Privileged Access Management

Slides:



Advertisements
Similar presentations
So You Think Your Domain Controller Is Secure?
Advertisements

Access Control Chapter 3 Part 3 Pages 209 to 227.
Privileged Identity Management Enterprise Password Vault
Privileged Account Management Jason Fehrenbach, Product Manager.
1 The New Cyber Battleground: Inside Your Network Chad Froomkin Major Account Executive Southeast.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
Chapter 7 HARDENING SERVERS.
1 PUNCH PUNCH (Purdue University Network Computing Hubs) is a distributed network-computing infrastructure that allows geographically dispersed users to.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Single Identity – Multiple services how do I stay compliant? Wade Tongen NA Commercial SE.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.
Fraser Technical Solutions, LLC
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Introduction to Application Penetration Testing
Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.
©2011 Quest Software, Inc. All rights reserved. Patrick Hunter EMEA IDAM Team Lead 7 th February 2012 Creating simple, effective and lasting IDAM solutions.
GCSC July FIRE – User downloaded various free and demo media converter programs (as local admin) and was rootkitted. Detected by machine.
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
Attacking Applications: SQL Injection & Buffer Overflows.
Dale Smith COSC 4010 Computer Security Authentication & Security in the.NET environment.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam
OARN Database UPDATE – SEPTEMBER We’re Live – and Testing  The site is up and running in Google’s data centers:  The site has been secured: 
Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.
Microsoft Management Seminar Series SMS 2003 Change Management.
Brandon Traffanstedt Systems Engineer - Southeast
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
MIM/PAM Case Study Dean Guenther IAM Manager Washington State University May 2016 Copyright 2016, Washington State University.
SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll Diwakar Kumar Dinkar M.Tech, CS&E Roll
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
VCE IT Theory Slideshows
Stopping Attacks Before They Stop Business
Chapter 5 Electronic Commerce | Security Threats - Solution
Six Steps to Secure Access for Privileged Insiders and Vendors
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
Module 1: Identity is the New Perimeter
Chapter 5 Electronic Commerce | Security Threats - Solution
Six Steps to Secure Access for Privileged Insiders and Vendors
Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009
Darren Mar-Elia Head of Product
Chapter 3: Windows7 Part 4.
9/19/2018 2:49 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Enterprise security for big data solutions on Azure HDInsight
Capitalize on modern technology
Configuring and Deploying Just Enough and Just-In-Time Administration
11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Chapter 27: System Security
PRIVILEGED ACCOUNT ABUSE
Offices: DC, London, Sydney
مراجعه النظم Information Systems Audit
Brandon Traffanstedt Systems Engineer - Southeast
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
4/9/2019 5:05 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.
Intel Active Management Technology
Operating System Hardening
Taking Windows Security to the Next Level with Group Policy
O.S. Security.
Pass-the-Hash.
6. Application Software Security
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

Privileged Access Management Geoff Gottlieb ISSA Chapter Meeting 6/6/19

What is privileged access? Privileged accounts provide elevated, often unrestricted access to an organization's underlying information systems and technology, making them rich targets for both external and internal malicious actors. Often referred to as the "keys to the kingdom," these accounts have been used in successful attacks to gain access to corporate resources and critical systems (e.g., "crown jewels"), resulting in data breaches. NCCOE Practice Guide on Privileged Account Management (https://www.nccoe.nist.gov/projects/use-cases/privileged-account- management)

Keys to the Kingdom Domain administrators Unix/Linux root level administrators Firewall administrators Database administrators Server administrators Virtualization environment administrators

But what about…. Business users who run data queries Developers who have broad access to data Service accounts that have broad access to data and systems Application accounts that run web facing and other applications that have broad access to data and systems

How guarded is the kingdom? Do you allow remote administration from a user’s workstation? Do you allow database queries from a user’s workstation? Do you block anything between your user’s workstation and your infrastructure environment? Do all your servers have the same built-in administrator username/password?

Anthem Source: BankInfoSecurity (https://www.bankinfosecurity.com/new-in-depth-analysis-anthem-breach-a-9627)

Anthem Source: BankInfoSecurity (https://www.bankinfosecurity.com/new-in-depth-analysis-anthem-breach-a-9627)

This is actually easier than you think.. Bloodhound (https://posts.specterops.io/tagged/bloodhound)

Where do you start? Microsoft has a great white paper on where to start. They have skin in the game, but this guidance can be followed without purchasing anything https://docs.microsoft.com/en-us/windows- server/identity/securing-privileged-access/securing-privileged- access CyberArk is one of the leaders in the Privileged Access space. They also have a free discovery tool https://www.cyberark.com/privileged-access-security/ BeyondTrust & Thycotic – Other software players in the space

Where did we start? Multifactor authentication to the data warehouse Built-in server administrator accounts We used CyberArk EPV Microsoft LAPS is also available for free https://www.microsoft.com/en-us/download/details.aspx?id=46899 Domain Administrators – Password Vault Isolated privileged account Frequent rotation (Typically 12 hours after use) Other accounts with broad reach into the environment CyberArk Discovery & Assessment

Where are we going? Workstation environment separate from data center All system administration and distributed development performed via privileged accounts Admin sessions isolated so privileged passwords are not stored on the workstation (Privileged Session Manager) More multifactor authentication for more users Application and service account password rotation Detection for Pass the Hash and Pass the Ticket

Questions?