Passwords everywhere aka why use smart cards instead

Passwords everywhere aka why use smart cards instead Ing. Ondřej Ševeček MCSM: Directory | MVP: Enterprise Security | Certified Ethical Hacker | MCSE: Share. Point ondrej@sevecek. com | www. sevecek. com

Agenda § Why are workstations doomed § Why not type strong accounts' passwords on insecure computers § Why use separate administrative accounts and thus limit attack surface § Why use smart cards instead of passwords wherever possible

Separate administrators (basic physical security principle) Forest. A Domain. A DC 1 Forest. A Domain. A DC 2 Forest. A Domain. B DC SRV SRVSRV PC PC PC NTB NTB

Separate administrators (better physical security principle) Forest. A Domain. A DC 1 Forest. A Domain. A DC 2 PC PC PC openspace Forest. A Domain. B DC SRV in datacente SRV r SRV in branche 1 SRV in branche 2 NTB NTB no Bit. Locker PC PC PC in-office NTB NTB with Bit. Locker

Separate administrators (server role principle) Forest. A Domain. A DC 1 Forest. A Domain. A DC 2 PC PC PC openspace Forest. A Domain. B DC FS SRV Remote Access SRV NTB NTB no Bit. Locker PC PC PC in-office NTB NTB with Bit. Locker RDP SRV SQL SRV Web SRV Share Point SRV Exchange SRV

Separate administrators (application principle) Forest. A Domain. A DC 1 Forest. A Domain. A DC 2 Forest. A Domain. B DC Share Point Farm Intranet DPM Backup RDP farm Share Point Farm Intranet Extranet SQL RDP Gateway DPM Backup NPS RADIUS AD FS SQL FS SRV Symantec Backup Exchange SRV

Kurzy Počítačové školy Gopas na www. gopas. cz GOC 169 - Auditing ISO/IEC 2700 x GOC 170 - AD Monitoring with SCOM and ACS GOC 171 - Active Directory Troubleshooting GOC 172 - Kerberos Troubleshooting GOC 173 - Enterprise PKI GOC 174 - Share. Point Architecture and Troubleshooting GOC 175 - Advanced Security Získejte tričko Tech. Ed 2014 za vyplněný hodnotící dotazník. Počítačová škola Gopas – Vaše IT škola života