LDAP over SSL (LDAPS) Certificate

August 31, 2014

By default, LDAP communications between client and server applications are not encrypted. This means that it would be possible to use a network monitoring  device or software and view the communications traveling between LDAP client and server computers. This is especially problematic when an LDAP simple bind is used because credentials (username and password) is passed over the network unencrypted. This could quickly lead to the compromise of credentials. For more details follow the link below: http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx  
no comments

Restore User Account in Active Directory using Ldp.exe

August 28, 2014

Hey , I would like to introduce the Restore process of User Account in Active Directory using Ldp.exe: 1. Open Ldp.exe at Your domain admin machine or at the DC itself. 2. Go to Connection - > Connect - > Named the AD server & port:389 - OK: 3.Go to Connection - > Bind ->Bind as currently logged & check Encrypt traffic after bind, do not choose Simple bind (not secured- clear text) - > OK: 4. Go to View - > Tree - > Base DN - > DC=mydomain,DC=com ->OK: 5. Expand the Root Domain tree and looking for CN=Deleted Objects,DC=mydomain,DC=com if there is no such...
one comment

Three levels of DNS security

August 20, 2014

Three levels of DNS security Low-level security Low-level security is a standard DNS deployment without any security precautions configured. Deploy this level of DNS security only in network environments where there is no concern for the integrity of your DNS data or in a private network where there is no threat of external connectivity. Low-level DNS security has the following characteristics: The DNS infrastructure of the organization is fully exposed to the Internet. Standard DNS resolution is performed by all DNS servers in the network. All DNS servers are configured with root hints pointing to the root servers for the Internet. All DNS servers permit...
no comments

Tools for Auditing and Monitoring

Hey In the last months i was involve with couple of auditing and monitoring missions, in now days this issue's severity is critical to an Enterprise Environment whose want to view and expose full information about the occurring in their organization. From Microsoft's homemade , We can use those tools for build and implement a auditing and monitoring review : Tool Type Description Auditpol Windows command-line tool Displays information about and performs functions to modify audit policy settings. Logman Windows command-line tool Creates and manages Event Trace Session and Performance logs and supports many functions of Performance Monitor from the command line. Clear-EventLog Windows PowerShell cmdlet Deletes all entries from specified event logs...
no comments

Microsoft Security Bulletin MS14-051 – Critical

August 19, 2014

Hey this is a Cumulative Security Update for Internet Explorer : This security update resolves one publicly disclosed and twenty-five privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. for more info: https://technet.microsoft.com/en-us/library/security/MS14-051
no comments

Strong Authentication with One-Time Passwords

August 17, 2014

The following components are used in a typical OTP solution: Client computer: Contains the DirectAccess components, a credential provider that is written by the OTP vendor, and a custom key storage provider (KSP). One-time password server: Consists of two services, an OTP agent that communicates with the validation server, and a component that communicates with the certification authority (CA). Certification authority: Provides a certificate that is trusted by the domain. One-time password validation server: Validates the OTP. High-level architecture of for an OTP solution When invoked, the OTP credential provider collects a user name and OTP value from the user and presents it to the...
no comments

LSA Architecture- Windows Login Gina Flow:

August 15, 2014

LSA Architecture- Windows Login Gina Flow: 1. Using msgina.dll+winlogon.exe+secure32.dll 2. RPC (LSA server Serivce) for Negotiate 3. If Use: Digest, NTLM, KERBEROS, TLS\SSL , Except NTLM every protocol using netlogon.dll 4. NTLM using samsrv.dll (Security Accounts Manager) 5. Finally every protocol get into Directory services from netlogon or from SAM. 6. If its a non-domain controllers , it direct to local registry . 7. Directory Services in the end of the Winlogn process connect with Jet database Esent.dll . * KDC (kdcsvc.dll) which is windows sockets , using SAM/Kerberos and Directory Services.
no comments

Kerberos vs NTLM authentication

August 9, 2014

NTLM Kerberos Challenge-Response Ticket based authentication Microsoft proprietary protocol Standard protocol can be used across different implementations The server contacts the DC to   validate the client’s response for the challenge (known as pass-through authentication) The client contacts the DC to Retrieve a ticket for the service. Pass-through authentication is needed for each session and therefore the DC is contacted each Time. Faster! The client manages a Tickets cache. No need to contact the DC for additional sessions to the same service if the ticket is still Valid. Supports only impersonation Supports impersonation and delegation
no comments