Privileged Access Management in Active Directory

00:00

everyone welcome back of the core. So in the last video, we wrapped up our discussion on privilege access management. Best practices

00:07

and this video were to talk briefly about privilege access management in relation to active directory.

00:13

So we'll talk about what is Pam for active directory.

00:16

So when we talk about Pam for active Directory, we're talking about restricting the privileged access inside of active directory

00:23

so this can help us do things like reestablishing control over a active directory environment that's been compromised on the way we can do. That is through what's called a bastion environment. So we could basically set up a forest where we've got all these users,

00:37

but that forces separate from our traditional active directory. So that way, if something does occur, we can instantly

00:44

recover

00:46

and then also isolating the privileged user accounts.

00:49

Now all of this is a part of Microsoft's identity manager. So am I am.

00:55

So what kind of problems does having privilege access management with after directory active actually solve for us? Well, it helps us mitigate or prevent against various attacks s oh, of course, vulnerabilities. But various attacks like past the hash spear, phishing attacks Kerberos compromises,

01:15

especially on authorized privilege escalation. So it helps us prevent against a lot of things just by limiting the access that a potential attacker might be ableto have.

01:26

And again, the overall goal is to make it more difficult for the attacker so they can just move laterally through our network in various systems. So what should you actually do? What are some of the steps that you should actually be doing? Well, Number one identifying which groups in your existing bashing enforces you've got set up,

01:42

have significant privileges. So identifying again, going back to the inventory we talked about earlier, right?

01:49

Identifying what accounts have that privilege access and sure, they actually have that access. And then what you want to do is you re create those groups without members in over in the bastion forest, right? So identify the groups that have privilege access. So let's say, for example, that is an I T. Department. So all the people in our I T department have privileged access.

02:08

We then take that group we created over an are bashing forest.

02:12

But without those users,

02:15

we didn't want to set up

02:16

uh, some kind of authentication protection rules account. So that's where we come into play with, like, multi factor authentication.

02:23

Ah, and that's when they request that just in time administration, which again is just requesting, saying, I need to access

02:30

or to this thing right now. And I only need it for a short period of time,

02:36

the life cycle so kind of going back to the fact that when we

02:39

talk about multi factor and we talk about

02:44

and when we talk about just in time administration, we need to think through the life cycle. So

02:49

we need to make sure that we've got a predetermined or preset amount of time that

02:54

this account, this user, this system, whatever it is, this application,

03:00

it's got a limited amount of time that it will actually have

03:04

that privileged accessed in that group.

03:06

And then we want to monitor, we wanna take. We want to be a wary of

03:09

what's occurring in this activity. Are they doing what they said they should be doing? Or are they doing what they should be doing? Are they trying to escalate privileges? Even mawr? They're trying to maintain those privileges that we forget about an account,

03:22

Um, and then Also,

03:23

this could be used for identifying inside attacks. Right? So we could see that. You know, Susan and accounting is always trying to get administrative access every day. Well, that doesn't make any sense, right? So that we can

03:37

begin alert on that. Have someone go talk to Susan and accounting and see if it's actually her. Maybe her credentials were compromised, and it's an attacker. So these are the things that we need to do as for part of a kind of a step by step process.

03:50

So this video we talked briefly through privileged access management with active directory.

03:54

Now, in the next video, we're gonna jump into our labs. So I want to stress that there are step by step lab guides. Be sure to download those in the resource is section of the course, and we're not gonna have a video where we walk through the labs step by step. I want you get you the hands on practice, so I'll give you a brief overview of the lab. Some of the