With the current onslaught of Active Directory-focused attacks that use Pass-the-Hash, golden tickets and related credential artifact exploits, everyone is scrambling to lockdown AD – especially in terms of privileged access, using a Red-Forest architecture (aka Enhanced Security Admin Environment or ESAE). One of the toughest parts of implementing a Red Forest, is ensuring the security of your red forest domain controllers from inception through ongoing operation.
In this real-training-for-free event, we’ll start with a quick overview of a red forest: what it is, how it relates to your existing production AD forests, and how it impacts the way you administer systems and structure privileged access.
Then, we’ll focus on the red forest itself, and how to secure the domain controllers that host it. Unfortunately, you can’t simply spin up new VMs in your existing virtualization hosting environment to use as red forest domain controllers, and implementing your red forest DCs as physical servers presents another set of risks.
Red forest DCs become the most security-critical systems in your network. As such, every layer and component of your red forest environment needs to be hardened if you want to truly get the security benefits. DCs, whether physical or virtual, run on hardware, and attacks involving hardware are more viable than ever before. So, you have to start with and maintain the “clean source” principle and ensure that your hardware, firmware, and every piece of software including drivers, systems management agents, etc. are clean.
Then, how do you handle physical security of physical or virtual DCs? Does the contractor you hired to re-cable an unrelated machine in your datacenter have USB access to the host running your Red Forest systems? This is where encryption and secure boot come into play. Is the motherboard of the hyper-visor or physical server open to remote administration, booting, or firmware replacement?
Next, think about the network controls around your red forest DCs. What if somebody on the network ops team relaxes firewall protections or changes a VLAN? Does it compromise your security policy or boundary?
Here’s an agenda of the main points we will cover:
1. Clean source
2. Encrypted disks
3. Physical tampering
4. Network isolation
5. Audit trail
6. Hardened virtualization infrastructure
7. Secure administrative workstations
We’re going to discuss all of this and more to ensure your red forest is built secure from the ground up and remains secure. Skyport Systems is our sponsor for this webinar, and you’ll see briefly how their secure red forest in a box solution leverages an on-prem virtualization platform and the cloud for secure administration and monitoring. It’s very cool.
Please join us for this real training for free event.