Security identifiers (Windows 10) - Windows security Nov. 8, 2021, 10:04 a.m.

A security identifier (SID) is used to uniquely identify a security principal or security group. Security principals can represent any entity that can be authenticated by the operating system, such as a user account, a computer account, or a thread or process that runs in the security context of a user or computer account.

windows security

Well-known SIDs Nov. 8, 2021, 10:03 a.m.

Well-known security identifiers (SIDs) identify generic groups and generic users. There are universal well-known SIDs, which are meaningful on all secure systems using this security model, and well-known SIDs that are meaningful only on Windows systems.

windows security

User Rights Assignment (Windows 10) - Windows security Nov. 8, 2021, 10:02 a.m.

Provides an overview and links to information about the User Rights Assignment security policy settings user rights that are available in Windows. User rights govern the methods by which a user can log on to a system. User rights are applied at the local device level, and they allow users to perform tasks on a device or in a domain. User rights include logon rights and permissions. Logon rights control who is authorized to log on to a device and how they can log on. User rights permissions control access to computer and domain resources, and they can override permissions that have been set on specific objects.

windows security

Microsoft Defender for Endpoint (mdatp) on Debian Sid Nov. 8, 2021, 9:10 a.m.

I've spent quite a few hours learning how to wrangle auditd around exclusions. Here's what I've learned.

linux security

Managing Access Control with Desired State Configuration Sept. 15, 2021, 11:13 a.m.

Over the summer, the PowerShell Access Control module got some DSC resources to help manage security descriptors for for some of the supported object types. The module includes three resources: cAccessControlEntry, cSecurityDescriptorSddl, and cSecurityDescriptor.

windows powershell security dsc

Everything PKI Oct. 14, 2019, 5:10 p.m.

PKI is really powerful, and really interesting. The math is complicated, and the standards are stupidly baroque, but the core concepts are actually quite simple. Certificates are the best way to identify code and devices, and identity is super useful for security, monitoring, metrics, and a million other things. Using certificates is not that hard. No harder than learning a new language or database. It’s just slightly annoying and poorly documented. This is the missing manual.

read later security encryption certificates

YubiKey Smart Card Deployment Guide Oct. 9, 2019, 9:01 a.m.

The YubiKey Minidriver is designed to function in a Windows Server and Client environment configured for smart card authentication. Ensuring your deployment is set up properly is a crucial element of the initial planning for the YubiKey Minidriver deployment.

windows active directory security 2fa yubikey

Elliptic Curve Cryptography Explained Oct. 9, 2019, 8:49 a.m.

Recently, I am learning how Elliptic Curve Cryptography works. I searched around the internet, found so many articles and videos explaining it. Most of them are covering only a portion of it, some of them skip many critical steps how you get from here to there. In the end, I didn’t find an article that really explains it from end-to-end in an intuitive way. With that in mind, I would like to write a post explaining Elliptic Curve Cryptography, cover from the basics to key exchange, encryption, and decryption.

read later security encryption

OpenSSL Quick Reference Guide Sept. 18, 2019, 3:07 p.m.

OpenSSL is an open-source command line tool that is commonly used to generate private keys, create CSRs, install your SSL/TLS certificate, and identify certificate information. We designed this quick reference guide to help you understand the most common OpenSSL commands and how to use them.

documentation security certificates

Active Directory - How to Enable LDAPS Using Self-Signed Certificates Sept. 18, 2019, 3 p.m.

To enable LDAP over SSL (LDAPS) all you need to do is "install" an SSL certificate on the Active Directory server. Most enterprises will opt to purchase an SSL certificate from a 3rd Party like Verisign. In my case, I created my own certificate using OpenSSL. Here are the steps I used to secure my Active Directory server using a self signed certificate.

windows security ldap certificates

Building an Enterprise Root Certification Authority in Small and Medium Businesses Sept. 18, 2019, 2:46 p.m.

This step-by-step guide will help you set up a public key certification authority (CA) in a network with servers running Microsoft Windows Server 2003 operating systems.

windows security windows server 2003 certificates

Deploying an Enterprise Root Certificate Authority Sept. 5, 2019, 12:21 p.m.

Setting up an Enterprise Root Certificate Authority isn’t a task that you’ll complete on a regular basis and something I think I’ve done twice, maybe 3 times, ever. Each time I forget what I did previously and you can guarantee I’m using a different version of Windows Server each time.

windows security

OpenVPN Access Server: Authentication options and command line configuration Sept. 5, 2019, 11:48 a.m.

In the Admin UI under “Authentication" it is possible to select one of 4 methods for authenticating user credentials; LOCAL, PAM, RADIUS or RADIUS. This can be done by changing the configuration key auth.module.type. This configuration key is not optional and is by default set to PAM. With LDAP and RADIUS additional settings are required to be able to authenticate users, for example which server to contact and any required shared secret code to be able to access the external authentication backend.

networking documentation security openvpn

LDAP Authentication Primer Sept. 5, 2019, 11:44 a.m.

This document provides background on what LDAP authentication is, what specific LDAP authentication methods and mechanisms Active Directory and more specifically the NETID domain supports, and finally gives some guidance on which method and mechanism you should use.

windows security ldap

Are you using LDAP over SSL/TLS? Sept. 5, 2019, 11:42 a.m.

Today, many applications and devices connect to Active Directory over LDAP. Many of those are still performing insecure LDAP “simple binds” where credentials are transferred in clear text over the network. Those exposed credentials typically include the “service account” used to connect to LDAP, but also include the user credentials used during the application login.

Also note that the terms “LDAP over SSL” and “LDAP over TLS” are used interchangeably. By default, LDAP communications between client and server applications are not encrypted. This is especially problematic when an LDAP simple bind is used.

windows security ldap

Creating Custom Secure LDAP Certificates for Domain Controllers with Auto Renewal Sept. 4, 2019, 12:15 p.m.

The primary reason for enabling this functionality is to allow third-party applications that aren’t capable of performing secure binds or encrypted LDAP sessions (over TCP 389) to connect securely.

windows active directory security

Identifying Clear Text LDAP binds to your DC’s Sept. 4, 2019, 12:15 p.m.

The core of the issue is this, when an application performs a simple LDAP bind, the username and password is transmitted in clear text in the very first packet. The DC doesn't even have a chance to prevent this exposure from occurring.  If this connection is not encrypted at a lower layer such as TLS or IPSec, it may be intercepted and a bad day may soon follow.

windows active directory security ldap

How Healthy is your LAPS Environment? April 6, 2019, 3:41 p.m.

LAPS is easy to deploy and works great. The challenge comes in knowing if it’s actually working. How do you know if your machines have ever set the password? Or maybe they set it once and haven’t updated it since even though it’s past the designated expiration date? It’s definitely worth monitoring to ensure that your machines are operating as expected. Jiri Formacek (the creator of LAPS), threw together a small PowerShell script to provide that capability.

windows active directory security

Implementing LAPS – My way | Secure Identity April 3, 2019, 3:37 p.m.

Local Administrator Password Solution (LAPS) has been around for a while and last year it became an official supported tool by Microsoft. Since there are so many articles about it, I would like to share my tweaks. I decided to create my own LDF file to extend the schema with this two attributes because I feel that a few things are missing.

windows active directory security

Security Overview of AWS Lambda March 22, 2019, 4:15 p.m.

This whitepaper presents a deep dive of the AWS Lambda service through a security lens. It provides a well-rounded picture of the service, which can be useful for new adopters, as well as deepening understanding of AWS Lambda for current users.

security aws lambda