Taking Windows Security to the Next Level with Group Policy

Slides:



Advertisements
Similar presentations
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Advertisements

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Co- location Mass Market Managed Hosting ISV Hosting.
Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
30 Bad Habits of Server Administrators Orin Thomas M321.
Connect with life Connect with life
Windows Azure Connect Name Title Microsoft Corporation.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
demo Instance AInstance B Read “7” Write “8”
Virtualization Vision & Strategy Ben Armstrong M246.

customer.
demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
demo Demo.
demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z
projekt202 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks.
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

What’s the difference between a software developer and a lawyer? David Downs M114.
MIX 09 4/17/2018 4:41 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
O365 & AZURE ADDS Mladen Baranek, Miadria
Microsoft Virtual Academy
Build /4/2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Возможности Excel 2010, о которых следует знать
9/22/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Microsoft Ignite /17/ :47 PM
Title of Presentation 11/22/2018 3:34 PM
Azure AD Domain Services
Security in a Container based World
Microsoft Ignite /28/2018 8:58 AM
Office 365 and Azure Active Directory Premium
Title of Presentation 12/2/2018 3:48 PM
M318.
TechEd /11/ :54 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
TechEd /18/2019 2:43 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Overview: Dynamics 365 for Project Service Automation
TechEd /23/2019 7:16 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Building SaaS Solutions on Windows Azure
Microsoft Virtual Academy
8/04/2019 9:13 PM © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
One Marketing Template
DevOps Deep Dive / DevOps in action
SharePoint 2013 Authentication with Azure – Part 1
Windows 8 Security Internals
Виктор Хаджийски Катедра “Металургия на желязото и металолеене”
From Start to REST in 60 Minutes (DEV323)
WINDOWS AZURE A LAP AROUND PLATFORM THE Steve Marx
PENSACOLA ENERGY WORK PLAN OCTOBER 10, 2016
Passwordless Service Accounts
Title of Presentation 5/12/ :53 PM
Шитманов Дархан Қаражанұлы Тарих пәнінің
SharePoint 2013 Authentication with Azure – Part 2
Title of Presentation 5/24/2019 1:26 PM
5/24/2019 6:44 PM 1/8/18 Bell #10 In a world governed by the gods, is there any room for human will? Do human choices make a difference? EXPLAIN © 2007.
日本初公開!? Vista の新機能を実演 とっちゃん わんくま同盟 7/23/2019 9:09 AM
Pass-the-Hash.
Title of Presentation 7/24/2019 8:53 PM
TechEd /30/2019 7:18 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
What’s New in Visual Studio 2012 for Web Developers
WCL425 App Compat for Nerds Chris Jackson.
TechEd /21/2019 9:49 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Presentation transcript:

Taking Windows Security to the Next Level with Group Policy Alan Burchill M390

Agenda Pass the Hash (in 5 minutes) What’s changed with security in Group Policy? Managing local passwords (the new way)

Pass the Hash (PtH) Why should I care? 4

Pass-the-Hash Technique Fred’s Laptop Sue’s Laptop File Server Fred’s User Session Sue’s User Session User: Fred User: Sue Password hash: A3D7… Password hash: C9DF… Malware User Session User: Fred Malware User Session User: Sue User: Fred Hash:A3D7 User: Fred User: Sue Hash:C9DF Password hash: A3D7… Hash: A3D7 Hash: C9DF 1 2 3 Fred runs malware Malware infects Sue’s laptop as Fred Malware infects File Server as Sue

Typical Pass The Hash Attack Power: Domain Controllers Bad guy targets workstations en masse User running as local admin compromised, Bad guy harvests credentials. Bad guy uses credentials for lateral traversal Data: Servers and Applications Bad guy acquires domain admin credentials and associated privileges – privilege escalation Bad guy has direct or indirect access to read/write/destroy data and systems in the environment. Access: Users and Workstations

Tier Admin Access Tier 0 – Domain Admins Tier 1 – Server Admins TechEd 2013 4/25/2019 9:59 AM Tier Admin Access Tier 0 – Domain Admins Tier 1 – Server Admins Tier 2 – Workstation Admins Normal / Mortal Accounts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

TechEd 2013 4/25/2019 9:59 AM Tier Admin Access http://www.microsoft.com/en-us/download/details.aspx?id=36036 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Group Policy Preferences Passwords Were Bad http://blogs.technet.com/b/grouppolicy/archive/2009/04/22/passwords-in-group-policy-preferences-updated.aspx http://technet.microsoft.com/en-us/library/cc771917.aspx

What is a cPassword? Lightly obscure password stored in AD encrypted using 32bit DES that is readable by all authenticated users                                                                                    Decryption key is can be found at: http://msdn.microsoft.com/en-us/library/cc232587.aspx  

Configuring cPasswords via UI is now disabled MS14-025

Why should I care now? Metasploit “This module enumerates the victim machine's domain controller and connects to it via SMB. It then looks for Group Policy Preference XML files containing local user accounts and passwords and decrypts them using Microsofts public AES key.”

So how do I manage my local password? LAPS – Local Admin Password Service

LAPS DEMO

This all I have to do right? No! “Price of freedom is eternal vigilance” http://www.microsoft.com/en-us/download/details.aspx?id=36036

Related Ignite NZ Sessions Required Slide *delete this box once you have listed content that is related to your session. Speakers, please list the other Breakout Sessions that relate to your session. Also indicate where and when they can find you, to continue the discussion. If you’re going to be at Hub Happy Hour (5.30-6.30pm Wed and Thu, let them know) Related Ignite NZ Sessions 1 5 Azure Consistent Service Delivery Overview NZ1 Wed 10:00am Security and Assurance Overview NZ4 Fri 9:00am 6 What’s New in System Centre for Management NZ1 Fri 11:00am 2 Server Virtualisation Overview NZ2 Wed 1:30pm 3 Networking Overview SKYCITY Theatre Thu 11:00am Find me later at… Hub Happy Hour Wed 5:30-6:30pm Hub Happy Hour Thu 5:30-6:30pm Closing drinks Fri 3:00-4:30pm 4 Storage Overview SKYCITY Theatre Thu 3:30pm

Resources Microsoft Virtual Academy TechNet & MSDN Flash 4/25/2019 Microsoft Virtual Academy Resources TechNet & MSDN Flash Free Online Learning http://aka.ms/mva Subscribe to our fortnightly newsletter http://aka.ms/technetnz http://aka.ms/msdnnz Sessions on Demand http://aka.ms/ch9nz © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Complete your session evaluation now and win! 4/25/2019 9:59 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/25/2019 9:59 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.