Domain Admins Best Practices
-
Upload
adriana-perez -
Category
Documents
-
view
227 -
download
0
Transcript of Domain Admins Best Practices
-
8/20/2019 Domain Admins Best Practices
1/20
beyondtrust
Presenter:
Russell Smith
-
8/20/2019 Domain Admins Best Practices
2/20
“
”
beyondtrust
@smithrussell
-
8/20/2019 Domain Admins Best Practices
3/20
“
”
beyondtrust
www.packtpub.com
-
8/20/2019 Domain Admins Best Practices
4/20
“
”
beyondtrust
-
8/20/2019 Domain Admins Best Practices
5/20
beyondtrust
Are part of the attack surface
Hold the keys to your kingdom Can elevate to schema or enterprise
administrator
Not required for server or
workstation admin tasks
-
8/20/2019 Domain Admins Best Practices
6/20
beyondtrust
Pass-the-Hash attacks
Cached credentials
Security Accounts Manager
(SAM) database
Unsanctioned changes
-
8/20/2019 Domain Admins Best Practices
7/20beyondtrust
1. Isolate domain controllers2. Delegate AD Privileges
3. Use RSAT or PowerShell for
administration
-
8/20/2019 Domain Admins Best Practices
8/20beyondtrust
Use JiT administration
Automate updates using WSUS or
System Center
Forward event logs
Delegate other NT rights
-
8/20/2019 Domain Admins Best Practices
9/20beyondtrust
Delegate access using the
Administrators or Remote Desktop
Users group
Use Group Policy Restricted Groups
or Group Policy Preferences
-
8/20/2019 Domain Admins Best Practices
10/20beyondtrust
Assign only the cmdlets, parameters and
functions required Provision JEA toolkits (PowerShell endpoints)
Unique JEA local administrator account
RunSpaceID and date/time logged in
ActivityLog.csv
-
8/20/2019 Domain Admins Best Practices
11/20
beyondtrust
RunSpaceID matches against username in
Executing Pipeline event (Microsoft-
Windows-PowerShell/Operational log)
AD account can be used to perform off-server
tasks
-
8/20/2019 Domain Admins Best Practices
12/20
beyondtrust
-
8/20/2019 Domain Admins Best Practices
13/20
1 3
13
PowerBroker for WindowsJason Silva, Product Manager
© 2015 BeyondTrust Software
-
8/20/2019 Domain Admins Best Practices
14/20
1 4
14
Introducing PowerBroker for Windows
Endpoint solution thatenforces least privilege
access acrossphysical and virtualMicrosoft Windowsdesktops and serversefficiently, withoutdisrupting userproductivity.
-
8/20/2019 Domain Admins Best Practices
15/20
1 5
15
PowerBroker for WindowsElevate Applications, Not Users
► Remove administrator privileges from
users without hampering productivity
► Ensure only authorized softwareinstalls, updates & system changes
► Elevate the application or task, not the
user, to limit malware exposure (e.g.,
pass-the-hash)
Minimally Invasive, Intuitive UI forContext-Aware Risk Insights
► Automatic correlation of events to the
Retina Vulnerability Database
► Wizard-driven rule creation and
targeting of specific assets and users
for policy and rule creation; automaticpolices based on events
-
8/20/2019 Domain Admins Best Practices
16/20
1 6
16
PowerBroker for Windows Monitoring Capabilities
•
Privileged Application Launches – UAC Prompts, Rules Matched, Request Elevation
• Windows Event Log Monitoring
– Windows Application, System, and Security Logs
• File Integrity Monitoring
– Monitor Files and Directories by User / Group
• Session Monitoring
–Screen Captures and Keystroke Logging of Privileged Access
-
8/20/2019 Domain Admins Best Practices
17/20
1 7
17
Retina
Vulnerability Management
NetworkInfra-
structure
MobileServers &
Desktops
Applications&
Databases
Virtual &
Cloud
Network Security
Scanner
Web Security
Scanner
BeyondSaaS
Cloud-Based
Scanning
Enterprise
Vulnerability
Management
PowerBroker
Privileged Account Management
NetworkInfra-
structure
Active
Directory/
Exchange/
File Sys
Servers &
Desktops
Applications&
Databases
Virtual &
Cloud
Privileged
Password
Management
Auditing &
Protection
Active Directory
Bridging
Privilege
Management
BeyondInsight IT Risk Management Platform
-
8/20/2019 Domain Admins Best Practices
18/20
1 8
18
DemonstrationPowerBroker for Windows
-
8/20/2019 Domain Admins Best Practices
19/20
1 9
19
Quick Poll
© 2015 BeyondTrust Software
-
8/20/2019 Domain Admins Best Practices
20/20
2 0
20
Thank you for attending.
© 2015 BeyondTrust Software