Future Forests - Realistic Strategies for AD Security & Red Forest Architecture

Explore a comprehensive strategy for implementing Microsoft's Red Forest architecture to mitigate devastating Active Directory (AD) attacks in this 45-minute RSA Conference talk. Gain insights into the exact benefits and common weaknesses of this approach, integrating lessons learned from both attackers and defenders. Understand how Red Forest mitigates modern AD attacks, create a realistic implementation plan for your organization, and identify common challenges in the process. Delve into topics such as local administrator credentials, privileged access workstations, domain admin access, separate forests, and tiered architecture. Learn about practical steps to enhance AD security, including local administrative password solutions and permission management across different tiers. Suitable for those with a basic understanding of Active Directory, this session provides valuable knowledge for preventing AD forest fires and strengthening overall security posture.

Intro
Agenda
Why AD Matters
Attacker Perspective
Local Administrator Credentials
When Not PTO Kagan
Forest Fires
Steps
Local Credentials
Local Admin Passwords
Memory Credentials
privileged access workstations
locking down administrative systems
domain admin access
separate forests
twoway trust
Red Forest
DMZ
Play Around
The Right Answer
Tiered Architecture
Bastion Gen
Permissions
Admin Permissions
Tiers
Realistic Strategies
The Process
Local Administrative Password Solution
Summary
Usability
Questions