301 Reading 12 - marsecguy/reading-notes-cyberops GitHub Wiki

Windows Domains

  1. Explain the role of a Domain Controller?
    • The domain controller is the centralized unit that controls all other computers that are part of the domain. It adjusts the settings on all workstations to align with the settings determined by the organization's policies, and users cannot override the settings.
  2. What is the benefit of being able to login with the same username and password on any computer joined to the domain? What are the security risks?
    • Being able to login to any computer on the domain is extremely useful for ease of access, particularly for large, geographically diverse organizations. Someone visiting an office on the West Coast, who came from the East Coast, can login to any computer in the office and have their files, programs and other things they need available just as if they were in their own office. One major security risk is that people tend to walk away from their computer and forget to lock it or logout. It is easy to do that when in an unfamiliar office. Someone else can come across it and do anything they want with the audit trail (if any) leading back to the user who initially signed in.
  3. Describe how group policies are used in domains?
    • Group policies determine the settings that the domain controller will push out to all workstations. This centrally controls what users are and are not allowed to do on their workstations.
  4. In what other ways can you think of that domains could be used beyond what was presented in the reading?
    • It can serve a security function by preventing intentional or accidental security breaches or data leaks
    • It can facilitate the use of shared peripherals and resources (such as printers and projectors). Once the peripheral is attached to the domain, it can be configured to allow any domain user to use it
    • It can also centralize and automate security functions within the organization. For example, numerous failed login attempts could alert the IT security team and lock the user account until proper identity (authorization) can be established by other means

Source:How-to-Geek