Security

This summary stems from a brief conversation within a peer circle. A parallax perspective on the issue of passwords. 

Most IT organisations have an IT Security policy, which defines the required password parameters for an organisation.  Active Directory provides a method to enforce the password parameters, from their complexity and length to the frequency that they must be changed. 

Once a company’s password policy is understood and required parameters are known, internally bad practice can set in and this is not necessarily limited to the end users, IT can equally be at fault.  For example the service desk may create all new user or service accounts with the same common password.  Password1234$$ or Welcome2015! 

So what has this got to do with hacking your own Active Directory? 

Using one of the numerous Active Directory password cracking tools on the internet, you can analyse (crack the easy ones) the passwords stored in Active Directory and produce a list of the most common passwords.

These common passwords can then be cross referenced to their owners and with a little bit of mathematics, it is possible to deduce that perhaps with 10 passwords, 70 % of all systems can be accessed, not only is this a rather frightening metric, but this is reality and one attack vector for anyone with access to a domain controller. 

This is not a simple problem to fix with the current architecture of Active Directory, but with small process changes and education around the use of common passwords the percentage of systems that could be accessed or compromised may be reduced. 

 

 

Microsoft have released a new document which contains best practice recommendations to assist organisations in enhancing the security of their Active Directory installations.

Microsoft state that “In implementing these recommendations, organisations will be able to identify and prioritise security activities, protect key segments of their organisation’s computing infrastructure and create controls that significantly decrease the likelihood of successful attacks against critical components of the IT environment“.

This document discusses the most common attacks against Active Directory and countermeasures to reduce the attack surface, and recommendations for recovery in the event of complete compromise.

Download

 

If you are looking to understand what the security policies in Windows 7 and 2008 R2 mean and how they can impact your environment, then this guide is a must read.

Threats and Countermeasures Guide: Security Settings in Windows 7 and Windows Server 2008 R2

The document is covers the following categories in some depth:

Account Policies

This section discusses the Group Policy settings that are applied at the domain level: password policies, account lockout policies, and Kerberos protocol authentication policies.

Advanced Security Audit Policy

This section discusses the use of advanced audit policy settings, which are now integrated with Group Policy to monitor and enforce your security measures. It describes the various settings, and it provides examples of how audit information is modified when the settings are changed.

User Rights

This section discusses the various logon rights and privileges that are provided by the Windows 7 and Windows Server 2008 R2 operating systems, and it provides guidance about which accounts should be assigned these rights.

Security Options

This section provides guidance about security settings for digital data signatures, Administrator and Guest account names, drive access, driver installation behaviour, and logon prompts.

Event Log

This section provides guidance about how to configure the settings that relate to the various event logs on computers running Windows Server 2008 R2 or Windows 7.

System Services

Windows Server 2008 R2 and Windows 7 include a variety of system services. Many of these services are configured to run by default, but others are not present unless you install specific components. This section describes the various services included with the operating systems so that you can best decide which ones to leave enabled and which ones can be safely disabled.

Software Restriction Policies

This section provides a brief overview of the Software Restriction Policy feature that is available in Windows Server 2008 R2 and Windows 7. It provides links to additional resources about how to design and use policy settings to control which applications can be used in your organization.

Application Control Policies

This section provides a brief overview of the AppLocker™ feature that is available in Windows Server 2008 R2 and Windows 7. It provides links to additional resources about how to design and use policy settings to control which applications can be used in your organization.

External Storage Devices

This section describes Group Policy settings that can be used to limit, prevent, or allow the use of external storage devices in networked computers.

Additional Resources

This section provides links to additional information sources about Windows security topics from Microsoft that you may find useful.

Threats and Countermeasures Guide: Security Settings in Windows 7 and Windows Server 2008 R2

I read with interest this document posted this morning by Brjann Brekkan, Technical Product Manager at Microsoft on the Identity and Access Management Blog.  I would recommend reading this document to anyone looking to understand the basics of Forefront Identity Manager 2010.

Document Summary

This document provides a technical overview of Microsoft Forefront Identity Manager 2010 product. The document focused on core scenarios of declarative provisioning and deprovisioning, self service management of users, groups, certificate and Smart Cards, user self-service management of passwords and policy based management. The topics covered include request processing, provisioning, self-service, customizing FIM, reporting and overview of the deployment architecture.

Download

Last week I was in New Orleans for TechED North America. I had the privilege of working on the Security and Identity Access stand answering Active Directory related questions.

When I was not working on the stand, I managed to attend a few breakout sessions, one of these sessions was by Marcus Murray. If you run Windows then I strongly suggest you watch this session but don’t have nightmares.

Authentication and Passwords: The Good, the Bad, and the Really Ugly.

http://www.msteched.com/2010/NorthAmerica/SIA338

Over the May Day Bank Holiday weekend, I spent some of my time rebuilding my laptop.

The last time I rebuilt my laptop – Windows 7 had just RTM’d; all the drivers were still beta and Lenovo offered very limited Windows 7 support.  This time Lenovo had all the drivers readily available and Windows Update took care of the rest.

After rebooting my laptop, I started to get “Open File – Security Warning” errors on logon.  To me they looked like the kind of error you get when you download a file through Internet Explorer and it has been blocked.

image

So I decided to see if they were blocked and to my amazement they were.
(Navigate to the file in question, right click and select properties).

image

A quick click on the Unblock button and the problem went away on the next logon – I must admit though, I find it a very odd thing for a Windows 7 Driver/executable to do.

The Security Compliance Manager is a free Solution Accelerator from Microsoft which has been designed to enable organisations  to take advantage of the experience of Microsoft security professionals and reduce the time and cost required to harden Windows infrastructure.

The Security Compliance Manager provides access to the complete database of Microsoft recommended security settings; using this information you can configure and customise security baselines; these can then be exported to multiple formats,  including Excel, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs or the Security Content Automation Protocol (SCAP), for analysis or implementation.

Download the Security Compliance Manager

Learn more about the Security Compliance Manager

Solution Accelerator’s are tools and guidance that help you solve your deployment, planning and operational IT problems. Solution Accelerator’s are free and fully supported.  Want to learn more about Microsoft Solution Accelerator’s, Click Here.