Threat Modelling for Active Directory

This paper analyses the security threats that can arise against an Active Directory server when it is included in a Web application. The approach is based on the STRIDE classification methodology. The paper also provides outline descriptions of countermeasures that can be deployed to protect against the different threats and vulnerabilities identified here

Possibilities of Active Directory Replication Topology Running on Windows Server 2003

Import 04/07/2011Bakalářská práce s názvem Možnosti replikační topologie Active Directory na platformě Windows Server 2003 je rozdělena do dvou základních částí. Teoretická část se věnuje jednotlivým aspektům replikace, od popisu Active Directory, až po její strukturu. Součástí teoretické části je také postup instalace a popis testovací topologie, která je použita v následující praktické části. Praktická část se zabývá analýzou replikace, která se dá rozdělit do dvou následujících podkapitol, měření zabývající se časovou jednotkou a měření zabývající se objemem dat.This bachelor work with title Possibilities of Active Directory replication topology running on Windows Server 2003 is divided into two basic parts. Theoretical part devotes to individual aspects of replication, from describing of Active Directory to its structure. Part of theoretical part is also manual for installation and description of topology, which is used in next practical part. Practical part includes analysis of replication, which can be split into two following subchapters. Measuring of time and measuring of the size of data.460 - Katedra informatikyvelmi dobř

Detection of Active Directory attacks

Organizace, které využívají Active Directory pro správu identit, musí chránit svá data před protivníky a bezpečnostními hrozbami. Tato práce analyzuje známé útoky na Active Directory a možnosti jejich detekce založené na Windows Security auditu. Implementační část je zaměřená na návrh detekčních pravidel pro analyzované scenáře útoků. Pravidla byla navrhnuta a implementována v technologii Splunk, následně otestována a vyhodnocena vykonáním útoků ve virtuálním prostředí. Navrhnutá pravidla, případně detekční principy v nich použité, mohou sloužit jako základ implementace bezpečnostního monitorování Active Directory prostředí v organizacích, a to nezávisle na vybrané technologii. Příloha práce obsahuje navrhnutá pravidla ve formě Analytic Stories, která rozširují obsah existující aplikace Splunk ES Content Update. Analytic Stories jsou navíc doplněna o relevantní vyhledávání, která poskytují kontext využitelný pro investigaci.Organizations that use Active Directory for managing identities have to protect their data from adversaries and security threats. This thesis analyses known attacks targeting Active Directory and the possibilities of detection based on Windows Security auditing. The implementation part focuses on designing detection rules covering the analyzed attack scenarios. The rules were designed and implemented in Splunk; tested and evaluated by performing the attacks in a virtual environment. The rules, or the detection principles used in them, can serve as a baseline for implementation of Active Directory security monitoring in organizations, regardless of the chosen technology. The appendix contains the designed rules set in the form of Analytic Stories, extending the content of an existing application Splunk ES Content Update. The Stories are supplemented by related searches providing context useful for investigation

Some aspects of the integration of web service of higher educational institutions

Розглянуто технологічні аспекти інтеграції веб-сервісів освітнього порталу. Визначено концептуальні підходи до організації єдиної системи автентифікації. Проаналізовано можливості протоколу та каталогів LDAP для збереження облікових записів користувачів. Запропоновано структуру об’єктів у каталозі Active Directory, який використано для розв’язання проблеми. Рассмотрены технологические аспекты интеграции веб-сервисов образовательного портала. Определены концептуальные подходы организации единой системы аутентификации. Проанализирова-ны возможности протокола и каталогов LDAP для хранения учетных записей пользователей. Предложена структура каталога Active Directory. The article describes the technological aspects of the integration of Web services education portal. Con-ceptual approaches of organization of the authentication system are distinguished. The possibility of protocol and LDAP directory for storing user accounts are analyzed. The structure of objects in the Active Directory, which is used to solve the problem, is proposed

Active Directory

Outline l Introduction to Active Directory l Logical Structure » Domain, Organizational Units, Trees and Forests, Schema l Physical Structure » Sites » Domain Controllers » Specific Domain Controller Roles l Installing Active Director

Utilization of Resources That Exist in the Network by Using Active Directory Windows Server 2003

Growing computer network systems and the Internet makes every activity and can be done without having to leave my job. This occurs because tersambungnya almost all computers in the world so they can communicate with each other and exchange information. Due to the development tersebutlah, directly participate greatly affect the way we communicate, especially in data communication for computers. If the first one computer to communicate between computers using Workgroup concept, whereas now use the concept of Domain. Where nature is known to centralize Domain Domain is the central database is from an Active Directory. All relevant services and activities exist in Active Directory Domain is. Therefore the use of Active Directory is very meaningful and very easy computer data transfer activities to support various activities based on computer technology

Active Directory

Outline l Introduction to Active Directory l Logical Structure » Domain, Organizational Units, Trees and Forests, Schema l Physical Structure » Sites » Domain Controllers » Specific Domain Controller Roles l Installing Active Director

Working Architecture of Active Directory Applications in Libraries

Information Technology revolutionized era offer several tools for creating; organizing; storing and visualization of information in libraries in various perspectives. This paper highlights the application of Active Directory in library and information centers. In this context, Active Directory is an extensible directory service that enables managing and storing the detailed information about each network resources efficiently and also used to record the user access count as well as the duration of time spent by the user in the library. It is also used to maintain the institutional User restriction policies in the Server-Client architecture in libraries. This paper explains the steps to deploy the User access and reporting modules, credentials to the user by using the Windows Active Directory and also explores the technical aspect of working architecture, application and its limitation in the libraries

Tools for Managing OS Windows Server

Import 05/08/2014Cílem práce je poskytnout uživatelům Active Directory domény možnost vyresetovat a změnit heslo v Active Directory. Administrátorům Active directory je umožněno základní nastavení domény a samotné aplikace. Resetování hesla je v aplikaci vyřešeno pomocí unikátních požadavků a ověřováním přes e-mailovou zprávu. Veškeré dotazy a změny nastavení Active directory jsou řešeny pomocí Powershell příkazů spouštěných z webové stránky. Byl vytvořen systém, který dovoluje uživatelům resetovat a měnit heslo, aniž by museli žádat pověřenou osobu. Přínosem této práce je zefektivnění a zautomatizování častých problému v Active Directory doméně.The aim of the thesis is providing the possibility to reset and change password for users of Active Directory domain. There is the posibility to realize basic setting of domain and application for administrator of Active directory. The password reset is solved in the application by unique requirement and authorization with e-mail. The questions and changes of settings in the Active Directory are solved by the Powershell which can be runned from the website. There was created the system that allows to reset and change password for users without verification by authorized person. The benefit of this thesis is the streamlining and the automatization of common problems in the Active Directory domain.460 - Katedra informatikyvelmi dobř