AD – Securing Domain Controllers / hardening Windows domain and computers

Reference articles to secure a Windows domain: https://www.cert.ssi.gouv.fr/uploads/guide-ad.html https://github.com/PaulSec/awesome-windows-domain-hardening Pingcastle: to audit an AD domain https://www.pingcastle.com/ AD explorer (sysinternals): https://www.blackhillsinfosec.com/domain-goodness-learned-love-ad-explorer Microsoft audit Policy settings and recommendations: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations Sysinternals sysmon: to audit and control changes https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow On ADsecurity.org: Beyond domain admins: https://adsecurity.org/?p=3700 Gathering AD data with PowerShell: https://adsecurity.org/?p=3719 Hardening Windows computers, secure Baseline check list: https://adsecurity.org/?p=3299Continue reading “AD – Securing Domain Controllers / hardening Windows domain and computers”

DNS: Security hardening

How to improve Windows DNS security (hardening): Resources: DNS logging (audit and analytics): https://technet.microsoft.com/en-us/library/dn800669(v=ws.11).aspx Secure DNS Deployment Guide: https://technet.microsoft.com/en-us/library/ee649266%28v=ws.10%29.aspx DNS security part 1: http://www.windowsecurity.com/articles-tutorials/misc_network_security/DNS-Security-Part-1.html DNS security part 2: http://www.windowsecurity.com/articles-tutorials/windows_server_2008_security/DNS-Security-Part2.html Understand man in the middle attack: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part2.html External DNS Server Hardening: https://technet.microsoft.com/en-us/library/ee649266%28v=ws.10%29.aspx Note: Root hints are used to let the DNS server know where to startContinue reading “DNS: Security hardening”