Security, et al

Randy's Blog on Infosec and Other Stuff

«  Recent Security Features ... | How to Detect Pass-the-Ha... »

Active Directory security features you probably aren’t using and more in my sessions at The Experts Conference 2019

Sun, 21 Apr 2019 19:43:13 GMT

Most of my training's are delivered online – they’re convenient to you and me in our busy schedules.  But I have to make time for The Experts Conference (TEC) because its one of the few conferences where you can get actual Active Directory training. 

I’ll be delivering two training sessions, one of which is a keynote session, on Active Directory security.  I’ll also be at the Experts Bar taking 1:1 questions.  I hope you consider attending for the training, the peer networking, and engaging with the other great AD and Office 365 security experts and Microsoft MVPs that will be in attendance.

Here are the abstracts for both of my sessions (and, yes, these are CPE eligible sessions). If you like, be sure to register before April 30th for a $300 savings in registration.  

Recent Security Features in Active Directory You Probably Aren’t Using

Over the past several years Microsoft has added many new Active Directory security features, but I find that many organizations aren’t using them. There are many reasons for this, such as how sometimes Microsoft introduces a new capability but doesn’t immediately make it easy-to-implement via the GUI or PowerShell.  By the time that happens, we tend to have forgotten about the capability in the day-to-day grind of AD management. 

In this session at TEC, I will introduce you to these capabilities in Active Directory, show you how they work and help you determine if you should start using them to deal with security threats in your environment. 

Here’s a partial list of what he will cover:

  • Password Setting Objects – fine grained password policy without multiple domains 
  • Authentication Silos – a very important way to protect against Pass-the-Hash 
  • Dynamic Access Control – escape from countless access control lists on each folder 
  • Global Object Access Audit Policy – define audit policy centrally 
  • Group Managed Service Accounts (and plain-old Managed Service Accounts) – stop managing service account passwords 
  • Domain Controller Virtualization and Cloning – fast but reliable DC deployment in the virtual environment 
  • Active Directory Administrative Center PowerShell History Viewer – See how to automate any task you perform in the GUI

Understanding Windows Security Log Events Generated by Active Directory Domain Controllers vs Other Endpoints 

There is no central audit log for Active Directory. Instead, AD records any relevant events affecting Active Directory in the local Security Log of which ever Windows Server domain controller where the event happens to occur.  On top of this distributed log (i.e. fractured), the wording of many events in the security log is confusing.  Some events specifically refer to Active Directory or “domain controller” even when the event is strictly a local workstation or member server affair. 

In addition, some categories of events, while logged on both domain controllers and non-domain controllers, have very different implications. For instance, a failed Account Logon event may or may not be significant on a domain controller while it’s almost always important on member servers and workstations.   

In this session at TEC, I will help you understand how the context of security log events has a great impact on their implication.  This is a technical eye-opening event that you do not want to miss.

Also look for more Birds-of-a-Feather sessions with our experts and your peers to have a casual conversation around such topics as:

  • Active Directory disaster recovery
  • Microsoft Teams
  • IT Integration for Mergers and Acquisitions
  • And more

Remember to register for The Experts Conference at this link.


email this digg reddit dzone
comments (0)references (0)

Related:
5 Indicators of Endpoint Evil
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
Severing the Horizontal Kill Chain: The Role of Micro-Segmentation in Your Virtualization Infrastructure
Anatomy of a Hack Disrupted: How one of SIEM’s out-of-the-box rules caught an intrusion and beyond

Comments disabled

powered by Bloget™

Search


Categories
Recent Blogs
Archive


 

Additional Resources