Presentation is loading. Please wait.

Presentation is loading. Please wait.

Russell Rice Senior Director, Product Management Skyport Systems

Published byDayna Shepherd Modified over 9 years ago

Similar presentations

Presentation on theme: "Russell Rice Senior Director, Product Management Skyport Systems"— Presentation transcript:

1 Best Practices to Protect Active Directory and other Critical IT Applications
Russell Rice Senior Director, Product Management Skyport Systems February 11, 2016

2 Critical IT Systems Identity and Authentication
Active Directory / Kerberos / SAML Network Support Services DNS / IPAM / RADIUS Infrastructure Management VM Management / App Cluster Management Automation / DevOps Puppet / Chef / SW Distribution

3 Keys to the Kingdom VM Orchestration Network Config Users & Data DNS
Active Directory VM Controller Software Dist DevOps/ SDN VM Orchestration Network Config Users & Data

4 Common Techniques to Compromise Infrastructure
EXPLOIT Steal Admin Credentials Remotely Exploitable Vulnerabilities Spoof & MITM (ex: DNS Cache Poisoning)

5 AD Threat #1: Admin Credential Theft
Admin Workstation 2 Compromise admin system via phishing/etc Steal cached AD server admin credential Attacker 3 Login to DC, compromise system, get golden ticket Active Directory

6 Nightmare Scenario: Stolen AD Credential DB
1 2 3 AD DC is compromised Credentials siphoned to innocuous compromised “staging” system Credentials send to attacker’s over approved comms path AD Database / SYSVOL Comprised intermediate “staging” system Attacker’s system How do you know your AD database has not been exfiltrated? Validate & make it look good Do we want to show the FW being bypassed in step 3?

7 Break the Cyber Kill Chain
Infiltrate Control Exfiltrate Recon Disrupt external scans, enforce strict microsegmentation Verify and update system security & patch posture Reduce attack surface area: block unauthorized connections and malware insertion Verify infrastructure and application / VM integrity Secure privileged access with credential management (OS & app) Ensure a forensic audit trail of admin and events in a tamper-proof log Stop exfiltration of covert or unauthorized channels Encrypt in motion and at rest data an executable

8 Microsoft: Securing Privileged Access Protect Active Directory
Attack Defense Adversaries gain control of privileged access using a variety of methods Mitigating this risk requires a holistic and detailed technical approach Microsoft recommends a roadmap: Quickly mitigate most frequently used attack techniques Build visibility and control of admin activity Continue building defenses to a more proactive security posture Credential Theft & Abuse Prevent Escalation Prevent Lateral Traversal Increase Privilege Usage Visibility DC Host Attacks Harden DC Configuration Reduce DC Agent Attack Surface AD Attacks Assign Least Privilege Attacker Stealth Detect Attacks

9 Secure AD Administrative Enclave “ESAE” or “Red Forest”
Production Forest Red Forest Physical Vault Domain Users Tier 2 Domain Servers Tier 1 Domain Control Tier 0 RO Prod DC Server SAW Production Forest SAW Red Forest SAW Domain Controller Domain Controller

10 Application Security Guides: The Fine Print
Active Directory vCenter

11 Best Practices for Securing Critical IT Systems
Network Security Microsegmentation Per-VM Firewall Policy Traffic visualization & audit Prevent data exfiltration Diagnostics and forensics Secure the Application Secure the Communication Platform Security Trusted Hardware Platform Remote management & telemetry Systems lifecycle mgmt & audit Policy lifecycle mgmt & audit Secured administrative access Secure the Platform

12 Protect All Levels of the Platform Stack
Ctrl/Mgmt Plane Protect against insider threat Protect against infrastructure attacks Defend against credential compromise attacks Defend against data exfiltration Protect against protocol level attacks Protect against lateral attacks Protect against covert channels VM Environment (Compartment) Hypervisor & OS Protect against hypervisor break-out attacks Protect against OS and process-level attacks Firmware Protect (and remediate) against firmware compromise Integrity verification (TPM or equiv) Hardware Protect against physical attacks Trusted platform for anchor of trust

13 Services are a Mandatory Ingredient
Authentication / Secure Enclave HSM Key Mgmt Credential Mgmt Remote Attestation Security Data Warehouse Policy & Management

14 Ultimate Goal: Private DMZ per VM with a Clean Source
Network Zone-Based DMZ DMZ Network Zone Coarse grain protection for the entire zone No protection between systems in DMZ Complex integration and management Per-VM DMZ Private DMZ with custom protections per VM Trusted compute for a Clean Source Must be easy to operate and scale DMZ VM Security Controls DMZ VM DMZ VM

15

Download ppt "Russell Rice Senior Director, Product Management Skyport Systems"

Similar presentations

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.
Internet of Things Security Architecture

Internet of Things Security Architecture
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Learning to Live with an Advanced Persistent Threat

Learning to Live with an Advanced Persistent Threat
{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 

{ Best Practice Why reinvent the wheel?.   Domain controllers   Member servers   Client computers   User accounts   Group accounts   OUs 
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
The Security Network Track # 2, Panel #3 Presented by John C. Deal Erik Visnyak October 6, 2009 CyberSecurity for the GIG; a historical perspective.

The Security Network Track # 2, Panel #3 Presented by John C. Deal Erik Visnyak October 6, 2009 CyberSecurity for the GIG; a historical perspective.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker.

ASSUME BREACH PREVENT BREACH + Research & Preparation First Host Compromised Hours Domain Admin Compromised Data Exfiltration (Attacker.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.

RSA Approach for Securing the Cloud Bernard Montel Directeur Technique RSA France Juillet 2010.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep

Similar presentations

Ads by Google