ISSC342 Central Texas Group Policy Objects in Windows Active Directory Discussion
ISSC342 Central Texas Group Policy Objects in Windows Active Directory Discussion
Hello,
I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
Instructions:
1. Using Active Directory Group Policy Objects (GPO) or Microsoft Baseline Security Analyzer (MBSA) discuss how one would use them to secure the network.
2. Describe the importance of having privileged and non-privileged states within an organization.
3. List any observations, tips or questions about this lab that would prove helpful to fellow students prior to midnight on Wednesday and comment on other student posts with value added comments (not simply agreeing) by midnight Sunday for full credit consideration.
Student one:
Group Policy Objects in Windows Active Directory can help secure a network by using security management. Group Policy Objects has a whole collection of security related settings, and its policy settings are contained within a single location which can be set in the local computer policy of a system or within a group policy object. Using a GPO gives the benefit of being able to consistently apply the same settings across multiple computers. The security settings inside the windows setting’s node allows filtering because a super user cannot directly link a GPO to a group. By default, when you link a GPO to a container, it affects everyone in that container. The authenticated ssers group is given two permissions, read and apply group. As a result, security filtering gives the admin the ability to control which GPO is applied based on user accounts or group membership (who in the site, domain, or OU gets the GPO). Security filtering can restrict unauthorized users from logging into certain systems and only allow certain users to access certain files. Depending on the goals, a GPO may apply to a specific organizational unit or the default domain policy. Since a GPO is an object and all objects in Active Directory has an access control list, controlling who the GPO applies to can be achieved in by modifying the access control list of the GPO.
One feature of security filtering using a GPO is password policies. Password policies is used to enforce the password history of a system, the maximum and minimum password age, minimum password length, etc. Another feature is the Kerberos policy. The Kerberos policy helps ensure the security of authentication credentials of an environment. Furthermore, the user right policy controls what a user can do on the local system. User rights are rights across the system and there are two types. The first type of privileges is tasks that a user can perform (e.g. shutdown the system). The second type of privileges is logon rights (e.g. logging on interactively). More examples of user rights that can be enforced for this policy is if the user can change the date and time and if the user can take ownership of files and directories. The user right policy has over 30 user rights that can be configured to help secure the network. Another category of policies is for auditing. One auditing policy setting can control the size of event logs and determine how to handle it when it’s full. Another policy in the auditing category is the “Audit the use of Backup and Restore Privilege” policy. This policy can be used to define an audit to see who has backed up or restored an operating system on the network. A full backup of a client operating system on a Windows server saves the backup of a virtual hard drive (e.g. VHDX extension). A user could save the filesystem to a removable media such as an USB drive, double click the backup and it will mount and the user will be able to browse directly through the hard drive. Another policy of the audit category that can help secure a network is “Audit: Shut down system immediately if unable to log security audits”. This policy will shut down the operating system if the security log is full or cannot write to the audit log. An example of why this is important is if an attacker disabled wesvc to prevent any log-forwarding to help cover their tracks. The system would then be shutdown to prevent any further damage to the server.
An alternative to security filtering for GPO’s is by using WMI. WMI filters allows the admin to add specific rules of when a GPO should be applied or not. WMI filters leverages the WMI client service and the admin programs the filters in a language that is a subset of SQL, which is called WQL (Windows Query language). This queries the computer or user account for certain conditions and determines whether or not a GPO is applied. A benefit of WMI is that it allows the admin to fine point who exactly gets the GPO applied to them (e.g. using parameters such as the version of the OS the user is connecting from, the amount of RAM from their system, storage space on their client drive, etc).
Microsoft Baseline Security Analyzer (MBSA) can be used to secure a network by vulnerability scanning systems on the network for improper security configurations. Some examples of what MBSA scans for is if automatic updates is currently enabled or disabled on a system, if the user accounts of the system uses expiring or non-expiring passwords, and if the system has any incomplete updates. Furthermore, MBSA will scan to check for an active firewall, if any static inbound ports are open, etc. There is an extensive list of remaining security configurations scans that MBSA uses which would be to large to name them all for this forum post. In summary, MBSA will harden systems that are located on the network to help lower the chance of an attacker finding an exploit to gain access to the network through improper security configurations of a system that resides on the network.
Regarding this weeks labs, I would recommend to download MBSA and practice scanning different virtual machines within your internal network. Some activities to practice would be what the vulnerability scanner would output if you were to disable certain features in your vm’s such as disabling automatic updates. Practicing the methodology in this weeks labs, as well as creating your own, will allow you to gain a better understanding of this weeks assignments.
References
Alias, J. (2016, March 25). How to install and use Microsoft Baseline Security Analyzer (MBSA). Retrieved from https://www.sqlshack.com/how-to-install-and-use-mi…
Francis, D. (2018, April 10). Group Policy Security Filtering. Retrieved from http://www.rebeladmin.com/2018/04/group-policy-sec…
Francis, D. (2018, February 12). Group Policy: WMI Filters in a nutshell. Retrieved from http://www.rebeladmin.com/2018/02/group-policy-wmi…
-Justin
Student two:
Class,
Here’s my submission for this week’s forum:
1. Using Active Directory Group Policy Objects (GPO) or Microsoft Baseline Security Analyzer (MBSA) discuss how one would use them to secure the network.
In the world of information security, various tools are needed to effectively combat and minimize threats. Microsoft is one of the organizations that offers such a tool, Microsoft Baseline Security Analyzer, or MBSA. MBSA is a free product which is capable of analyzing computers to identify certain configurations which could be deemed as insecure (Solomon, 2014). MBSA can be used to analyze a computer or group of computers to detect missing patches or updates and security misconfigurations. After conducting an MBSA scan on a system, the tool will provide specific suggestions on how to remediate the vulnerabilities found during the scan. Resolving security issues like missing patches or updates can help secure a network by lowering its threat exposure as the latest software updates will be more readily equipped to handle potential attacks. Additionally, security misconfigurations can be fixed to allow a network or system to operate more securely by reducing potential attack points of attackers (University of Pittsburgh, 2018).
2. Describe the importance of having privileged and non-privileged states within an organization.
Every user within an organization that has an account with privileged capabilities should also have one which has non-privileged rights, like any other user. The separation of these two states is necessary to ensure protection and security of the System from unauthorized or errant users. This Dual Mode separates the User Mode from the System Mode or Kernel Mode (RishabhJain12, 2019). Also, if an attacker gains access to an account with privileged rights, far greater damage can be inflicted, so it is best for administrators to conduct daily duties in a non-privileged state to diminish this threat.
3. List any observations, tips or questions about this lab that would prove helpful to fellow students prior to midnight on Wednesday and comment on other student posts with value added comments (not simply agreeing) by midnight Sunday for full credit consideration.
Not much to add regarding this week’s labs, just that there’s two. Although they’re fairly simple and straightforward, it’s definitely not a process you want to start late in the evening. Try and pay closer attention to at least the browser hardening steps. There are a lot of ways that you can improve the security of your own system just by taking what you learn in the lab and applying it to your own settings.
Respectfully,
Shonnie
Works Cited:
RishabhJain12. (2019, April 12). Operating System | Privileged and Non-Privileged Instructions. Retrieved from https://www.geeksforgeeks.org/operating-system-pri…
Solomon, Michael. (2014, July). Security Strategies in Windows Platforms and Applications, 2nd Edition
[VitalSource Bookshelf version]. Retrieved from https://bookshelf.vitalsource.com/books/9781284047…
University of Pittsburgh. (2019, May 16). Help using the Microsoft Baseline Security Analyzer (MBSA). Retrieved June 5, 2019, from https://www.technology.pitt.edu/help-desk/how-to-d…
