Deploying PAWs as Part of a Strategy to Limit Credential Theft and Lateral Movement

Explore a comprehensive conference talk on deploying Privileged Access Workstations (PAWs) as a strategy to mitigate credential theft and lateral movement in network security. Delve into various Windows authentication mechanisms, credential storage methods, and common attack scenarios. Learn about the Active Directory Administrative Tier Model, logon restrictions, and traditional jump server solutions. Discover the prerequisites, deployment phases, and models for implementing PAWs, including detailed guidance on setting up Active Directory frameworks, GPOs, and user policies. Gain insights into multi-factor authentication, Protected Users group, and lessons learned from real-world deployments. Understand how PAW implementation complements network segmentation strategies and further limits exposure to security threats. Conclude with practical tips and a Q&A session to enhance your organization's security posture against credential-based attacks.

Intro
WHEN NOT COMPUTERING...
ATTACK SCENARIO #2
WINDOWS LOGON TYPES
LOCAL SAM DATABASE
ACTIVE DIRECTORY DATABASE
LSA SECRETS
CREDENTIAL MANAGER
WINDOWS CREDENTIAL & AUTH ISSUES
STEALING WINDOWS ACCESS TOKENS
WINDOWS CRED & AUTH ISSUES
INTRODUCING PAWS
ACTIVE DIRECTORY ADMINISTRATIVE TIER MODEL
LOGON RESTRICTIONS
TRADITIONAL SOLUTIONS - JUMP SERVERS
PAW PREREQUISITES
PHASES OF DEPLOYMENT
PAW DEPLOYMENT MODELS
DEPLOY PAW ACTIVE DIRECTORY FRAMEWORK
PAW COMPUTER ACCOUNT GPOs
PAW USER GPOS
PAW GPOS - DENY LOWER TIER LOGON
RESTRICTED ADMIN)
PAW SETUP - PHASE 2
MULTI-FACTOR)
PAW SETUP - PHASE 3 (PROTECTED USERS)
LESSONS LEARNED FROM MY DEPLOYMENT
PAW DEPLOYMENT PAIRS WILL WITH NETWORK SEGMENTATION
NETWORK SEGMENTATION (LAYER3)
FURTHER LIMITING EXPOSURE TO CREDENTIAL THEFT AND LATERAL MOVEMENT
CLOSING
QUESTIONS/CONTACT