Posts

Active Directory (Part 5)

By Ashwin Venugopal -
Image
  Basics Group Policies Group Policy Objects (GPOs) can centrally manage and configure settings for users and computers. They help the administrators in applying policies, configurations, and settings for specific users or groups of users in an Active Directory domain. It is one of the many powerful tools for system administrators that automate and synchronizes a process. These policies can be used to configure a wide range of settings, and some of them are: Security settings, such as password policy, account lockout policy, and auditing policy. Software deployment and updates. Network and connectivity settings. Desktop and taskbar settings. Internet Explorer settings. Folder redirection and roaming profiles. Remote access and VPN settings. GPOs are very useful and can save time and reduce the risk of errors, because administrators do not have to manually configure each individual computer or user. They also allow easy roll back changes or application of updates to all affected compute
Post a Comment
Read more

Active Directory (Part 4)

By Ashwin Venugopal -
Image
  Basics Trees, Forests, and Trusts There are in-built logical structures called Trees and Forests, within Active Directory, to organize as well as manage the resources and the users in a domain. A tree is a hierarchical structure consisting of a root domain and one or more child domains organized in a hierarchy. All domains in a tree share a common namespace, meaning they have the same naming conventions and naming structure. A forest is a collection of one or more trees that are connected by trust relationships. Trust relationships helps the users present in one tree to access the resources of another tree, if they have required permissions. Forest often represent different business units or organizations that need to share resources but maintain separate identities and namespaces. All trees have trust connection with each other. Trusts that can be established in an AD are: External Trusts- They allow the users of one domain to access the other forest's domain resources. These tr
Post a Comment
Read more

Active Directory (Part 3)

By Ashwin Venugopal -
Image
  Basics Management of Users and Computers Active Directory (AD) management of users and computers is the process of creating, modifying, and deleting user and computer accounts in AD, as well as managing group membership and permissions. AD management of users and computers are important because: Security- AD provides a way to manage user accounts and permissions and helps secure the network. It can also be used to create unique user accounts for each person requiring access, and assign them specific permissions to control what they can do on the network. This offers help in preventing unauthorized access and ensures that only authorized users can have access to the required resources. Productivity- Via AD, it is easier to manage user accounts and permissions. It can help in improving productivity because it allows the users to easily and quickly access the needed resources.  Centralization- AD offers a centralized location for managing users and computers on the network. This will ma
Post a Comment
Read more

Active Directory (Part 2)

By Ashwin Venugopal -
Image
  Basics Windows Domains Window Domain is a collection of networks that are grouped together and share a common directory database. This will help in central management and organization of network resources, such as user accounts, computers, and other devices. Each domain has its own security policies. They are used to control access to network resources and manage user permissions. The users and computers that are part of a domain are authenticated and authorized to access network resources via the security policies of that domain.  In AD, domains are hierarchical. A single top-level domain is called the "root domain" at the top of the hierarchy. However, the other domains can be created within the root domain and organized into a tree-like structure. Each domain in the tree is the child of another domain called the "parent domain". This helps in the creation of large and complex network of domains, each with its own security policies and network resources.  Hence,
Post a Comment
Read more

Active Directory (Part 1)

By Ashwin Venugopal -
Image
  About Active Directory of Microsoft is the backbone of the corporate world because it allows easy manage of people and devices in a large company. An administrator can use Windows domain to manage things in a larger company.  A Windows domain is a collection of people and computers managed by a certain company. Basically, it consolidates the management of Windows computer network's common components that are under the control of Active Directory (AD). A domain controller is the server hosting Active Directory services (DC). Active Directory can be used for: Creating and managing user accounts and groups, allowing administrators control access over network resources and manage user permissions. Managing and organizing network resources, like computers, printers, and other devices, making it easier to find and access these resources. Providing a central authentication and authorization service that allows the users to access network resources using a single set of login credentials
Post a Comment
Read more

Windows Privilege Escalation (Part 2 of 2)

By Ashwin Venugopal -
Image
  Token Impersonation Token impersonation is an effective approach for a Windows local administrator to impersonate another user and issue commands in the name of that user. There are many tools that are created to particularly exploit this vulnerability. Windows consists of several privileges that, if enabled, may allow an attacker to escalate them to the SYSTEM. Local users have privileges to carry out specific tasks, like managing volumes, changing the system's locale, and shutting down the system. An access token is used for all the security choices and holds the security identity of a process in Windows. So, whenever there is an attempt to interact with the objects laced with security descriptors, a user-spawned process or thread will automatically inherit the same token (securable objects). Impersonation is a technique that allows a process to use another user's tokens, that can be used if a task necessitates increased privileges. Service accounts are generally created wi
Post a Comment
Read more

Windows Privilege Escalation (Part 1 of 2)

By Ashwin Venugopal -
Image
  Introduction The term "privileges" refers to the ability of a particular account to carry out actions that are relevant to the system. The Windows operating system make use of access tokens making these privileges functional. The token itself comprises of all the information including the user privileges, to effectively define the security environment of a particular user. The Security Identification (SID), is a special number allocated to each object including tokens like a user or group account. These SIDs are updated and created by the Windows Local Security. In addition to privileges, Windows also uses an integrity mechanism. It is an essential part of the Windows security architecture and offers application processes and secure objects different integrity levels. Hence, the level of confidence of operating system in running apps or secure objects can be described by this. Also, APIs might be restricted to a certain integrity level.  Windows Privileges An access control
Post a Comment
Read more