1 / 7

Passwords everywhere aka why use smart cards instead

Passwords everywhere aka why use smart cards instead. Ing. Ond řej Ševeček MCSM:Directory | MVP:Enterprise Security | Certified Ethical Hacker | MCSE:SharePoint ondrej@sevecek.com | www.sevecek.com. Agenda. Why are workstations doomed

holleb
Download Presentation

Passwords everywhere aka why use smart cards instead

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Passwords everywhere aka why use smart cards instead Ing. Ondřej Ševeček MCSM:Directory| MVP:Enterprise Security |Certified Ethical Hacker | MCSE:SharePoint ondrej@sevecek.com | www.sevecek.com

  2. Agenda • Why are workstations doomed • Why not type strong accounts' passwords on insecure computers • Why use separate administrative accounts and thus limit attack surface • Why use smart cards instead of passwords wherever possible

  3. Separate administrators (basic physical security principle) ForestA DomainA DC1 ForestA DomainB DC PC PC ForestA DomainA DC2 PC NTB SRV NTB SRV NTB SRV SRV SRV SRV

  4. Separate administrators (better physical security principle) ForestA DomainA DC1 PC PC ForestA DomainB DC PC open-space PC PC PC in-office ForestA DomainA DC2 SRV inbranche1 NTB SRV indatacenter NTB SRV SRV NTB no BitLocker NTB NTB NTB with BitLocker SRV inbranche2

  5. Separate administrators (server role principle) PC ForestA DomainA DC1 PC PC open-space PC PC ForestA DomainB DC PC in-office NTB ForestA DomainA DC2 NTB NTB no BitLocker NTB NTB NTB with BitLocker RDP SRV FS SRV SRV SRV Exchange Web SQL SRV SRV SharePoint SRV Remote Access SRV SRV SRV SRV SRV SRV SRV

  6. Separate administrators (application principle) ForestA DomainA DC1 RDP Gateway ForestA DomainB DC RDP farm NPS RADIUS ForestA DomainA DC2 SharePoint Farm Intranet SharePoint Farm Intranet SharePoint Farm Extranet AD FS SQL SQL SharePoint Farm Intranet SharePoint Farm Intranet SharePoint Farm Intranet FS DPM Backup SRV SRV SQL SQL Exchange SRV SRV DPM Backup Symantec Backup

  7. Kurzy Počítačové školy Gopas na www.gopas.cz GOC169 - Auditing ISO/IEC 2700x GOC170 - AD Monitoring with SCOM and ACS GOC171 - Active Directory Troubleshooting GOC172 - Kerberos Troubleshooting GOC173 - Enterprise PKI GOC174 - SharePoint Architecture and Troubleshooting GOC175 - Advanced Security Získejte tričko TechEd 2014 za vyplněný hodnotící dotazník. Počítačová škola Gopas – Vaše IT škola života

More Related