How to Secure Active Directory (AD Tiering) - Tutorial 15 min

Подписаться 3,8 тыс.

Просмотров 19 тыс.

50% 1

A 15 minute tutorial about #ActiveDirectory (#Tiering) with Peter Löfgren, Senior Technical Architect and part of our #Truesec Incident Response Team, discussing the topic of how you can avoid getting exposed to #cyberattacks by protecting your credentials.
______
Unknown vulnerabilities and weaknesses in your IT environment will poses a large risk of being hit by a cyberattack. To ensure a secure infrastructure and staying ahead of threat actors, you need to identify vulnerabilities and create a secure infrastructure on all levels of your organization. Protecting your credentials is one of them. By understanding what cybercriminals can do with your credentials, you can also learn how to protect yourself and your environment.
You will learn about:
- Tiering, and administrative approach to keeping your credentials safe.
- What is pass-the-hash and pass-the-ticket.
- Stepping up your game with Authentication silos and Conditional Access.
_____
For Whom:
Tech Professionals, IT technicians, IT professionals, and for you working at an IT department interested in cyber security.
Stay updated on our Tech Talks here: www.truesec.com/stayupdated

Развлечения

Опубликовано:

21 мар 2022

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 28

@simon9740 2 года назад

A public version of the script would be awesome, thanks for the video

@user-ko6gy9sz8r Месяц назад

I think it's important to also note, that in a live environment - You can't just switch service accounts around. As there are dependencies. A Service Account is often used across of servers, which would after tiering be divided into Tier 0 and Tier 1. I like the overall idea here, it's something i implement myself and having a nice script to help is top notch! Though i must say in a operational structure, where u can't just go offline on servers etc, you need to analyze each server for URA (User Right Assignments) And figure out, if you break service accounts after GPO's are applied. Thanks for the video :)

@magnus8664 2 года назад

Is the script public?

@aleksandargelevski6617 Год назад

Great video - Is the script availble, how/where ?

@esmershikhamirli8280 Год назад

Is it possible to get the scripts? I haven't found any other resources for this

@50PullUps 5 месяцев назад

Comment section: if you simply obtained the script and applied the configs to your sandbox environment, your knowledge and skills will only suffer. Recreate the commands by slowly scrubbing through the video if you want to enhance your understanding. There are no shortcuts. Or just search online.

@BoFamille Год назад

Hi, great video, how can we have the template script, thanks ?

@malagicsa Месяц назад

Can you explain what will be tier 0, tier 1 servers... ? Great Video.

@user-ko6gy9sz8r Месяц назад

Tier 0 = Domain Controllers, PKI, ADFS, SCCM, SCOM, Exchange IDM/IAM, AAD Connect/Sync server, Backup and hypervisors. Tier 1 servers could be the rest of your server infrastructur. E.g., som SQL Servers, fileservers etc.

@netcc8 Год назад

Can I have the script? TX

@user-yd5qy4cv1u Год назад

Hello, would it be possible to have the script please?

@CP-ki1mf 11 месяцев назад

Great video. Can you share the script?

@TheFrenchStickman Год назад

Hi, thanks, can you share your script please ?

@somebodycommented 2 года назад

Whos the winner ? How to know ?

@sviluppodotnet Год назад

Can I have the script please?

@dcmediaproduction4920 Год назад

Is the scripts available? And where ? Thanks

@kevinokura7547 Год назад

It would be great if the script was shared. It would make the video more useful. @Truesec

@NunoSilva1975 9 месяцев назад

Can we have the scripts, thanks in advanced

@lucaskenter1263 Год назад

Great explanation, but.. Moving servers, drag n drop?! What is the expected impact on the working of the server? What happens when I move my DC’s to the tier 0 folder?

@TheWilsterman Год назад

You can't move DCs from built-in OU Domain Controllers, to tier 0 OU.

@MikaelNystrom 8 месяцев назад

Domain Controllers are never moved, they are still Tier 0 in the OU they are located

@doctorwhojr.2022 10 месяцев назад

Link to the script?

@ASUS61234 7 месяцев назад

Can you share your script please

@homayoonfayaz1241 Год назад

the script please, tnx

@IjOONAZ 4 месяца назад

Why do you even share video like this if you don't share the script you are using? O_o

@AlienWarTycoon 5 месяцев назад

Basically you went through all of the work of setting up a tiering system only to revert back to the classic "Domain Admin has access to everything" model. The point of tiering is to segment administrative access and not expose privileged accounts more than needed. You exposed the T0 accounts to risk by allowing them to log on to a potentially compromised workstation in an upper tier. Baaaaaad!