Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Least privilege vs Windows server security

from [Dan Lynch] Network Security [Permanent Link]
Subject: Least privilege vs Windows server security
Date: Thu, 12 Jul 2007 11:47:47 -0700 
Greetings list,

I'm looking for opinions on an issue of contention in our organization.
Our enterprise is made up of two networks - one for general government
departments, and another for law enforcement related departments. 

The users, Windows file servers, and MS Exchange servers of both
networks are members of the same MS Active Directory domain. A file
server, an Exchange server, and a domain controller sit on each network.
The LE network requires stronger data security measures as it also
includes non-member servers that hold highly sensitive data. These are
the crown jewels, and the LE network is therefore behind a firewall from
our general government network

The entire system is in production and running with a few administrative
and functional limitations. We've tried to follow the principle of least
privilege when allowing server-to-server communication across the
firewall. We've attempted to enumerate all services necessary for Active
Directory replication, and at the firewall accommodate only those
protocols from the general government servers to the LE servers. This
has proven difficult, especially when addressing RPC-style services.
Certain administrative scripts that make WMI calls, resulting in RPC
communications won't run.

Also, connections to the LE servers for drive mappings, RDP, and other
administrative protocols are restricted to specific general government
network addresses. 

All this amounts to some hardship for Windows server administrators.
Their position is that all communications between servers should be
allowed. They argue that if the general government domain controller is
"owned", no firewall restrictions will prevent an attacker from having
his way with the LE server. In their view, the principle of least
privilege is nonsense. Instead, a restriction is only justified if a
specific benefit can be enumerated.

I'm not quite sure how to answer them, and would appreciate any input on
this subject.

In practice, what specific scenarios justify the restrictions we've
placed on communications between these servers?

Philosophically, what logical arguments support the principle of least
privilege in the environment I've described?

Thanks for your input,

Dan Lynch, CISSP
Information Technology Analyst
County of Placer
Auburn, CA
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Bypassing ISA SERVER 2004, Jan Heisterkamp
Next by Date:  RE: Least privilege vs Windows server security, Ackley, Alex
Previous by Thread:  Bypassing ISA SERVER 2004, Danux
Next by Thread:  RE: Least privilege vs Windows server security, Ackley, Alex
Indexes:  [Date] [Thread] [Top] [All Lists]