I can share some useful links that detail, or lead to the detail that Brian alluded to. Keep in mind, there's a lot that can be accomplished without going all the way to a Red Forest by using LAPS, PAWS (AKA SAW), JIT and JEA concepts and tailoring them to your environment.
Good anchor point that's newly published. Follow through the links for the prescriptive guidance: Securing Privileged Access https://technet.microsoft.com/en-us/library/mt631194.aspx This is the fundamental basis of a lot of it, and a bunch of other stuff we should be doing anyway written by some very smart folks, led by Laura A Robinson- Best Practices for Securing Active Directory https://technet.microsoft.com/en-us/library/dn487446.aspx Also see- Secure Administrative Workstations : https://blogs.technet.microsoft.com/askpfeplat/2016/03/14/secure-administrative-workstations/ MSIT showcase article on HVAs https://www.microsoft.com/itshowcase/Article/Content/602 Link to MS JIT approach: http://blogs.uw.edu/uwwi-blog/2014/10/30/microsofts-jit-approach-revealed/ Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2 https://www.microsoft.com/en-us/download/details.aspx?id=36036 KB2871997 Overview of the backported security features from 8.1/2012 to 7/2008R2. These features are critical for stopping lateral movement, especially the "Local Account" principal. http://blogs.technet.com/b/srd/archive/2014/06/05/an-overview-of-kb2871997.aspx Finally.. Older blogs but a favorite goal of mine - "Admin Free" Active Directory by Laura A Robinson http://blogs.technet.com/b/lrobins/archive/2011/06/23/quot-admin-free-quot-active-directory-and-windows-part-1-understanding-privileged-groups-in-ad.aspx http://blogs.technet.com/b/lrobins/archive/2011/06/23/quot-admin-free-quot-active-directory-part-2-protected-accounts-and-groups-in-active-directory.aspx We just did a SLAM with Premier, it's a useful engagement if you are thinking about how to put some of this into practice or need to be able to demo to others how simple credential theft and lateral movement can be. https://channel9.msdn.com/Blogs/Taste-of-Premier/Proactively-Secure-your-IT-Environment-from-Credential-Theft-with-POP-SLAM Sent: Wednesday, March 16, 2016 11:58 AM To: [email protected] Subject: [spam] [dkim-failure] [NTSysADM] RE: SkySecure for Active Directory The concepts are not new - I've worked with a number of customers that have this type of model. There is some fairly good prescriptive guidance on how to set this up that's out there I believe. You have to decide how much of it makes sense for your organization - risk/cost/reward. The way I read their site is they've provided a turnkey tool to configure a set of best practices. Thanks, Brian Desmond w - 312.625.1438 | c - 312.731.3132 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ryan Shugart Sent: Wednesday, March 16, 2016 12:39 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] SkySecure for Active Directory I had a link passed onto me today and was wondering if anyone else has used this product? https://www.skyportsystems.net/protecting-active-directory<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.skyportsystems.net_protecting-2Dactive-2Ddirectory&d=BQMFAg&c=hLS_V_MyRCwXDjNCFvC1XhVzdhW2dOtrP9xQj43rEYI&r=TA_mjBT8bS0r8rLrnubGjA&m=yLB6Why6cL79kzmzjgWc4Lqdk_c_7KLkLYI2wvWtMyg&s=wIRO4B8oKfx70qnl_ELIE1gPj3VfXSQgpZHliTfb_u0&e=> A quick read makes me think this product is a tad sensationalized and over buzworded, but that doesn't necessarily mean its not worth looking at. So does anyone out there actually use this, and is it worth it? Ryan Ryan Shugart Windows System Administrator MiTek USA, MiTek Denver 303-723-4975 MiTek Holdings, Inc., 2011-2014, All Rights Reserved ________________________________ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it.
