Technical Writing - A Guide to Kerberos and NTLM
|
|
- Nelson Goodwin
- 3 years ago
- Views:
Transcription
1 Et Sikrere Windows Miljø Olav Tvedt Deployment Ranger
2 Agenda LM,NTLM,NTLMv2 og Kerberos Raske Tips For Økt Sikkerhet Network Acces Protection
3 LM, NTLM, NTLMv2, Kerberos LM NTLM NTLM v2 Kerberose
4 An Example LM/NTLM Attack I d like to log on as Mark I d like to log on as Mark challenge=39181 challenge=39181 response=t9$wn You congrats, you re logged in Bad guy response=t9$wn congrats, you re logged in
5 NTLMv2 Forbedrer NTLM/LM svakheten Mer unik hash som er sessjons basert Tids stempel for å forhindre replay
6 Når blir LM, NTLM og NTLM v2 brukt Ved IP kommunikasjon istedet for navn Når Tiden er skjeiv Når klienten ikke er kerberos autentisert - Ikke domene medlem o.l. (rare os;-) - Nettverksenheter (Print server o.l.)
7 Unngå LM og NTLM Group Policies / Computer Configuration / Windows Settings / Security Settings / Local Settings / Security Options Send LM & NTLM responses Send LM & NTLM NTLMv2 if negotiated Send NTLM response only Send NTLMv2 response only Send NTLMv2 response only\refuse LM Send NTLMv2 response only\refuse LM & NTLM
8 Kerberos Active Directory bruker Kerberos hvis mulig Helt anderledes enn LM/NTLM/NTLMv2, basert på RFC 1510 og andre Slide 8
9 Kerberos In Pictures Meet our players TOMSPC KDC Tom wants his DC to log him onto his PC and PS his print server
10 Kerberos In Pictures To accomplish that KDC Tom needs something that gives him the right to talk to those servers Tom s DCs create both kinds of tickets That something is called a ticket; there are two kinds ADMIT ONE Service tickets get Tom access to services, like the workstation service on TOMSPC, or the print server service on PS ADMIT ONE ADMIT ONE ST- TWS ST-PS Ticket Granting Tickets give Tom the right to ask the DC to issue him service tickets ADMIT ONE TGT
11 Kerberos Two tickets, two services First you introduce yourself to the KDC by logging on; you only want to have to do this once a day and so you ask the KDC for a ticket to the KDC that s the Ticket-Granting Ticket That is granted by a piece of the KDC called the Authentication Service or AS Once you ve got a TGT, then you can show the TGT to the KDC and say remember me? Now I need a Service Ticket to such-and-such service Service tickets are issued by a different part of the KDC called the Ticket Granting Service or TGS
12 Kerberos Why not just one type of ticket? A Ticket Granting Ticket is like a Service Ticket in that both are tickets that authenticate you to some service But you usually end up with just one TGT and a bunch of STs The reason for two kinds of tickets: under the hood, Kerberos secures every ticket by encrypting some of its data with a password or key
13 Kerberos The fundamental reason why Kerberos is better Lots of tickets would mean lots of data encrypted with your password and that d mean that attackers would have more data they could use to try to figure out your password So and here s the important part what Kerberos gives you in the TGT is essentially just a password for the day Service ticket-related information is encrypted with the password for the day; only TGT-related information is encrypted with your actual password one transaction per day!
14 Sample klist Output C:\>klist tickets Cached Tickets: (2) Server: KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 2/6/2006 4:10:08 Renew Time: 2/12/ :10:08 Server: KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 2/6/2006 4:10:08 Renew Time: 2/12/ :10:08 C:\> 14
15 So is Kerberos secure? Kerberos depends on a few things A good encryption algorithm The longer the key the better Keys that can t be guessed lousy passwords bad random number generator A secure password store i.e. a physically secure DC
16 Weaknesses? Overall, MS s Kerberos seems quite good RC4 isn t great as a crypto algorithm (DES is also an option for those who want it) but neither is it as weak as some would say, except if bad guys get a lot of crypto messages encrypted with the same key; KDC session keys keep this down. Go to 2008 domain functional level, however, and you'll go to 256-bit AES. I have never heard a complaint about the random number generator
17 Vista/2008 Side-Note If you look at a network trace when Vista or 2008 try to do a Kerberos logon, you'll see that the request to the AS for a TGT always fails the first time Vista/2008 deliberately sends a bad packet to find out whether the DC they're talking to can use AES rather than RC4-HMAC for encryption the "you failed" return message from a 2008 DC includes its available encryption abilities by default
18 Troubleshooting Kerb Events You can set Kerberos to log its activity to the System log Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters Add new REG_DWORD value LogLevel, set to 1 Reboot for it to take effect Remember klist and kerbtray as well
19 Creating Kerberos Logs In Parameters, REG_DWORD LogToFile =1 to create an ASCII log file KerbDebugLevel (REG_DWORD) sets the verbosity of the log; Google Kerberos Authentication Tools and Settings for a nifty white paper on all the setting values
20 Raske Tips For Økt Sikkerhet Group Policy settings
21 Group Policy Settings Slå Av Autorun Windows Server 2003 / XP - Computer Policy / Computer Configuration / Administrative Templates / System - Turn off Autoplay Windows Server 2008 / Vista - Computer Policy / Computer Configuration / Administrative Templates / Windows Components / AutoPlay Policies - Turn off Autoplay UAC tuning - Computer Configuration / Policies / Windows Settings / Security Settings / Local Policies / Security Options - User Acces Control:* NTLM tuning -Computer Configuration / Policies / Windows Settings / Security Settings / Local Policies / Security Options - Network Security: LAN Manager Authentication Level - Network Security: Do Not Store LAN Manager Hash Values On Next Password Change
22 Group Policy Settings Bruker tilgang -Computer Configuration / Policies / Windows Settings / Security Settings / Local Policies / User Right Assignment - Access this computer from the network Endre lokale grupper Windows Server Computer Policy / Preferences / Control Panel Settings / Local Users and Groups
23 Network Access Protection
24 Hva er NAP Hjelper med å opprettholde health policiene for nettverkstilgang Health policy godkjenning Health policy oppdatering Begrensett tilgang
25 Når bruke NAP Verifisere statusen på bærbare pc er (Roaming) Verifisere statusen på stasjonære pc er Verifisere statusen på gjeste pc er Verifisere statusen på unmanaged hjemme pc er Virker kun for Windows Server 2008, Windows Vista og Windows XP med Service Pack 3
26 Komponenter i NAP Enforcement Servere og Clienter (ES og EC) SHA og SHV (System Health Agents / System Health Validators) Enforcement komponenter og metoder - HRA (Health Registration Authority) - IPSec - IEEE 802.1x - VPN - DHCP NPS (Network Policy Servers) Remediation Servers Begrenset nettverk (Restricted Network)
27 Enforcement Servere og Clienter NAP Kompatible Klinter og Servere: - Microsoft Windows Server Microsoft Windows Vista - Microsoft Windows XP Service Pack 3
28 SHA og SHV Windows Security Health Agents/Validators Firewall Virus Protection Spyware Protection Automatic Updating Security Update Protection SMSSHA (SCCM2007/SMSv4) Tredjeparts SHA f.esk TCASHA (CA, Inc./eTrust) Egne SHA/SHV Bitlocker Strong Password Registry Settings
29 System Health Agents WSHA Firewall Virus Protection Spyware Protection Automatic Updating Security Update Protection SMSSHA (SCCM2007/SMSv4) CASHA (CA, Inc./eTrust) Custom SHA/SHV? Bitlocker Strong Password Registry Settings
30 IPSec IPSec isolering av nettet Bruker HRA health sertifikat for autentisering Sikreste NAP funksjonen Health Registration Authority Windows Server 2008 IIS Klient sertifikater fra CA
31 IEEE 802.1x Authenticating Ethernet Switch IEEE 802.1x Wireless Access Point
32 VPN Ekstra lag i tillegg til vanlig VPN regler Ikke det samme som Network Access Quarantine Control
33 DHCP Minimum 2 serier med addresser - Begrenset nett - Ubegrenset nett Lease og Renewal
34 NPS NAP Policy server Erstatter RADIUS Server AAA - Authentication - Authorization - Accounting
35 Remediation Servers Tilgjengelig i det begrensede nettverket Medisin server Info Til Klienter Typiske Roler: - Dns - Antivirus Server - Wsus
36 Begrenset nettverk Seperat logisk eller fysisk nettverk Innholder: - Remediation Servers - Klienter som ikke oppfylt policy
37 Hvordan virker NAP 3 Policy Servers such as: Patch, AV 1 2 Windows Client 1 DHCP, VPN Switch/Router Client requests access to network and presents current health state DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS) 2 MSFT NPS Not policy compliant Policy compliant Restricted Network 3 Network Policy Server (NPS) validates against IT-defined health policy If not policy compliant, client is put in a restricted VLAN and given access to fix up 4 resources to download patches, configurations, signatures (Repeat 1-4) 5 If policy compliant, client is granted full access to corporate network 5 4 Corporate Network Fix Up Servers Example: Patch
38 Hvordan virker NAP
39 Hvordan virker NAP
40 Brukerens opplevelse Forståelige meldinger
41 Brukerens opplevelse Forståelige meldinger
42 Remediation Website
This section provides a summary of using network location profiles to identify network connection types. Details include:
Module 7 Network Access and Security In Module 7 students will learn several strategies for controlling network access and enhancing network security. These will include: controlling network location profiles,
More informationMicrosoft Windows Server System White Paper
Introduction to Network Access Protection Microsoft Corporation Published: June 2004, Updated: May 2006 Abstract Network Access Protection, a platform for Microsoft Windows Server "Longhorn" (now in beta
More informationThis module explains how to configure and troubleshoot DNS, including DNS replication and caching.
Module 1: Configuring and Troubleshooting Domain Name System This module explains how to configure and troubleshoot DNS, including DNS replication and caching. Configuring the DNS Server Role Configuring
More informationAdministering Windows Server 2012
Administering Windows Server 2012 Course Summary Configuring and Troubleshooting Domain Name System Maintaining Active Directory Domain Services Managing User and Service Accounts Implementing a Group
More informationWindows Server 2008 R2
Windows Server 2008 R2 Olav Tvedt olav@tvedt.info TVEDT.info 10/2/2009 1 Agenda Direct Acces Remote Desktop Services Group Policyer 10/2/2009 2 Direct Access Teknologier i bruk IPv6 Isatap 6To4 Teredo
More informationMCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security
More information70-685: Enterprise Desktop Support Technician
70-685: Enterprise Desktop Support Technician Course Introduction Course Introduction Chapter 01 - Identifying Cause and Resolving Desktop Application Issues Identifying Cause and Resolving Desktop Application
More informationWindows 7, Enterprise Desktop Support Technician
Windows 7, Enterprise Desktop Support Technician Course Number: 70-685 Certification Exam This course is preparation for the Microsoft Certified IT Professional (MCITP) Exam, Exam 70-685: Pro: Windows
More information411-Administering Windows Server 2012
411-Administering Windows Server 2012 Course Duration: 5 Days Module 1: Configuring and Troubleshooting Domain Name System This module explains how to configure and troubleshoot DNS, including DNS replication
More informationMS 6421 Configuring and Troubleshooting a Windows Server 2008 Infrastructure
MS 6421 Configuring and Troubleshooting a Windows Server 2008 Infrastructure Description: Days: 5 Prerequisites: This five-day instructor-led course provides students with the knowledge and skills to configure
More informationAdministering Windows Server 2012
Course 20411D: Administering Windows Server 2012 Course Details Course Outline Module 1: Configuring and Troubleshooting Domain Name System This module explains how to configure and troubleshoot DNS, including
More informationModule 1: Overview of Network Infrastructure Design This module describes the key components of network infrastructure design.
SSM6435 - Course 6435A: Designing a Windows Server 2008 Network Infrastructure Overview About this Course This five-day course will provide students with an understanding of how to design a Windows Server
More informationKerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?).
Kerberos Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). 1 Kerberos Kerberos is an authentication protocol and a software suite implementing this
More informationAdministering Windows Server 2012
20411D - Version: 1 25 June 2016 Administering Windows Server 2012 Administering Windows Server 2012 20411D - Version: 1 5 days Course Description: Get hands-on instruction and practice administering Windows
More information70-642 R4: Configuring Windows Server 2008 Network Infrastructure
70-642 R4: Configuring Windows Server 2008 Network Infrastructure Course Introduction Chapter 01 - Understanding and Configuring IP Lesson: Introducing the OSI Model Understanding the Network Layers OSI
More informationWindows 7. Noen nyheter. Olav Tvedt, Deployment Ranger Microsoft
Windows 7 Noen nyheter Olav Tvedt, Deployment Ranger Microsoft Agenda Sikkerhet for mobile brukere Bitlocker Bitlocker to go Applocker Branch Cache Sikkerhet For Mobile Brukere Securing Anywhere Access
More informationTech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks
Tech Brief Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Introduction In today s era of increasing mobile computing, one of the greatest challenges
More information70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network
70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites
More informationConfiguring and Troubleshooting a Windows Server 2008 Network Infrastructure (6421B)
Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure (6421B) Overview This five-day instructor-led course provides students with the knowledge and skills to configure and troubleshoot
More informationAdministering Windows Server 2012
Course 20411C Administering Windows Server 2012 Course Length: 5 days Overview Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2, in this 5-day Microsoft
More informationDesigning a Windows Server 2008 Network Infrastructure
Designing a Windows Server 2008 Network Infrastructure MOC6435 About this Course This five-day course will provide students with an understanding of how to design a Windows Server 2008 Network Infrastructure
More informationAdministering Windows Server 2012
www.etidaho.com (208) 327-0768 Course 20411D: Administering Windows Server 2012 5 Days About this Course Get hands on instruction and practice administering Windows Server 2012, including Windows Server
More informationKerberos on z/os. Active Directory On Windows Server 2008. William Mosley z/os NAS Development. December 2011. Interaction with. wmosley@us.ibm.
Kerberos on z/os Interaction with Active Directory On Windows Server 2008 + William Mosley z/os NAS Development wmosley@us.ibm.com December 2011 Agenda Updates to Windows Server 2008 Setting up Cross-Realm
More informationMicrosoft Windows Server 2008: MS-6435 Designing Network and Applications Infrastructure MCITP 6435
coursemonster.com/au Microsoft Windows Server 2008: MS-6435 Designing Network and Applications Infrastructure MCITP 6435 View training dates» Overview This course will provide students with an understanding
More informationConfiguring Windows Server 2008 Network Infrastructure
Configuring Windows Server 2008 Network Infrastructure Course Number: 70-642 Certification Exam This course is preparation for the Microsoft Technical Specialist (TS) exam, Exam 70-642: TS: Windows Server
More informationAbout the Authors About the Technical Editor
Acknowledgments p. xiii About the Authors p. xv About the Technical Editor p. xix Foreword p. xxi Planning Platform Security p. 1 Reviewing the Gore Security Principles p. 2 Planning a Secure Platform
More informationConfiguring Authentication for Microsoft Windows
Chapter 4 Configuring Authentication for Microsoft Windows In this chapter: Storing and Transmitting Credentials..............................69 Storing Secrets in Windows......................................83
More informationAdministering Windows Server 2012
Administering Windows Server 2012 Course Details Duration: Course code: 5 Days M20411 Overview: Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2,
More informationWhat s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4
Page 1 Product Bulletin What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4 This document lists the new features available in Version 6.4 of the Secure Access SSL VPN product line. This
More informationMS 70-411 Exam Objectives Administering Windows Server 2012 R2
MS 70-411 Exam Objectives Administering Windows Server 2012 R2 Below are the exam objectives for Administering Windows Server 2012 R2 Exam 70-411 Tasks measured as per latest update implemented in January
More informationMOC 6435A Designing a Windows Server 2008 Network Infrastructure
MOC 6435A Designing a Windows Server 2008 Network Infrastructure Course Number: 6435A Course Length: 5 Days Certification Exam This course will help you prepare for the following Microsoft exam: Exam 70647:
More informationDeploying BitDefender Client Security and BitDefender Windows Server Solutions
Deploying BitDefender Client Security and BitDefender Windows Server Solutions Quick Install Guide Copyright 2011 BitDefender 1. Installation Overview Thank you for selecting BitDefender Business Solutions
More informationWindows 7, Enterprise Desktop Support Technician
Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse
More informationAdministering Windows Server 2012
Course 20411C: Administering Windows Server 2012 Page 1 of 8 Administering Windows Server 2012 Course 20411C: 4 days; Instructor-Led Introduction Get hands-on instruction and practice administering Windows
More informationTroubleshooting Kerberos Encryption Types
Troubleshooting Kerberos Encryption Types Author: Nathan Park (npark@pingidentity.com) Last update: 2013.12.12 Summary: Troubleshooting Kerberos encryption types can be made easier with a few widely-available
More informationWindows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led
Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led
More informationMS-50292 - MCITP: Windows 7 Enterprise Desktop Support Technician Boot Camp
MS-50292 - MCITP: Windows 7 Enterprise Desktop Support Technician Boot Camp Table of Contents Introduction Audience At Completion Prerequisites Microsoft Certified Professional Exams Student Materials
More informationCOURSE 20411D: ADMINISTERING WINDOWS SERVER 2012
ABOUT THIS COURSE Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2, in this five-day Microsoft Official course. This course is part two in a series
More informationBuild Your Knowledge!
About this Course Get hands-on instruction and practice administering, including R2, in this five-day Microsoft Official Course. This course is part two in a series of three courses that provides the skills
More informationCourse 20411. Administering Windows Server 2012. About this Course. Level: 200 Technology: Windows Server 2012
Course 20411 Administering Windows Server 2012 Length: 5 Days Language(s): English Audience(s): IT Professionals Level: 200 Technology: Windows Server 2012 Type: Course Delivery Method: Instructor-led
More informationUsing Integrated Windows Authentication with Websense Content Gateway, v7.6
Using Integrated Windows Authentication with Websense Content Gateway, v7.6 Websense Support Webinar August 2011 web security data security email security Support Webinars 2009 Websense, Inc. All rights
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationAdministering Windows Server 2012
Course Code: M20411 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Administering Windows Server 2012 Overview Get hands-on instruction and practice administering Windows Server 2012, including
More informationWindows Server 2012 R2 Certification
About this Course Administering Windows Server 2012 Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2, in this five-day Microsoft Official Course.
More informationAdministering Windows Server 2012
WINDOWS 2012 COURSE OUTLINE Visit Our Website to Enroll Now Www.ITBigBang.Com/IT-Training Administering Windows Server 2012 Course Title Administering Windows Server 2012 Course Code 20411D Days / Duration
More information1. Installation Overview
Quick Install Guide 1. Installation Overview Thank you for selecting Bitdefender Business Solutions to protect your business. This document enables you to quickly get started with the installation of Bitdefender
More information"Charting the Course... ... to Your Success!" MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary
Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test
More informationSecurity Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation
Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified
More informationAdministering Windows Server 2012 (20411) H4D01S
HP Education Services course data sheet Administering Windows Server 2012 (20411) H4D01S Course Overview This course is part two of a series of three courses. Through this series you will gain the skills
More informationSecurity and Compliance. Robert Nottoli Principal Technology Specialist Microsoft Corporation robnotto@microsoft.com
Security and Compliance Robert Nottoli Principal Technology Specialist Microsoft Corporation robnotto@microsoft.com DISCLAIMER FOR DOCUMENTATION REGARDING PRE-RELEASED SOFTWARE This document supports a
More informationTraining Name Installing and Configuring Windows Server 2012
Training Name Installing and Configuring Windows Server 2012 Exam Code 70 410 At Course Completion After completing this course, students will be able to: Install and configure Windows Server 2012. Describe
More informationAdministering Windows Server 2012
Course 20411D: Administering Windows Server 2012 Page 1 of 8 Administering Windows Server 2012 Course 20411D: 4 days; Instructor-Led Introduction Get hands-on instruction and practice administering Windows
More informationAV-006: Installing, Administering and Configuring Windows Server 2012
AV-006: Installing, Administering and Configuring Windows Server 2012 Career Details Duration 105 hours Prerequisites This course requires that student meet the following prerequisites, including that
More information1. Introduction to DirectAccess. 2. Technical Introduction. 3. Technical Details within Demo. 4. Summary
1. Introduction to DirectAccess 2. Technical Introduction 3. Technical Details within Demo 4. Summary Section 2: Technical Introduction Solution Overview Compliant Client Compliant Client Internet
More informationConfiguring and Troubleshooting a Windows Server 2008 Network Infrastructure
Course 6421B: Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure Length: Language(s): Audience(s): 5 Days English Level: 200 IT Professionals Technology: Windows Server 2008 Type:
More informationCourse Outline. Course 6421B : Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure
Course 6421B : Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure Duration: 5 Days What you will learn This five-day instructor-led course provides students with the knowledge
More informationWindows 7, Enterprise Desktop Support Technician
MS50331 Längd: 5 dagar Windows 7, Enterprise Desktop Support Technician Detta är den bredaste, mest djuplodande kursen för dig som arbetar som Supporttekniker och behöver vara champion på Windows när frågorna
More informationWindows Advanced Audit Policy Configuration
Windows Advanced Audit Policy Configuration EventTracker v7.x Publication Date: May 6, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This document describes auditing
More informationThe safer, easier way to help you pass any IT exams. Exam : 70-411. Administering Windows Server 2012. Title : Version : V16.
Exam : 70-411 Title : Administering Windows Server 2012 Version : V16.02 1 / 8 1.DRAG DROP Your network contains an Active Directory forest named contoso.com. The forest contains a Network Policy Server
More informationx900 Switch Access Requestor
Network Security Solutions Implementing Network Access Control (NAC) Tested Solution: Protecting your network with Microsoft Network Access Protection (NAP) and Switches Today s networks increasingly require
More informationDIRECTACCESS FEATURE IN WINDOWS 7
DIRECTACCESS FEATURE IN WINDOWS 7 What is DirectAccess DirectAccess is an always on connection to our remote private network, regardless of where we are. Starting from Windows 7 and Windows Server 2008
More informationWindows Attack - Gain Enterprise Admin Privileges in 5 Minutes
Windows Attack - Gain Enterprise Admin Privileges in 5 Minutes Compass Security AG, Daniel Stirnimann Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel +41 55-214 41 60 Fax +41
More informationUnderstanding the Cisco VPN Client
Understanding the Cisco VPN Client The Cisco VPN Client for Windows (referred to in this user guide as VPN Client) is a software program that runs on a Microsoft Windows -based PC. The VPN Client on a
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationNetwork Access Control ProCurve and Microsoft NAP Integration
HP ProCurve Networking Network Access Control ProCurve and Microsoft NAP Integration Abstract...2 Foundation...3 Network Access Control basics...4 ProCurve Identity Driven Manager overview...5 Microsoft
More informationNE-20411D Administering Windows Server 2012
NE-20411D Administering Windows Server 2012 Summary Duration Vendor Audience 5 Days Microsoft IT Professionals Published Level Technology 13 May 2014 200 Windows Server 2012 Delivery Method Instructor-led
More information6421B - Windows Server 2008 R2 Network Infrastructure
Configuring and Troubleshooting a Windows Server 2008 R2 Network Infrastructure Introduction This five-day instructor-led course provides students with the knowledge and skills to configure and troubleshoot
More informationDirectAccess in Windows 7 and Windows Server 2008 R2. Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team
DirectAccess in Windows 7 and Windows Server 2008 R2 Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team 0 Introduction to DirectAccess Increasingly, people envision a world
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationConfiguring & Troubleshooting Windows 2008 Server 2008 Network Infrastructure
About this Course Configuring & Troubleshooting Windows T This five-day instructor-led course provides students with the knowledge and skills to configure and troubleshoot Windows Server 2008 and Windows
More informationInstallation Overview
Contents Installation Overview... 2 How to Install Ad-Aware Management Server... 3 How to Deploy the Ad-Aware Security Solutions... 5 General Deployment Conditions... 5 Deploying Ad-Aware Management Agent...
More informationEXAM - 70-980. Recertification for MCSE: Server Infrastructure. Buy Full Product. http://www.examskey.com/70-980.html
Microsoft EXAM - 70-980 Recertification for MCSE: Server Infrastructure Buy Full Product http://www.examskey.com/70-980.html Examskey Microsoft 70-980 exam demo product is here for you to test the quality
More information"Charting the Course... MOC 20411 D Administering Windows Server 2012. Course Summary
Course Summary Description Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2, in this five-day Microsoft Official Course. This course is part two
More informationActuality of SMBRelay in Modern Windows Networks
Actuality of SMBRelay in Modern Windows Networks Ares, April 2012 intercepter.mail@gmail.com http://sniff.su Intro I first came across SMBRelay in the middle of 2000s and the experience was unsatisfying..
More informationNetwork Access Security It's Broke, Now What? June 15, 2010
Network Access Security It's Broke, Now What? June 15, 2010 Jeffrey L Carrell Network Security Consultant Network Conversions SHARKFEST 10 Stanford University June 14-17, 2010 Network Access Security It's
More informationCourse Outline: 6435- Designing a Windows Server 2008 Network Infrastructure
Course Outline: 6435- Designing a Network Infrastructure Learning Method: Instructor-led Classroom Learning Duration: 5.00 Day(s)/ 40 hrs Overview: This five-day course will provide students with an understanding
More informationIntroducing the FirePass and Microsoft Exchange Server configuration
Deployment Guide Deploying Microsoft Exchange Server/Outlook Web Access and F5 s FirePass Controller Introducing the FirePass and Microsoft Exchange Server configuration Welcome to the FirePass Exchange
More informationAdministering Windows Server 2012 Course M20411 5 Day(s) 30:00 Hours
Área de formação Plataforma e Tecnologias de Informação Administering Windows Introduction Get hands-on instruction and practice administering Windows, including Windows R2, in this five-day Microsoft
More informationHow to Efficiently Protect Active Directory from Credential Theft & Large Scale Compromise
How to Efficiently Protect Active Directory from Credential Theft & Large Scale Compromise An Approach Based on Real-World Expertise Friedwart Kuhn, fkuhn@ernw.de Digital unterschrieben von Friedwart Kuhn
More informationMicrosoft 6421 - Configure and Troubleshoot Windows Server 2008 Network Infrastructure
1800 ULEARN (853 276) www.ddls.com.au Microsoft 6421 - Configure and Troubleshoot Windows Server 2008 Network Infrastructure Length 5 days Price $4169.00 (inc GST) Overview This five-day instructor-led
More informationCLEARPASS ONGUARD CONFIGURATION GUIDE
CONFIGURATION GUIDE REVISION HISTORY Revised By Date Changes Dennis Boas July 2015 Version 1 initial release TABLE OF CONTENTS... 1 INTRODUCTION... 3 CONFIGURATION WORKFLOW... 4 CONFIGURE POSTURE POLICIES...
More informationSygate Secure Enterprise and Alcatel
Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and
More information20411 - Administering Windows Server 2012
20411 - Administering Windows Server 2012 Duration: 5 Days Course Price: $2,975 Software Assurance Eligible Course Description Course Overview Get hands-on instruction and practice administering Windows
More informationOperating System Security
Operating System Security Klaus Schütz Windows OS Security Microsoft Redmond Before I start My VP love(d) me A frustrated friend 1 Agenda Evolution of Threats Client vs. Server Security Operating System
More informationUse the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.
Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7. 1. Click the Windows Start button, then Control Panel How-To-WCC-Secure-Windows-7-11/4/2010-4:09
More informationHow To Boot A Cisco Ip Phone From A Cnet Vlan To A Vlan On A Cpower Box On A Ip Phone On A Network With A Network Vlan (Cisco) On A Powerline (Ip Phone) On An
IP Telefoni DHCP Options VLANs Understanding the Cisco IP Phone Boot Process The Cisco IP Phone connects to an Ethernet switchport. If the IP phone and switch support PoE, the IP phone receives power through
More informationWindows Assessment. Vulnerability Assessment Course
Windows Assessment Vulnerability Assessment Course All materials are licensed under a Creative Commons Share Alike license. http://creativecommons.org/licenses/by-sa/3.0/ 2 Agenda Windows Security Overview
More informationCourse 20411D: Administering Windows Server 2012
Course 20411D: Administering Windows Server 2012 Five Days, Instructor Led About this course Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2, in
More informationModule 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! 50331 - Windows 7, Enterprise Desktop Support Technician Duration: 5 days About this Course This five-day
More informationWindows Vista: Connecting to the fastnsecure@hood wireless network at Hood College
Windows Vista: Connecting to the fastnsecure@hood wireless network at Hood College Please ensure your computer meets the following criteria in order to successfully make a connection to this network: 802.11n
More informationRelease Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues
NCP Secure Entry Mac Client Service Release 2.05 Build 14711 December 2013 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this release:
More informationIT SYSTEMS ADMINISTRATOR PROGRAM
NH204-1011 Installing, Configuring & Administrating 136 Total Hours Windows Server 2012 COURSE TITLE: Installing, Configuring & Administrating Windows Server 2012 COURSE OVERVIEW: After completing this
More informationWindows Server. Introduction to Windows Server 2008 and Windows Server 2008 R2
Copyright 2006-2013 MilliByte SS Windows Server DƏRS Introduction to Windows Server 2008 and Windows Server 2008 R2 Functionality of Windows Server 2008 Windows Server 2008 Editions 1 Microsoft Hyper-V
More informationMobile Network Access Control
Mobile Network Access Control Extending Corporate Security Policies to Mobile Devices WHITE PAPER Executive Summary Network Access Control (NAC) systems protect corporate assets from threats posed by devices
More informationHow to speed up IDENTIKEY DNS lookup of the Windows Logon DAWL client on Windows 7?
KB 150103 How to speed up IDENTIKEY DNS lookup of the Windows Logon DAWL client on Windows 7? Creation date: 27/05/2013 Last Review: 28/06/2013 Revision number: 2 Document type: How To Security status:
More informationCourse 20411B: Administering Windows Server 2012
Course 20411B: Administering Windows Server 2012 Length: 5 Days Published: January 04, 2013 Language(s): English Audience(s): IT Professionals Level: 200 Technology: Windows Server 2012 Type: Course Delivery
More informationWorking Together - Your Apple Mac and Microsoft Windows
Contains information about complex concepts and /or requires technical knowledge to get the most out of the article. Aimed at the more experienced / ambitious ICT manager or accidental techie. Working
More informationMcAfee Firewall Enterprise 8.2.1
Configuration Guide FIPS 140 2 Revision A McAfee Firewall Enterprise 8.2.1 The McAfee Firewall Enterprise FIPS 140 2 Configuration Guide, version 8.2.1, provides instructions for setting up McAfee Firewall
More informationActive Directory and Oxford Single Sign-On
Active Directory and Oxford Single Sign-On Bridget Lewis ICTST Adrian Parks OUCS 21 st June 2007 1 Aim How to link Active Directory to the Oxford Kerberos Single sign-on (SSO) infrastructure What is Kerberos?
More information