Hardening Active Directory with Jerry Devore
Active Directory is still part of our lives - but can we make it more robust? Richard talks to Jerry Devore about his ongoing blog series on hardening Active Directory. Jerry talks about credential drift - decisions made in the past to turn down (or off!) security features in AD that made sense at the time but are no longer relevant. Most of these efforts only consume time - no products are involved, or the products are free. Check out the links in the show notes for Compliance tools that can help you find vulnerabilities in your infrastructure, including AD.
RunAs Radio · Jerry Devore, Richard Campbell
Audio is streamed directly from the publisher (cdn.simplecast.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Active Directory is still part of our lives - but can we make it more robust? Richard talks to Jerry Devore about his ongoing blog series on hardening Active Directory. Jerry talks about credential drift - decisions made in the past to turn down (or off!) security features in AD that made sense at the time but are no longer relevant. Most of these efforts only consume time - no products are involved, or the products are free. Check out the links in the show notes for Compliance tools that can help you find vulnerabilities in your infrastructure, including AD.
Links:
- Pass-the-Hash White Paper
- MITRE ATT&CK
- Windows LAPS
- Enable NTLM 2 Authentication
- LDAP Signing
- Forest and Domain Functional Levels
- Credential Guard
- Microsoft Intune
- Security Compliance Toolkit and Baselines
Recorded November 20, 2023