWS ASSET & ACCOUNT DISCOVERY THREAT & VULNERABILITY INTELLIGENCE & BEHAVIORAL ANALYTICS REPORTING & CONNECTORS POLICY & ACTION RESPONSE THE POWERBROKER PRIVILEGED ACCESS MANAGEMENT PLATFORM BeyondInsight
- 40. Comprehensive Windows Privilege Management Dynamic Access Policy Comprehensive Least Privilege Privileged Threat Analytics Remote System & Application Control Auditing & Governance File & Policy Integrity Monitoring Privilege Management Best Practices
- 42. Quick Poll + Q&A Thank you for attending!