如需獲得最佳網頁瀏覽體驗,請使用 IE 11 或更高版本、Chrome、Firefox 或 Safari。

Webcast | Tier Zero: What It Is, Its Importance and Boundaries

Webcast | Tier Zero: What It Is, Its Importance and Boundaries
录播
  • 记录日期:Jun. 30, 2022
  • 活动:录播
Webcast | Tier Zero: What It Is, Its Importance and Boundaries

Every Active Directory environment has Tier Zero systems, whether they recognize it or not. Tier Zero systems are those that – if compromised – will impact the rest of your environment due to security dependencies. Tier Zero begins with domain controllers and any other foundation security systems that provide identity, authentication and access control to the rest of your network, including:

  • ADFS
  • Multifactor authentication and RADIUS servers
  • Privileged account/session management

But Tier Zero also includes additional systems that foundation security systems like domain controllers depend on for synchronization, management or hosting, including:

  • Azure AD Connect
  • Systems management servers that manage DCs or other Tier Zero systems
  • Hypervisors (and hypervisor management systems) that host Tier Zero systems

Finally, Tier Zero extends to any system where a Tier Zero user account logs on. And that brings us to an important point. Tier Zero isn’t just about systems – it’s equally about user accounts. Tier Zero user accounts are those that have privileged access to any Tier Zero system. So that would include accounts like:

  • Domain Admins
  • Local admin authority on a member server running Azure AD Connect or ADFS
  • Root access on a hyper-visor server hosting domain controller VMs

As soon as a Tier Zero account logs into a given system, that system essentially becomes Tier Zero, even if not intended. That’s because anyone with local admin authority on that system can potentially steal the credentials and/or impersonate that Tier Zero user. So that means Secure Admin Workstations (SAWs) are essential to security. Tier Zero systems and accounts must stay together. But it’s so easy for Tier Zero accounts to get out of bounds.

In this webinar, IT security expert Randy Franklin Smith will do a deep dive into Tier Zero. He’ll show you why it’s so important to recognize Tier Zero for what it is and then identify all systems and accounts that are Tier Zero either directly or indirectly. That can be quite a difficult job because of the complexity of group membership, nested groups, directory synchronization, various permission models, etc. There are so many ways that cyberattackers can gain access to Tier Zero assets. As just one example, all it takes is inadvertently assigning someone write permission to the wrong GPO.

Some of the key MITRE ATT&CK techniques that come into play in our discussion are:

  • T1078 – Valid Accounts
  • 002 – OS Credential Dumping: Security Account Manager
  • T1098 – Account Manipulation

Bryan Patton from Quest will expand on his experience helping customers tackle this problem and will also briefly demonstrate how SpecterOps Bloodhound Enterprise and other Quest technologies can help you uncover the hidden permissions and memberships comprising the true scope of the critical Tier Zero assets in your Active Directory.

扬声器

  • Randy Franklin Smith, Ultimate IT Security
  • Bryan Patton, Quest

观看免费网络直播

请稍候……

triangle-down check
进行下载即表示您注册以接收我们发送的营销电子邮件。要选择不再接收,请按照我们隐私政策中描述的步骤进行操作。

reCAPTCHA为此站点提供保护。请查看Google的隐私政策使用条款