Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Securing Active Directory

( Duration: 5 Days )

In Securing Active Directory training course, you will learn to implement, configure and operate Active Directory environments in a highly secure manner. In terms of security, an Active Directory should NEVER be operated as a standard. Attack scenarios such as pass-the-hash, silver ticket, golden ticket or even skeleton key are common ways of attackers who can attack the Active Directory and and take over the users and administrators identities.

In this course, the attack scenarios on the Active Directory are first examined and carried out. With the knowledge gained from this, the Active Directory is now fundamentally hardened. This applies to existing installations, which should first be analyzed in depth, as well as new implementations, which are then completely hardened in order to be considered attack-proof in the future.

  • At least 5 years of experience with Active Directory and client systems

The Securing Active Directory workshop is ideal for:

  • Experienced system administrators, consultants and Active Directory designers. After this course you will be able to design, implement and advise Active Directory in a highly secure manner.

COURSE AGENDA

1

Common security problems in Active Directory

  • Understand Kerberos
  • NTLM vs. Kerberos
  • SMB
    • SMB versions
    • Attack scenarios
    • Safe use of SMB
  • PAC_Validation and the problems with the Microsoft implementation of Kerberos - in detail
  • PTH - Pass the Hash - including live attack with all participants
  • Silver ticket
  • Golden ticket
  • Skeleton Key
2

Kerberos Ticket Service

  • Understand Kerberos
  • Changing Kerberos Passwords: Why and How ...
  • Change Kerberos passwords: The ideal solution without failures
3

Preventing Credential Theft - A Deep Dive:

  • Attack scenario
    • Pass-the-hash
    • Silver ticket
    • GoldenTicket
    • Skeleton key
  • Prevent credential thefting
    • Configure Windows Defender Credential Guard
    • Windows Defender Remote Credential Guard Bitlocker
    • Use Windows Defender Device Guard
    • Use AppLocker
    • Use Windows Defender Application Guard
4

Understand concepts:

  • Operate animal models
  • From Red-Forest, Golden-Forest and Bastion Forests
  • Highly secure single domain model
5

Clean installation source

  • Verify hash values of the * .iso files
  • Fciv.exe, Powershell, 7zip and IgorHasher
6

Setting up the first domain controller

  • Understand ms-ds-machineaccountquota
  • Use redircmp for new computer systems
  • Use redirusr for new users
  • Bitlocker
  • Bitlocker and TPM 1.2 vs. 2.0
  • Bitlocker and PreBoot authentication
  • AppLocker
  • Monitoring
    • AD-Audit-Plus
    • CyberArk
  • Secure backup and recovery of Bitlocker-protected backup volumes
  • Firewalling on domain controllers
  • Configure IPSEC with RDP
  • Post Hardening the domain controller
    • Center of Internet Security
    • gpPack & PaT
    • SIM
    • LDA
    • Microsoft tools
7

Setting up further domain controllers

8

Secure deployment of domain controllers, member servers and clients via MDT

  • Installation and configuration of MDT highly secure
  • Hardening of MDT servers
  • Roll out highly secure member servers and clients
9

Operate domain controllers securely via IPSEC

  • Configure and use IPSEC
  • IPSEC monitoring via MMC
10

Set up the PKI server as an internal Trusted ROOT CA

  • Configure PKI
  • Activate automatic certificate deployment via group policies
  • Enrollment of non-standard certificates
  • Hardening the PKI
    • Center of Internet Security
    • gpPack & PaT
    • SIM
    • LDA
    • Microsoft tools
11

Jump server and privileged access workstation (PAW) - Understand and implement concepts

  • Set up and configure jump server
    • RSAT installation
    • Install the ADMIN Center with a valid certificate from a Trusted Root PKI
    • Bitlocker
    • Bitlocker and TPM 1.2 vs. 2.0
    • Bitlocker and PreBoot authentication
    • AppLocker
    • Configure IPSEC with RDP
    • Backup of jump servers on bitlocker-protected volumes
    • Firewalling on JUMP servers
  • Post hardening of the jump server
    • Center of Internet Security
    • gpPack & PaT
    • SIM
    • LDA
    • Microsoft tools
  • Set up and configure PAW
    • Bitlocker
    • Bitlocker and TPM 1.2 vs. 2.0
    • Bitlocker and PreBoot authentication
    • AppLocker
    • Configure IPSEC and RDP
    • Backup of PAWs on bitlocker-protected volumes
    • Firewalling on PAWs
  • After hardening the domain controller
    • Center of Internet Security
    • gpPack & PaT
    • SIM
    • LDA
    • Microsoft tools
12

Security in domain networks

  • 802.1X with
    • MAC addresses
    • Certificates
  • MAC flooding on switches
    • Switch off the hubbing mode
  • IPSEC with Kerberos and certificates
13

Windows Defender Advanced Threat Protection (WDATP)

  • Understand the concept of WDATP
  • Roll out and monitor WDATP
  • WDATP on domain controllers ...
  • WDATP on jump servers and PAWs
  • WDATP on Windows 10 clients

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X