Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 1: Identity is the New Perimeter

Published byClaire Lucinda Cross Modified over 6 years ago

Similar presentations

Presentation on theme: "Module 1: Identity is the New Perimeter"— Presentation transcript:

1 Module 1: Identity is the New Perimeter
Evolution of Identity Module 1: Identity is the New Perimeter Hasain “The Wolf” Alshakarti Trusted Cyber Security Advisor - TrueSec MVP: Cloud & Datacenter Mgmt - Enterprise Security @Alshakarti Marcus Murray Cyber Security Team Manager- TrueSec @marcusswede

2 Agenda – Module 1 Identity is the “NEW“ Security Boundary
Identity in Windows 10 and Windows Server 2016

3 Identity is the “NEW“ Security Boundary
Entry Lateral Movement Threat Actor Goal

4 Identity in Windows 10 & Windows Server 2016
Credential Guard & Remote Credential Guard Privileged Access Management Windows Hello for Business PowerShell Just Enough Administration

5 Module 2: Securing the On Prem Identity
Evolution of Identity Module 2: Securing the On Prem Identity Hasain “The Wolf” Alshakarti Trusted Cyber Security Advisor - TrueSec MVP: Cloud & Datacenter Mgmt - Enterprise Security @Alshakarti Fredrik “DXter” Jonsson Senior Security Advisor - Identitry

6 Agenda – Module 2 Hybrid Identities
Azure Active Directory integrations Privilege Access Management – JIT Shadow Forests for High Privileged Users Securing Privileged Access & Privileged Access Workstation

7 Hybrid Identities

8 Azure Active Directory integrations

9 Privilege Access Management JIT
An expiring Links Feature A user can be added to the group for just enough time required to perform an administrative task. The time-bound membership is expressed by a time-to-live (TTL) value that is propagated to a Kerberos ticket lifetime. KDC enhancements Restrict Kerberos ticket lifetime to the lowest possible time-to-live (TTL) value in cases where a user has multiple time-bound memberships in administrative groups. New Monitoring Capabilities Help you easily identify who requested access, what access was granted, and what activities were performed. Bastion Active Directory forest The bastion forest has a special PAM trust with an existing forest. It provides a new Active Directory environment that is known to be free of any malicious activity, and isolation from an existing forest for the use of privileged accounts. Shadow Security Principals (groups) The shadow security principals have an attribute that references the SID of an administrative group in an existing forest. This allows the shadow group to access resources in an existing forest without changing any access control lists (ACLs).

10 Shadow Forests for High Privileged Users

11 Securing Privileged Access & Privileged Access Workstation
LAPS Unique Local Admin Passwords for Workstations Unique Local Admin Passwords for Servers PAM Time-bound privileges (no permanent administrators) Multi-factor for time-bound elevation Just Enough Admin (JEA) for Maintenance Lower attack surface of important services Privileged Access Workstations

12 Module 3: Enabling Secure Cloud Access
Evolution of Identity Module 3: Enabling Secure Cloud Access Hasain “The Wolf” Alshakarti Trusted Cyber Security Advisor - TrueSec MVP: Cloud & Datacenter Mgmt - Enterprise Security @Alshakarti Fredrik “DXter” Jonsson Senior Security Advisor - Identitry

13 Agenda – Module 3 Single Sign On Identity Federation
Public Identity Providers Multi Factor Authentication External Users & Application Scenarios

14 Single Sign On

15 Identity Federation

16 Public Identity Providers

17 Multi Factor Authentication

18 External Users & Application

19 Module 4: Enabling Secure Mobile Access
Evolution of Identity Module 4: Enabling Secure Mobile Access Hasain “The Wolf” Alshakarti Trusted Cyber Security Advisor - TrueSec MVP: Cloud & Datacenter Mgmt - Enterprise Security @Alshakarti Fredrik “DXter” Jonsson Senior Security Advisor - Identitry

20 Agenda – Module 4 Intune, AAD & ADFS Web Application Proxy 2.0
Device Registration Access Control Policies

21 Intune, AAD & ADFS

22 Web Application Proxy 2.0

23 Device Registration

24 Access Control Policies

Download ppt "Module 1: Identity is the New Perimeter"

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Azure AD & Office 365 1. Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.

Azure AD & Office Logon with Username / Password 2. MFA challenge 3. Reply to MFA challenge -1-way or 2-way SMS -Phone call -Mobile Application.
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.

Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.

Scenario covered in this presentation Separate credential from on- premises credential Authentication occurs via cloud directory service Does not.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Chapter 7: WORKING WITH GROUPS

Chapter 7: WORKING WITH GROUPS
Single Sign-On with Microsoft Azure

Single Sign-On with Microsoft Azure
What is new in security in Windows 2012 or Dynamic Access Control Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security.

What is new in security in Windows 2012 or Dynamic Access Control Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.

Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Similar presentations

Ads by Google