Professional Documents
Culture Documents
___________________________________________________________________________________
NovoCall
Introdcation
Microsoft Active Directory est un service d'annuaire qui permet aux administrateurs de réduire le
coût et les efforts de l'administration d'un réseau basé sur un domaine Windows. AD facilite la
centralisation des ressources et la gestion , ainsi que l'authentification et l'autorisation des utilisateurs.
Vous pouvez utiliser un environnement Active Directory pour les réseaux petits et grands.
Avantage
• Single sign-on using Kerberos - users sign in once, get access to all
Windows-integrated services.
Disvantage
• If the Active Directory goes down so does your network
NovoCall
How to Slove thos Problme
Active Directory servers often play the role of DNS and DHCP servers. In that case, while AD
is o ine, computers will have trouble accessing the internet and even the local network
itself. To avoid these issues, best practices recommend having at least two network carte to use to
loade the traffique beetwen them ,
NIC Teaming, also known in the Microsoft world as Load Balancing/Failover allows you to install
additional physical Ethernet network adapters (NICs) into your server and “team” or combine them
together to make one virtual NIC that provides better performance and fault tolerance.
Hacking :
Because Active Directory is the most popular directory service, there are a lot of techniques and
strategies to hack it. Since it cannot be located in a DMZ, the AD server usually has an internet
connection, which gives attackers the opportunity to get at the keys to your kingdom remotely. One
particular weakness is that Active Directory uses the Kerberos authentication protocol with
symmetrical cryptography architecture; Microsoft has already patched many of its vulnerabilities,
but new ones continue to be discovered and exploited.
Here are security tips to help you improve your web server security , Use rewalls on all endpoints ,
Maintain backups, Use VPN when available.
Single point of failure. A single point of failure, also known as SPOF, is any component of a system
that causes the whole system to stop working if it fails.
In computing, SPOFs are identified and resolved through redundant and high-availability clusters
A failover cluster is a group of servers that work together to maintain high availability of applications
and services. If one of the servers, or nodes, fails, another node in the cluster can take over its workload
without any downtime (this process is known as failover).
NovoCall
Important steps after deploying Active Directoey
1. Set static IPs for servers. This ensures you are reaching the right server when making
connections.
11. utlise deux catr réseau pour utlise pius en deployment de Nic
12. use more then tow hard disque to use diifrnt storage tsoulation as LVM and RAID
NovoCall
Baseline Security Hardening
Here are recommended baseline security hardening considerations the-new-for your Windows Server .
Your individual server setup may vary and require additional security considerations.
These ten steps provide a baseline security setup and serve as a starting point for additional security
hardening.
Network Security
• Segment your network. Hosts that are on the same subnet/Vlan will have an easier time
masquerading as the server. Segmentation helps address that.
• Add a network firewall. Be sure to disable any services you are not using, such as IPv6
• Also disable any inbound tra c on ports that are not in use.
• Be sure to update any other Microsoft products in use, such as Exchange Server and SQL
Server.
• Critical updates should be applied as soon as possible. Apply these updates in test
environments to confrm proper function, then in production if there are no compatibility
issues
NovoCall
Secure and Encrypt Remote Access
• Telnet and other unencrypted management protocols should be disabled across the whole
environments
• Use only encrypted remote access ( SSH or VPN access)
• Set up speci c service accounts, locally or in Active Directory, for application and user
services.
• This way if applications are compromised, the attacker has limited user rights, not full
system or privileged user rights.
• Change administrator passwords regularly to prevent password leaks from resulting in new
breaches.
• Enforce a strong password ( Complexity and length ) policy using these considerations
• Monitor and analyze logs to identify attackers, rogue devices, and suspicious usage patterns.
NovoCall
Most Important Group Policy Settings
NovoCall