The main function of Active Directory is to enable administrators to manage permissions and control access to network resources. It provides:

• Centralized resources and security administration.

• Single logon for access to global resources.

• Simplified resource location.

​What can it do?

Active Directory (AD) is a database and set of services that connect users with the network resources they need to get their work done.

In Active Directory, data is stored as objects, which include users, groups, applications, and devices, and these objects are categorized according to their name and attributes.

​What is AD?

Active Directory (AD)

Domain Controller

​What is it?

A domain controller (DC) is a server that manages security requests for a network and identity. It authenticates users and ensures that only authorized users can access network resources

• A Domain controller should have what is needed to run the domain controller (AD, DNS, etc)

• ​Other services such as routing, mail, etc should be installed on separate servers

• Only the mail server should have SMTP (Port 25) accessible

​Examples

• Reduces the likelihood that a server compromised by malicious actors will pose a security risk to other servers

  thereby reducing the attack surface

• If one server goes down you don't lose the whole infrastructure

Installing multiple services across multiple services

Separation of Services

• Remove or disable unnecessary accounts

• Unplug peripherals when not in use

• Uninstall apps not in use

• Disable services not in use

• Remove unnecessary accounts

• ​Move servers to their own subnet.

• Remove Unsecure Protocols

• Close Unused Ports

strengthening the security of a network component by reducing its attack surface (total of all potential vulnerabilities on a device)

Hardening

​Server Hardening

​Device Hardening

go to Server Manager ---> Manage --> Add Roles and Features --> click next until you get to Server Roles --> make sure that none of the unsecure protocols are selected.

​Secure the Server

• FTP - File Transfer (use SFTP instead)

• Telnet (use SSH instead)

• PAP - Password Authentication Protocol

​Unsecure Protocols

Unsecure Protocols

​Unencrypted protocols which transmit in plain text

​Updating Devices

• Security update - used to patch app vulnerabilities

• ​Critical update - patches OS vulnerabilities

• Hotfix - quick fix for a severe problem

• Update apps, malware (especially definitions), OS

​Making sure a device or app always has the latest patches.

Patch Management

Types of Patches

• Windows update - tool used to manage updates automatically or manually on a Windows device

• ​WSUS - Windows Server Update Service can be used to push out updates (corporate environment)

• SCCM - System Center Configuration Manager can push out updates (corporate)

• Server Manager --> DNS --> right click Domain --> Properties --> General tab --> Dynamic updates: Secure only

• Now in order to write records to the DNS server domain you must be a member of the AD domain.

​Securing in Windows Server

• The DNS server resolves domain names (i.e. google.com) to IP address (i.e. 8.8.8.8)

• ​Ensure that those outside the domain cannot update DNS records. (DNS poisoning/spoofing)

​Domain Name Server

Securing the DNS Server

• Uses less bandwidth.

• ​Prevents unwanted or unauthorized changes to the Active Directory (AD) database.

​Benefits

• Domain controllers with read-only copies of Active Directory

• ​Updates are controlled and pushed down from a full domain conroller

​What is a RODC?

RODC: Read-Only Domain Controller

• Antivirus program included with Windows

• ​Update can me updated automatically or manually.

• Provides history of updates

​Windows Defender

• Make sure to keep definitions updated

• ​Definitions are files that have latest information on the latest malware.

​Update Definitions

Antivirus/Antimalware/Antispyware

• UAC is a Windows tool that helps prevent potentially harmful programs from a making changes to your computer.

• ​Control Panel --> User Accounts --> Change UAC settings

​User Account Control (UAC)

• Group Policy - Software Restriction policy

• ​Device Guard - application whitelisting (allowed)

• Third-party restriction software

​3 ways to Protect

Unwanted Installation Protection

​Protect against unwanted software installation

User Account Control (UAC)

• Control Panel --> Sync Center --> Manage Offline Files --> Encryption tab ---> Encrypt

• So we can encrypt offline files using Sync Center and online files using EFS

​How to manage

• Allows you to connect to a network and retrieve copies of files from a network drive you can use and work with offline

• ​Files automatically synchronize when you reconnect to the network

​Offline Files

Managing Offline Files

Encrypt files when working away from the network

Applocker sets more specific rules for what can be or cannot be installed.

Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Application Control Policies --> Applocker

​Using Applocker

Windows Server Dashboard --> Group Policy Management --> right click Default Domain Policy --> Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Software Restriction Policies --> Action ---> New Software Restriction Policies
By default no software restriction policies are defined

​Using Group Policy

Software Restriction Policies