4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Slides:



Advertisements
Similar presentations
Managing User, Computer and Group Accounts
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 12 Network Security.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Understanding Active Directory
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
PCIT numbers/?_php=true&_type=blogs&_php=true&_type=blogs&_php=true&_type=blogs&_php=true&_type=blogs&_r=5&
Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Week #7 Objectives: Secure Windows 7 Desktop
Chapter 7: WORKING WITH GROUPS
Designing Active Directory for Security
Module 14: Configuring Server Security Compliance
Module 7: Fundamentals of Administering Windows Server 2008.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Security Planning and Administrative Delegation Lesson 6.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
Module 7 Active Directory and Account Management.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Module 3 Configuring File Access and Printers on Windows ® 7 Clients.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Module 6: Designing Security for Network Hosts
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Module 7 Planning and Deploying Messaging Compliance.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: MCSE - MCT.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Module 7: Implementing Security Using Group Policy.
Module 10: Implementing Administrative Templates and Audit Policy.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Module 7: Designing Security for Accounts and Services.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Basharat Institute of Higher Education
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
Configuring Windows Firewall with Advanced Security
Securing the Network Perimeter with ISA 2004
Determined Human Adversaries: Mitigations
Unit 27: Network Operating Systems
Lesson 16-Windows NT Security Issues
Contact Center Security Strategies
Securing Windows 7 Lesson 10.
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Determined Human Adversaries: Mitigations
Designing IIS Security (IIS – Internet Information Service)
6. Application Software Security
Presentation transcript:

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Pass the Hash Whitepaper v2 4/17/2017 Pass the Hash Whitepaper v2 CDP-B241 Patrick Jungles, TwC Mark Simos, MCS © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Takeaways 1 2 3 Apply Mitigations 1-3 Upgrade hosts and domain 4/17/2017 Takeaways Apply Mitigations 1-3 1 Upgrade hosts and domain 2 3 Build full defenses (IPDRR) © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Agenda Credential theft attacks Review previous mitigations Strategies: Identify, Protect, Detect, Respond, Recover New features and platform updates Scenarios

Assume breach “There are two types of companies today, those that have been hacked and those that don’t know they’ve been hacked.” 1 Assumption of breach represents a maturing of defenses to meet this reality and shifts the focus from “if” to “when” an attacker gets inside an organization’s network. 1. http://bits.blogs.nytimes.com/2013/04/22/the-year-in-hacking-by-the-numbers

Problem Get Credentials Social engineering and phishing schemes are used to trick personnel and obtain credentials. Most organizations do not recognize when attackers are already within the network and have access to information such as emails, confidential documents and other intellectual property. Get Data The attack doesn’t stop there. Attackers look for the next set of credentials with elevated permissions to access servers. Once elevated credentials are obtained and servers are compromised, organizations risk losing revenue, brand reputation and business continuity. Get Control The ultimate goal of the attacker may be to gain access to the domain controllers, the central clearing hub for all credentials and identities. Once compromised, an attacker has complete control over an entire organization. All assets, intellectual property, physical property and personal information are in jeopardy.

Mitigation 1 - Restrict and protect high privileged domain accounts 4/17/2017 Mitigation 1 - Restrict and protect high privileged domain accounts Objective How Outcome This mitigation reduces the risk of administrators from  inadvertently exposing privileged credentials to higher risk computers.  Restrict DA/EA accounts from authenticating to lower trust computers Provide admins with accounts to perform administrative duties Assign dedicated workstations for administrative tasks. Mark privileged accounts as “sensitive and cannot be delegated” Do not configure services or schedule tasks to use privileged domain accounts on lower trust computers An attacker cannot steal credentials for an account if the credentials are never used on the compromised computer. Addition of authentication policies © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Built-in SIDs for local accounts and local administrators 4/17/2017 Mitigation 2 - Restrict and protect local accounts with administrative privileges Objective How Outcome This mitigation restricts the ability of attackers to use local administrator accounts or their equivalents for lateral movement PtH attacks. Enforce the restrictions available in Windows Vista and later versions, preventing local accounts from being used for remote administration. Explicitly deny network and Remote Desktop logon rights for all administrative local accounts. Create unique passwords for local accounts with administrative privileges. An attacker who successfully obtains local account credentials from a compromised computer will not be able to use those credentials to perform lateral movement on the organization's network. Built-in SIDs for local accounts and local administrators © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Mitigation 3 - Restrict inbound traffic using the Windows Firewall 4/17/2017 Mitigation 3 - Restrict inbound traffic using the Windows Firewall Objective How Outcome This mitigation restricts the ability of attackers from initiating lateral movement from a compromised workstation by blocking inbound connections. Restrict all inbound connections to all workstations except for those with expected traffic originating from trusted sources, such as helpdesk workstations, security compliance scanners and servers. An attacker who successfully obtains any type of account credentials will not be able to connect to other workstations. No technical changes © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Strategies Identify high-value assets Protect against known and unknown threats Detect PtH and other related attacks Respond to suspicious activity Recover from breach

Identify Current environment Identify high-value assets 4/17/2017 Identify Current environment Identify high-value assets Consider attacker mindset Baseline normal behavior © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Protect Against known and unknown threats 4/17/2017 Protect Against known and unknown threats Architect a complete credential theft defense Consider usability a security feature © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Protect Create hardened and restricted administrative hosts 4/17/2017 Protect Create hardened and restricted administrative hosts Develop a containment strategy © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Detect PtH and related attacks Collect and correlate events 4/17/2017 Detect PtH and related attacks Focus on high-value assets Monitor Event IDs of interest Collect and correlate events © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Respond To suspicious activity 4/17/2017 Respond To suspicious activity Regularly update protection and detection mechanisms Closely observe affected hosts Ensure attack vectors are properly addressed Follow up on lessons learned © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Regain control over accounts Recover Account compromise Regain control over accounts Change compromised account passwords or Disable an account and remove group memberships Considerations: • Only effective against future authentication • Offline attackers can still use cached logon pv • Attacker may be able to re-obtain password • Attacker may persist using malware in user context

Consider professional incident response services Recover Domain compromise Tactical Recovery Strategic Recovery A short-term operation designed to disrupt a known adversary operation Useful intelligence on the adversary presence Stealth operation that the adversary is unaware of Properly scoped defender operation A long-term plan that consists of multiple operations focused on recovering integrity at a high assurance level • Risk of migration • Risk of coexistence • Planned end state Consider professional incident response services

Platform updates Core platform changes (automatically on) 4/17/2017 Platform updates Core platform changes (automatically on) Features Description AVAILABLE ON Windows 7 / Windows Server 2008 R2 AVAILABLE ON Windows 8 / Windows Server 2012 AVAILABLE ON Windows 8.1 / Server 2012 R2 REQUIRES DOMAIN UPGRADE Windows Server 2012 R2 Domain Functional Level Remove LAN Manager (LM) hashes and plaintext credentials from LSASS LAN Manager legacy hashes and (reversibly encrypted) plaintext passwords are no longer stored in LSASS Enforce credential removal after logoff New mechanisms have been implemented to eliminate session leaks in LSASS, thereby preventing credentials from remaining in memory Logon restrictions with new well-known security identifiers (SIDs) Use the new SIDs to block network logon for local users and groups by account type, regardless of what the local accounts are named © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Platform updates Configurable Features 4/17/2017 Platform updates Configurable Features Features Description AVAILABLE ON Windows 7 / Windows Server 2008 R2 AVAILABLE ON Windows 8 / Windows Server 2012 AVAILABLE ON Windows 8.1 / Server 2012 R2 REQUIRES DOMAIN UPGRADE Windows Server 2012 R2 Domain Functional Level Restricted Admin mode for Remote Desktop Connection The Remote Desktop application and service have been updated to support authentication without providing credentials to the remote host Protected Users security group The new Protected Users security group enables administrators to restrict authentication to the Kerberos protocol only for group members within a domain Authentication Policy and Authentication Policy Silos New Authentication policies provide the ability to restrict account authentication to specific hosts and resources © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Credentials in memory 4/17/2017 ~ Only if installed ** Off by default on Windows 8.1 and Windows Server 2012 R2 * Off by default Adapted from: Benjamin Delpy LSASS security improvements #windows8.1 https://twitter.com/gentilkiwi/status/352557093640892416/photo/1 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Sample scenarios Recommendations Helpdesk Domain administration 4/17/2017 Sample scenarios Recommendations Helpdesk Domain administration Operations and service management Service accounts Business group isolation Bring your own device (BYOD) Separate administrative accounts from user accounts Use hardened and restricted hosts Limit exposure of administrative credentials RDP /RestrictedAdmin Tools that only use network logon (Type 3) Add accounts to Protected Users security group (if Kerberos only is feasible) Create authentication policies and silos (if protected users is feasible) © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Sample scenarios Recommendations Domain administration 4/17/2017 Sample scenarios Recommendations Helpdesk Domain administration Operations and service management Service accounts Business group isolation Bring your own device (BYOD) Reduce privileges and privilege use Only use DA/EA for DC Maintenance and Delegation Separate administrative accounts from user accounts Use hardened and restricted hosts Strengthen authentication assurance Implement security monitoring Add accounts to Protected Users security group (if Kerberos only is feasible) Create authentication policies and silos (if protected users is feasible) © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Sample scenarios Recommendations Service accounts Helpdesk 4/17/2017 Sample scenarios Recommendations Helpdesk Domain administration Operations and service management Service accounts Business group isolation Bring your own device (BYOD) Grant the least privilege Never add to Domain Admins or Enterprise Admins Use managed service accounts Change passwords regularly Strengthen authentication assurance Monitor service account activity Contain credential exposure © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Sample scenarios Considerations Business group isolation Helpdesk 4/17/2017 Sample scenarios Considerations Helpdesk Domain administration Operations and service management Service accounts Business group isolation Bring your own device (BYOD) Define Use Cases Use hardened and restricted hosts Restrict account logons Consider blocking Internet access Do not share accounts or passwords Ensure unique local administrative passwords on workstations and servers © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Sample scenarios Considerations Bring your own device (BYOD) Helpdesk 4/17/2017 Sample scenarios Considerations Helpdesk Domain administration Operations and service management Service accounts Business group isolation Bring your own device (BYOD) Define use cases and policies Ensure risks are understood and accepted Do not use BYOD devices for administration Ensure that high business impact (HBI) data is not being stored on these devices No shared password for corporate and personal accounts No use of privileged service accounts on BYOD devices Deploy available security policies Isolate network access Create response/recovery strategies © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Next steps 1 2 3 Implement strategies Apply scenario guidance Identify and implement quick wins Implement mitigations 1,2 and 3. Restrict DA/EA and other privileged accounts Deny network logon to local accounts and groups Restrict inbound access using the Windows Firewall Manage with RDP /RestrictedAdmin Remove service account privileges (e.g. Domain Admins) Adopt Protected Users and Auth Policies

http://www.microsoft.com/PtH 4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

References Credential Theft Portal http://www.microsoft.com/PTH Tech Ready 15 4/17/2017 References Credential Theft Portal http://www.microsoft.com/PTH NIST Framework http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf Credential Theft Mitigation (CTM) Solutions - http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B213 Update to Improve Credentials Protection and Management https://technet.microsoft.com/en-us/library/security/2871997.aspx © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Resources Learning TechNet Developer Network 4/17/2017 Resources Sessions on Demand http://channel9.msdn.com/Events/TechEd Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Developer Network http://developer.microsoft.com © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

For more information Windows Server System Center Azure Pack Windows Server Technical Preview http://technet.microsoft.com/library/dn765472.aspx Windows Server System Center System Center Technical Preview http://technet.microsoft.com/en-us/library/hh546785.aspx Azure Pack http://www.microsoft.com/en-us/server-cloud/products/ windows-azure-pack Microsoft Azure http://azure.microsoft.com/en-us/ Come visit us in the Microsoft Solutions Experience (MSE)! Look for the Cloud and Datacenter Platform area TechExpo Hall 7

Azure Exams EXAM 532 Developing Microsoft Azure Solutions Implementing Microsoft Azure Infrastructure Solutions EXAM 533 (Coming soon) Architecting Microsoft Azure Solutions EXAM 534 http://bit.ly/ Azure-Cert + Classroom training (Coming soon) Microsoft Azure Fundamentals MOC 10979 MOC 20532 Developing Microsoft Azure Solutions Implementing Microsoft Azure Infrastructure Solutions MOC 20533 2 5 5 http://bit.ly/ Azure-Train Online training (Coming soon) Microsoft Azure Fundamentals MVA (Coming soon) Architecting Microsoft Azure Solutions MVA http://bit.ly/ Azure-MVA Get certified for 1/2 the price at TechEd Europe 2014! http://bit.ly/ TechEd-CertDeal

Please Complete An Evaluation Form Your input is important! 4/17/2017 Please Complete An Evaluation Form Your input is important! TechEd Mobile app Phone or Tablet QR code TechEd Schedule Builder CommNet station or PC © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Evaluate this session 4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.