Active Directory Security
Learn a modern and secure way to manage your Active Directory infrastructure.
The Identity is the last perimeter to protect. By numerous security audits and investigating intrusions we know how crucial it is to protect your privileged accounts to being able to protect the entire IT-infrastructure.
With the experience we have the knowledge on how to use the built-in security features in Windows and Active Directory to create a strong and efficient defense in depth strategy.
This is a two-day course where we take a deep dive into Active Directory Security and how to build a modern and strong defense with the built-in components in Active Directory. We will look at the common problems and misconfigurations and how to mitigate them.
Separate the administration in a tiered level in the existing domain and extend it to a high security domain.
Build Privilege Access Workstations (PAW) and strengthen the administrative channels.
We will use different real case scenarios from the field.
We will start by covering an existing environment with common attack scenarios and weaknesses. This will give us a good starting point of how companies are breached and gain an understanding of why we need to shift focus in our delegation models to take control of our Infrastructure.
Daniel Ulrichs is a senior it-security consultant working in a Directory Services Expert team at Enfo Sweden IAM as an Architect - Identity and Security in Enterprise environments. With a passion for Active Directory Security and the Windows platform Daniel performs security audits, health checks, designs of large Active Directory environments, migrations and consolidations of Active Directory, and build high security environments.With his deep understanding Daniel has helped Swedish government agencies, Banks and organizations in other industries and countries in enhancing the security and infrastructure of their foundational Active Directory.
This course has a high focus on Active Directory Security Active Directory administrators and security professionals.
Basic understanding of Active Directory administration, PKI, PowerShell and system security.
Active Directory Security syllabus
For two days we will look at new features and requirements in Active Directory and Windows and how to combine it to create a defense in depth. Create a hardened and modern administrative model in different scenarios. Threat model, what is good enough.
The reality is there will always be legacy systems and we need to protect them as well. We will cover how to combine the old and new technology in a transition period.
- News in Windows Server and Active Directory Security
- Strict Tier model
- Define privileged accounts and how to protect them
- Just in Time Administration (JIT)
- Domain hardening and protecting existing Domain Controllers
- Build a high-secure domain (Shadow Forest/ESAE)
- Privileged Access Workstation (PAW)
- Secure Jumpstations
- Strong Authentication
- Kerberos Authentication Policy and Silos
- Hardening the administrative tools
This lab will give you the know-how to implement a modern security model.