January 2013 - Securing and Auditing Windows Active Directory Domains

Topic

In this two-day, instructor-led demo seminar, you will gain the skills you need to evaluate, configure, manage, optimize, audit, and secure key aspects of a Windows Active Directory enterprise. You will find out how to secure Active Directory and the essential components of the related network services. You will learn how to evaluate which security controls to focus on; how to collect information using built-in tools and industry recognized tools; how to select which computers to audit, as well as how to audit them efficiently; and how to gather, analyze, research, and report your security audit findings.

You will discover how to quickly extract the evidence you need without wearing out your computer’s print-screen button or monopolizing your administrator’s time. You will determine which controls are important to review at each level, including forests, Domain Administrators group, domain controllers, organizational units, delegation, Group Policy, password policies, and more. You will cover such time-saving tips as evaluating trust relationships and deciding which evidence you need to extract for each domain controller versus just one domain controller. You will learn how to use resource kit utilities and shareware programs, and how to analyze results and identify risks. You will master techniques for assessing administrative authority in Active Directory and determining who has delegated privileges in the domain and over Group Policy.

You will learn how to determine whether crucial best practice techniques are followed in the design of your organization’s Active Directory installation. You will discover features of Active Directory’s monitoring capabilities that facilitate compliance with regulatory compliance requirements and how to configure, manage, optimize, and efficiently review security logs. At the conclusion of the course, you will perform an audit of a network and write-up your security findings and risks.

Speaker

Derek Melber - President and CTO of BrainCore.Net, LLC

Derek Melber is President and CTO of BrainCore.Net, LLC, an independent technology consulting and education firm specializing in Microsoft-centric solutions. One of only ten MVPs in the world on Group Policy, Mr. Melber is often called upon to develop end-to-end solutions regarding Active Directory, Group Policy, and security. His expertise includes extensive knowledge of Group Policy and developing compliant desktops and the servers using them. In addition, he provides in-depth security audits for Windows domains and networks.

Mr. Melber is also a nationally known trainer and author, focusing on Windows Server 2003 / 2008, Windows XP / Vista / 7, Active Directory, Group Policy, and Windows security. Mr. Melber has written numerous books, including The Group Policy Resource Kit and Auditing Windows Security by the IIA. In addition, he is a contributing editor to WindowsSecurity.com, RIAG Journal, and other publications.

Agenda

  1. Windows Network Configurations
    • Past, Present, and Future Windows Versions
    • Workgroup Defined
    • Domain Defined
    • Windows Security Model
  2. Active Directory Infrastructure
    • Active Directory Terms and Definitions
    • What is needed from administrator?
    • How to ask for information about domains, trees, forests, organizational units, and Domain controllers.
  3. LDAP with Active Directory
    • Overview of LDAP
    • LDAP Components and Details
    • LDAP Command Line Tools
    • LDAP Testing and Security Tools
  4. User and Group Accounts
    • Default Domain Accounts
    • Creating New Domain Accounts
    • SID and Token Defined
    • User and Group Account Properties
    • User Rights
  5. Windows Authentication and Passwords
    • User Account Passwords
    • Windows Server 2000 / 2003 Account Passwords
    • Windows Server 2008 Fine-Grained Passwords
    • Measures to Protect Passwords
    • Authentication Protocols
    • Anonymous Connections and Controls
  6. Administrator and Alternate Credential Authentication
    • Using RunAs
    • Should administrators have dual accounts?
    • Using and Controlling User Account Control (UAC)
  7. Securing Network Resources
    • Network Resource Defined
    • NTFS Permissions and the ACL
    • Shared Folders
    • Share Permissions
    • Access-Based Enumeration
    • Encrypting File System
  8. Windows Security Auditing and Logging
    • Accessing and Configuring Auditing
    • Centralized Logging with Subscriptions
    • Controlling the Security Logs with Event Viewer and AuditPol
    • Configuring Security Log Triggers
    • Controlling and Configuring Security Log Access

    Materials

    • Materials will be posted after the event. Due to copyright restrictions, access to the materials will be limited to attendees.