Ing. Ondrej Sevecek Windows Server Product Manager GOPAS a.s.
|
|
- Ashlee Edwards
- 5 years ago
- Views:
Transcription
1 Kerberos Delegation aka double hop Ing. Ondrej Sevecek Windows Product Manager GOPAS a.s. MCM:Directory MVP:Enteprise Security Certified Ethical Hacker Certified Hacking Forensic Investigator CISA
2 SSO (single-sign-on) Minimize use of secure authentication information ISO/IEC Limits password/pin exposure Limits user's incentives to store passwords on local systems or write them down
3 Network authentication Client Secure Channel
4 Delegation (double-hop) Client Back-end
5 Network authentication risks Clear text password? Client Weak password hash?
6 Delegation (double-hop) Client Back-end
7 Access under service account svc- Client Kamil svc- Back-end
8 Access under the front-end client user account svc- Client Kamil Kamil Back-end
9 Basic delegation LSASS password Client password Kerberos Back-end
10 Basic delegation LSASS password Client password Kerberos Back-end normal TGT Kamil encrypted TGS:Kamil:BackEnd
11 Kerberos unconstrained delegation
12 Trust this user/computer for delegation to any service (Kerberos only) useraccountcontrol flag ADS_UF_TRUSTE D_FOR_DELEGATI ON = = 0x80000
13 Kerberos unconstrained delegation (DFL 2000+) LSASS F:TGT Client F:TGT Kerberos Back-end
14 Kerberos unconstrained delegation (DFL 2000+) LSASS F:TGT Client F:TGT TGS:Kamil:BackEnd Back-end F:TGT encrypted TGS:Kamil:BackEnd
15 Kerberos constrained delegation
16 Trust this user/computer for delegation to specified services only (use Kerberos only) msds- AllowedToDelegateTo attribute
17 Kerberos constrained delegation (DFL 2003+) LSASS TGS:Kamil: Client TGS:Kamil: Kerberos Back-end
18 Kerberos constrained delegation (DFL 2003+) LSASS TGS:Kamil: Client TGS:Kamil: TGS:Kamil:BackEnd Back-end encrypted TGS:Kamil:BackEnd
19 Constrained delegation requirements account must read tokengroupsglobalanduniversal attribute Windows Authorization Access Group (WAAG) Client user account must not have delegation prohibited useraccountcontrol attribute ADS_UF_NOT_DELEGATED = = 0x100000
20 Best practice hints for Kerberos constrained delegation Full restart of the always Static TCP port for SQL servers always member of WAAG Constrained delegation to SMB does work only for running under SYSTEM account or with IIS kernel mode authentication or with protocol transition regardless of account Delegation to SQL does not work with IIS kernel mode authentication With DFL 2003 explicitly disable AES for the Protect sensitive accounts against being delegated
21 Account is sensitive and cannot be delegated useraccountcontrol flag ADS_UF_NOT_DELEGATED = = 0x100000
22 The delegation tab is not visible unless there is at least one SPN of any kind
23 Kerberos constrained delegation with protocol transition
24 Trust this user/computer for delegation to specifies services only (use any authentication protocol) msds- AllowedToDelegateTo attribute + useraccountcontrol flag ADS_UF_TRUSTED_FO R_DELEGATION = = 0x80000
25 Kerberos protocol transition (DFL 2003+) LSASS nothing Client anything NTLM Kerberos Back-end retina questions
26 Kerberos protocol transition (DFL 2003+) LSASS nothing Client anything NTLM TGS:Kamil:BackEnd Back-end retina questions encrypted nothing TGS:Kamil:BackEnd
27 Protocol transition requirements must have user right Act as part of operating system (SetTcbPrivilege) must have the Impersonate client after authentication (SeImpersonatePrivilege) user right C2WTS additional requirements C2WTS must have the Create global objects (SeCreateGlobalPrivilege) user right C2WTS must be running under SYSTEM or member of local Administrators group then does not need the SeTcbPrivilege
28 Security implications of protocol transition (use any authentication protocol)
29 Learn at gopas GOC171 - Active Directory Troubleshooting GOC172 - Kerberos Troubleshooting ondrej@sevecek.com
TLS Client Certificate and Smart Card Logon
TLS and Smart Card Logon Ing. Ondřej Ševeček GOPAS a.s. MCSM:Directory2012 MCM:Directory2008 MVP:Enterprise Security CEH: Certified Ethical Hacker CHFI: Computer Hacking Forensic Investigator CISA ondrej@sevecek.com
More informationMCSM:Directory2012 MCM:Directory2008 MVP:Enterprise Security Certified Ethical Hacker CISA.
NTLM Ing. Ondřej Ševeček GOPAS a.s. MCSM:Directory2012 MCM:Directory2008 MVP:Enterprise Security Certified Ethical Hacker CISA ondrej@sevecek.com www.sevecek.com GOPAS: info@gopas,cz www.gopas.cz www.facebook.com/p.s.gopas
More informationWindows Authentication Concepts
Windows Authentication Concepts Ing. Ondřej Ševeček GOPAS a.s. MCSM:Directory2012 MCM:Directory2008 MVP:Enterprise Security CEH: Certified Ethical Hacker CHFI: Computer Hacking Forensic Investigator CISA
More informationWeb Application Proxy
Application Proxy Ing. Ondřej Ševeček GOPAS a.s. MCSM:Directory2012 MCM:Directory2008 MVP:Enterprise Security CEH: Certified Ethical Hacker CHFI: Computer Hacking Forensic Investigator ondrej@sevecek.com
More informationUEFI, SecureBoot, DeviceGuard, TPM a WHB (un)related technologies
GOLD PARTNER: Hlavní partner: Hlavní odborný partner: UEFI, SecureBoot, DeviceGuard, TPM a WHB (un)related technologies Ing. Ondřej Ševeček GOPAS a.s. MCSM:Directory MVP:Security CISA CISM CEH CHFI ondrej@sevecek.com
More informationOndřej Ševeček PM Windows Server GOPAS a.s. MCM: Directory Services MVP: Enterprise Security
Ondřej Ševeček PM Windows Server GOPAS a.s. MCM: Directory Services MVP: Enterprise Security ondrej@sevecek.com www.sevecek.com KERBEROS Why Kerberos Stronger authentication About 10 times Limited attack
More informationFUNCTIONAL LEVELS AND FSMO
Ondřej Ševeček GOPAS a.s. MCM: Directory Services MVP: Enterprise Security CISA ondrej@sevecek.com www.sevecek.com FUNCTIONAL LEVELS AND FSMO Active Directory Troubleshooting FUNCTIONAL LEVELS Domain vs.
More informationCERTIFICATES AND CRYPTOGRAPHY
Ing. Ondřej Ševeček GOPAS a.s. MCM: Directory Services MVP: Enterprise Security Certified Ethical Hacker ondrej@sevecek.com www.sevecek.com CERTIFICATES AND CRYPTOGRAPHY Advanced Windows Security MOTIVATION
More informationComputers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady
Computers Gone Rogue Abusing Computer Accounts to Gain Control in an Active Directory Environment Marina Simakov & Itai Grady Motivation Credentials are a high value target for attackers No need for 0-day
More informationWebthority can provide single sign-on to web applications using one of the following authentication methods:
Webthority HOW TO Configure Web Single Sign-On Webthority can provide single sign-on to web applications using one of the following authentication methods: HTTP authentication (for example Kerberos, NTLM,
More informationActive Directory Attacks and Detection Part -II
Active Directory Attacks and Detection Part -II #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos Key Takeaways How to
More informationACTIVE DIRECTORY OVERVIEW
Ondřej Ševeček GOPAS a.s. MCM: Directory Services MVP: Enterprise Security CISA ondrej@sevecek.com www.sevecek.com ACTIVE DIRECTORY OVERVIEW Active Directory Troubleshooting NETWORK SERVICES Central Database
More informationActive Directory Security: The Journey. Sean Metcalf s e a n TrimarcSecurity.com TrimarcSecurity.
Active Directory Security: The Journey Sean Metcalf (@Pyrotek3) s e a n [@] TrimarcSecurity.com www.adsecurity.org TrimarcSecurity.com ABOUT Founder Trimarc (Trimarc.io), a professional services company
More informationMCM:Directory MVP:Enterprise Security CEH:Certified Ethical Hacker CHFI: Computer Hacking Forensic Investigator
Basic Monitors Ing. Ondřej Ševeček GOPAS a.s. MCM:Directory MVP:Enterprise Security CEH:Certified Ethical Hacker CHFI: Computer Hacking Forensic Investigator ondrej@sevecek.com www.sevecek.com GOPAS: info@gopas,cz
More informationKEY ARCHIVAL AND OCSP
Ondřej Ševeček PM Windows Server GOPAS a.s. MCM: Directory Services MVP: Enterprise Security ondrej@sevecek.com www.sevecek.com KEY ARCHIVAL AND Outline Key Archival Online Certificate Status Protocol
More informationModules Installation and Updating - SharePoint Page 0 of 23
Modules Installation and Updating - SharePoint Page 0 of 23 Document Name: One Time Configurations Inside QEF - Modules Installation and 11 July 2016 0 / 23 1 Contents 1 Preface... 2 2 Prerequisites...
More informationActive Directory Attacks and Detection Part -III
Active Directory Attacks and Detection Part -III #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos Key Takeaways Abusing
More informationActive Directory Security: The Journey. Sean Metcalf s e a n TrimarcSecurity.com TrimarcSecurity.
Active Directory Security: The Journey Sean Metcalf (@Pyrotek3) s e a n [@] TrimarcSecurity.com www.adsecurity.org TrimarcSecurity.com ABOUT Founder Trimarc, a security company. Microsoft Certified Master
More informationKerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1810
Kerberos Constrained Delegation Authentication for SEG V2 VMware Workspace ONE UEM 1810 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you
More informationWorkspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902
Workspace ONE UEM Certificate Authentication for EAS with ADCS VMware Workspace ONE UEM 1902 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationKerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1811
Kerberos Constrained Delegation Authentication for SEG V2 VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you
More informationActive Directory Attacks and Detection
Active Directory Attacks and Detection #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos This talk is Based on Tim Madin
More informationPass-the-Hash Attacks
Pass-the-Hash Attacks Mgr. Michael Grafnetter www.dsinternals.com Agenda PtH Attack Anatomy Mitigation Proactive Reactive Windows 10 + Windows Server 2016 Microsoft Advanced Threat Analytics PtH Attack
More informationPyramid 2018 Kerberos Guide Guidelines and best practices for how deploy Pyramid 2018 with Kerberos
Pyramid 2018 Kerberos Guide Guidelines and best practices for how deploy Pyramid 2018 with Kerberos Contents Overview... 3 Warning... 3 Prerequisites... 3 Operating System... 3 Pyramid 2018... 3 Delegation
More informationRadius, LDAP, Radius used in Authenticating Users
CSCD 303 Lecture 5 Fall 2017 Kerberos Radius, LDAP, Radius used in Authenticating Users Introduction to Centralized Authentication Kerberos is for authentication only and provides Single Sign-on (SSO)
More informationActive Directory Attacks and Detection
Active Directory Attacks and Detection #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos Lab Setup AJLAB.COM: 2 Domain
More informationTen most common Mistakes with AD FS and Hybrid Identity. Sander Berkouwer MVP, DirTeam.com
Ten most common Mistakes with AD FS and Hybrid Identity Sander Berkouwer MVP, DirTeam.com Agenda Federation A small primer on the open protocols used today for federating identity and achieving hybrid
More informationBusinessObjects Enterprise XI Release 2
Configuring Kerberos End-to-End Single Sign-On using IIS Overview Contents This document provides information and instructions for setting up Kerberos end-to-end Single Sign-On (SSO) using IIS to the database
More informationIBM Security Access Manager v8.x Kerberos Part 2
IBM Security Access Manager open mic webcast - Oct 27, 2015 IBM Security Access Manager v8.x Kerberos Part 2 Kerberos Single Sign On using Constrained Delegation Panelists Gianluca Gargaro L2 Support Engineer
More informationSpencer Harbar. Kerberos Part One: No ticket touting here, does SharePoint add another head?
Spencer Harbar Kerberos Part One: No ticket touting here, does SharePoint add another head? About the speaker... Spencer Harbar - www.harbar.net spence@harbar.net Microsoft Certified Master SharePoint
More informationNetwork Security: Kerberos. Tuomas Aura
Network Security: Kerberos Tuomas Aura Kerberos authentication Outline Kerberos in Windows domains 2 Kerberos authentication 3 Kerberos Shared-key protocol for user login authentication Uses passwords
More informationAPM Cookbook: Single Sign On (SSO) using Kerberos
APM Cookbook: Single Sign On (SSO) using Kerberos Brett Smith, 2014-28-04 To get the APM Cookbook series moving along, I ve decided to help out by documenting the common APM solutions I help customers
More informationKerberos Adapter for webmethods
Kerberos Adapter for webmethods Many webmethods programmers are familiar with the problem of authenticating from.net clients to a webmethods server. Sometimes this is solved by transferring authentication
More informationHow does it look like?
EasyAdmin Windows Authentication KB4031b 1 The OpenLM EasyAdmin administrative web interface incorporates a role-based security access scheme, facilitating different levels of access to different role
More informationCIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries
CIS 6930/4930 Computer and Network Security Topic 7. Trusted Intermediaries 1 Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC) Representative
More informationCOMPLEX CERTIFICATE POLICIES
Ondřej Ševeček PM Windows Server GOPAS a.s. MCM: Directory Services MVP: Enterprise Security ondrej@sevecek.com www.sevecek.com COMPLEX CERTIFICATE POLICIES Enterprise PKI CODE SIGNING Certificate template
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationThe Common Access Card The problems it solves (and the ones it doesn t) Quest Software/One Identity Dan Conrad Federal CTO
The Common Access Card The problems it solves (and the ones it doesn t) Quest Software/One Identity Dan Conrad Federal CTO 1 Disclaimer The views expressed in this presentation are those of the author(s)
More informationSingle Sign-On Extensions Library THE BEST RUN. PUBLIC SAP Single Sign-On 3.0 SP02 Document Version:
PUBLIC SAP Single Sign-On 3.0 SP02 Document Version: 1.1 2018-07-31 2018 SAP SE or an SAP affiliate company. All rights reserved. THE BEST RUN Content 1....3 1.1 Extension for Kerberos Constrained Delegation
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationKEY DISTRIBUTION AND USER AUTHENTICATION
KEY DISTRIBUTION AND USER AUTHENTICATION Key Management and Distribution No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman
More informationCopyright
In Active Directory Federation Services there are two types of trusts. This video will look at the relying party trust which is configured on the account side. It essentially determines what information
More informationBI Office. Kerberos and Delegation Version 6.5
Kerberos and Delegation Version 6.5 Copyright BI Office Analytics 2010-2018 I. Overview... 3 II. Delegation Introduction... 5 A. Kerberos Prerequisites... 5 B. Application... 5 C. General Mechanics...
More informationImmotec Systems, Inc. SQL Server 2008 Installation Document
SQL Server Installation Guide 1. From the Visor 360 installation CD\USB Key, open the Access folder and install the Access Database Engine. 2. Open Visor 360 V2.0 folder and double click on Setup. Visor
More informationIMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP
IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP North America Latin America Europe 877.224.8077 info@coalfire.com coalfire.com Coalfire sm and CoalfireOne sm are registered service
More informationDoD Common Access Card Authentication. Feature Description
DoD Common Access Card Authentication Feature Description UPDATED: 20 June 2018 Copyright Notices Copyright 2002-2018 KEMP Technologies, Inc. All rights reserved. KEMP Technologies and the KEMP Technologies
More informationSQL Server Security. Marek
SQL Server Security Marek Chmel Lead Database Administrator @ AT&T MVP: Data Platform MCSE: Data Management and Analytics MCT: Regional Lead Certified Ethical Hacker CEHv8 marek.chmel@technet.ms @MarekChmel
More informationMessage authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:
Message authentication and secure hashing Why message authentication To prevent against: Masquerade/impersonation Modification of message content Modification of message sequence Acceptance of replayed/delayed
More informationHP Operations Orchestration Software
HP Operations Orchestration Software Software Version: 9.00 Procedure and Technical Support Best Practices for Configuring SSO using Active Directory George Daflidis-Kotsis GSD OO Support - Hewlett-Packard
More informationLog Server Configuration Utility
Email Log Server Configuration Utility Email Log Server is the component that receives log records and processes them into the Log Database. During installation, you configure certain aspects of Log Server
More informationWhite Paper. Export of Fabasoft Folio Objects to a Relational Database. Fabasoft Folio 2017 R1 Update Rollup 1
White Paper Export of Fabasoft Folio Objects to a Relational Database Fabasoft Folio 2017 R1 Update Rollup 1 Copyright Fabasoft R&D GmbH, Linz, Austria, 2018. All rights reserved. All hardware and software
More informationData Source Kerberos / oauth On the Wire Explaining Kerberos Constrained Delegation with Protocol Transition and Oauth for Data Source Single Sign On
Welcome 1 8 B I - 11 3 Data Source Kerberos / oauth On the Wire Explaining Kerberos Constrained Delegation with Protocol Transition and Oauth for Data Source Single Sign On John Kew Manager / Connectivity
More informationAn Analysis of Local Security Authority Subsystem
An Analysis of Local Security Authority Subsystem Shailendra Nigam Computer Science & Engineering Department DIET, Kharar Mohali(Punjab) India. Sandeep Kaur Computer Science & Engineering Department BBSBEC,
More informationSpotfire Security. Peter McKinnis July 2017
Spotfire Security Peter McKinnis July 2017 Outline Authentication in Spotfire Spotfire Server 7.9 Sites Feature and Authentication Authorization in Spotfire Data Security Spotfire Statistics Services Security
More information[MS-SAMR]: Security Account Manager (SAM) Remote Protocol (Clientto-Server)
[MS-SAMR]: Security Account Manager (SAM) Remote Protocol (Clientto-Server) This topic lists the Errata found in [MS-SAMR] since it was last published. Since this topic is updated frequently, we recommend
More informationImmotec Systems, Inc. SQL Server 2008 Installation Document
SQL Server Installation Guide 1. From the Visor 360 installation CD\USB Key, open the Access folder and install the Access Database Engine. 2. Open Visor 360 V2.0 folder and double click on Setup. Visor
More informationAdvanced On-Prem SSRS 2017 for Non-AD Users. Dr. Subramani Paramasivam MVP & Microsoft Certified Trainer DAGEOP, UK
Advanced On-Prem SSRS 2017 for Non-AD Users Dr. Subramani Paramasivam MVP & Microsoft Certified Trainer DAGEOP, UK A Big Thanks to Our Sponsors About the Speaker Local & User Group Leader Dr. SubraMANI
More informationKerberos. Pehr Söderman Natsak08/DD2495 CSC KTH 2008
Kerberos Pehr Söderman Pehrs@kth.se Natsak08/DD2495 CSC KTH 2008 Project Athena Started 1983 at MIT 10 000 workstations 1000 servers Unified enviroment Any user, any workstation, any server, anywhere...
More informationLOCAL SECURITY AND PERMISSIONS
Ondřej Ševeček GOPAS a.s. MCM: Directory Services MVP: Enterprise Security ondrej@sevecek.com www.sevecek.com LOCAL SECURITY AND PERMISSIONS Outline Generic Terminology NTFS Permissions Registry Permissions
More informationVintela Single Sign-On for Java Reference Manual
Vintela Single Sign-On for Java Reference Manual Standard Edition 3.3 2008 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described
More informationDeploying the BIG-IP LTM and APM with Citrix XenApp or XenDesktop
Deployment Guide Deploying the BIG-IP LTM and APM with Citrix XenApp or XenDesktop Important: The fully supported version of this iapp has been released, so this guide has been archived. See http://www.f5.com/pdf/deployment-guides/citrix-vdi-iapp-dg.pdf
More informationSyllabus: The syllabus is broadly structured as follows:
Syllabus: The syllabus is broadly structured as follows: SR. NO. TOPICS SUBTOPICS 1 Foundations of Network Security Principles of Network Security Network Security Terminologies Network Security and Data
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationConfiguring LCS and MPS J3 for SIP
Configuring LCS and MPS J3 for SIP TANDBERG D50429, Rev 1.0 This document is not to be reproduced in whole or in part without the permission in writing from: TANDBERG Table of Contents 1. SIP...3 2. CONFIGURING
More informationIntroduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.
Trusted Intermediaries CSC/ECE 574 Computer and Network Security Topic 7. Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center () Representative solution:
More informationBlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide
BlackBerry Enterprise Server for Microsoft Office 365 Version: 1.0 Administration Guide Published: 2013-01-29 SWD-20130131125552322 Contents 1 Related resources... 18 2 About BlackBerry Enterprise Server
More informationInstallation and Configuration Guide Simba Technologies Inc.
Simba SQL Server ODBC Driver Installation and Configuration Guide Simba Technologies Inc. Version 1.4.13 November 22, 2018 Copyright 2018 Simba Technologies Inc. All Rights Reserved. Information in this
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Authentication Applications We cannot enter into alliance with neighbouring princes until
More informationGlobal Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationHP Service Health Reporter Configuring SHR to use Windows AD Authentication
Technical white paper HP Service Health Reporter Configuring SHR to use Windows AD Authentication For the Windows Operation System Software Version 9.3x Table of Contents Introduction... 2 Motivation...
More informationBIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0
BIG-IP Access Policy Manager : Secure Web Gateway Version 13.0 Table of Contents Table of Contents BIG-IP APM Secure Web Gateway Overview...9 About APM Secure Web Gateway... 9 About APM benefits for web
More informationFederal Information Processing Standard (FIPS) What is it? Why should you care?
Federal Information Processing Standard (FIPS) 140-2 What is it? Why should you care? SECURITY IS BECOMING A GROWING CONCERN The migration from TDM to IP communication networks has drastically increased
More informationPass-the-Hash Attacks. Michael Grafnetter
Pass-the-Hash Attacks Michael Grafnetter www.dsinternals.com Agenda PtH Attack Anatomy Mitigation Proactive Reactive Windows 10 + Windows Server 2016 PtH History and Future 1988 Microsoft releases Lan
More informationEnterprise Product Integration. Configuration and Troubleshooting Guide
Enterprise Product Integration Configuration and Troubleshooting Guide Legal Information Book Name: Enterprise Product Integration Configuration and Troubleshooting Guide Part Number: EPI-0200-IGCG Product
More informationTIBCO Spotfire Web Player 7.0. Installation and Configuration Manual
TIBCO Spotfire Web Player 7.0 Installation and Configuration Manual Revision date: 9 February 2015 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED
More informationProxyCap Help. Table of contents. Configuring ProxyCap Proxy Labs
ProxyCap Help 2016 Proxy Labs Table of contents Configuring ProxyCap The Ruleset panel Loading and saving rulesets Delegating ruleset management The Proxies panel The proxy list view Adding, removing and
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationInfowise Event Calendar Plus User Guide
Infowise Event Calendar Plus 1 Contents Introduction... 3 Installation... 4 Usage... 5 1. Adding and customizing the web part... 5 2. Defining Exchange Data Connection... 12 3. Defining Lookup Event Categories...
More informationThe Advantages of TACACS+ for Administrator Authentication
The Advantages of for Administrator Authentication Centrally manage and secure your network devices with one easy to deploy solution. IT departments are responsible for managing many routers, switches,
More informationK2 for SharePoint Environment Setup
K2 for SharePoint Environment Setup GUIDANCE ON SETTING UP A SHAREPOINT ENVIRONMENT BEFORE INSTALLING K2 INTEGRATION May 4 Guidance in this document can be used for customers to correctly set up their
More informationIntroduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike
Anonymous Application Access Product Brief Contents Introduction 1 The Safe-T Solution 1 How It Works 2-3 Capabilities 4 Benefits 4 List 5-11 Introduction With the move to the digital enterprise, all organizations
More informationGuide to Windows 2000 Kerberos Settings
Report Number: C4-018R-01 Guide to Windows 2000 Kerberos Settings Architectures and Applications Division of the Systems and Network Attack Center (SNAC) Author: Updated: June 27, 2001 David Opitz Version
More informationTrusted Intermediaries
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationMicrosoft SQL Installation and Setup
This chapter provides information about installing and setting up Microsoft SQL. Encrypted Database Not Supported, page 1 Install and Setup Microsoft SQL Server, page 1 Database Migration Required for
More informationMcAfee Certified Assessment Specialist Network
McAfee MA0-150 McAfee Certified Assessment Specialist Network Version: 4.0 Topic 1, Volume A QUESTION NO: 1 An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"
More informationManage and Maintain Active Directory Domain Services
Active Directory 101 Manage and Maintain Active Directory Domain Services Sander Berkouwer CTO at SCCT 10-fold Microsoft MVP Active Directory aficionado Daniel Goater Systems Engineer Netwrix Active Directory
More informationRemote Desktop Security for the SMB
A BWW Media Group Brand Petri Webinar Brief October 5th, 2018 Remote Desktop Security for the SMB Presenter: Michael Otey Moderator: Brad Sams, Petri IT Knowledgebase, Executive Editor at Petri.com There
More informationReading your way around UAC
Reading your way around UAC Abusing Access Tokens for UAC Bypasses James Forshaw @tiraniddo What I m Going to Talk About Why Admin-Approval UAC is even worse than you thought! Why Over-the-Shoulder UAC
More informationCA SiteMinder Federation Standalone
CA SiteMinder Federation Standalone Agent for Windows Authentication Guide r12.52 SP1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred
More informationwith Access Manager 51.1 What is Supported in This Release?
51 51 Integrating Microsoft SharePoint Server with Access Manager This chapter explains how to integrate Access Manager with a 10g WebGate and Microsoft SharePoint Server. It covers the following topics:
More informationUseful Hacking Series
Useful Hacking Series Welcome to the Useful Hacking Series, in this series of 20 Episodes our world-renowned penetration tester/international speaker will share with you the top useful tips used during
More informationOwner of the content within this article is Written by Marc Grote
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront UAG Publishing Microsoft Exchange Server 2010 Outlook Anywhere and Exchange
More informationDeskAlerts SSO Configuration Guide
DeskAlerts SSO Configuration Guide Reproduction of this guide in whole or in part, by any means whatsoever, is prohibited without the prior written consent of the publisher. DeskAlerts SSO (Single Sign
More informationThe 3 Pillars of SharePoint Security
The 3 Pillars of SharePoint Security Liam Cleary CEO/Owner SharePlicity Jeff Melnick Systems Engineer Netwrix Corporation AGENDA The Problem Attack Vectors Intranet, Extranet and Public Facing Proactive
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationWindows Hash Reinjection Using GSECDUMP and MSVCTL By Deron Grzetich
Windows Hash Reinjection Using GSECDUMP and MSVCTL By Deron Grzetich Intro The objective of this exercise is to prove that gsecdump and msvctl actually work as prescribed. These tools can be used to reinject
More informationMicrosoft Unified Access Gateway 2010
RSA SecurID Ready Implementation Guide Partner Information Last Modified: March 26, 2013 Product Information Partner Name Web Site Product Name Version & Platform Product Description Microsoft www.microsoft.com
More information