DHCP Security (Recommendations)
Labels:
DHCP,
DNS
1 comments
I decided to write this article about DHCP security features which i recommend to all admins who are responsible for Domain Controllers, DHCP, DNS, NPS, PKI and etc. What i have observed in my career till so far that many administrators do not configure all DHCP security settings. Below i have mentioned some examples which i have experienced in my career.
1. We had a host record "WATCH" which was pointing to the IP address of a server. A user came with this home macbook and connected office LAN cable to its macbook. Our bad luck was, his macbook name was also "WATCH" and its IP address was replaced by the IP address of the Macbook.
2. We have a WiFi scope for visitors. So one day, someone came for an interview and connected his iPad to our Visitor Wifi. Suddenly our exchange team emailed me that their "SPAM" server logs have stopped working, please rectify it. When i checked, they used to have a DNS A record by the name of SPAM which was modified by a visitor Wifi IP Address. After check it more, we found that the visitor who came for an interview, his iPad name is SPAM. UUUfffffff..
3. In my first organisation, there was a problem of duplicate host records. And most of the teams like security, exchange and sccm were totally fucked up due to this issue. Issue was like, if you want to deploy something on system A it used to go on system D. If you need to run a script remotely on system D, it used to go on system G. Totally messed.
Here are the settings which i recommend for every admin.
A. Let DHCP owns DNS records.
B. Name Protection
C. Disable DNS record creation for some scopes.
Delegating DHCP Server Administration
Labels:
DHCP
0
comments
Very important to know.
It will not be possible to assign DHCP administration and monitoring privileges to other user accounts on the server.
So, question comes then how to do that. Whenever you install and configure DHCP server role, by default it creates two active directory security account "DHCP Administrators" and "DHCP Users".
SMB Insecurely Configured Service vulnerability
Labels:
GPO
1 comments
This vulnerability can be cause due to many services which uses SMB in some ways. There are many related articles which you will found and they will tell you which service has problem and what should be the fix.
Articles : Tenable, Nessus, Microsoft
When i worked on this security incident, i found that there are some policies which are wrongly configured in GPO which is applying on all laptops and workstations.
There are only 4 things which you have to check on all service settings which are coming from GPO or manually configured. Then you have to remove them from ACL of those services.
1. Authenticated Users
2. Domain Users
3. Users
4. Everyone
If service is disabled, then there is not need to check this on it. If it is enabled either in Automatic Mode or Manual Mode, it is important to check.
Articles : Tenable, Nessus, Microsoft
When i worked on this security incident, i found that there are some policies which are wrongly configured in GPO which is applying on all laptops and workstations.
There are only 4 things which you have to check on all service settings which are coming from GPO or manually configured. Then you have to remove them from ACL of those services.
1. Authenticated Users
2. Domain Users
3. Users
4. Everyone
If service is disabled, then there is not need to check this on it. If it is enabled either in Automatic Mode or Manual Mode, it is important to check.
Subscribe to:
Posts (Atom)