Reading 12 - theSam1998/ops-301-Reading-Notes GitHub Wiki

Reading 12

chatGPT insertions indicated by:🤖

Statement of relevance:

  • This article discussed the nature of domains, how they work and how they can be used to manage a large group of users and devices across one or multiple networks. Since using domains is such an effective and efficient way to perform group management, it will be vital for us to understand how they work and how we can use them/ how they can be exploited, whether we want to be sysadmins, analysts, or pen testers.

Explain the role of a Domain Controller?

  • A Domain Controller is a server that serves a role primarily in AAA, as well as general administration. A Domain controller is typically a windows server device that can change the settings for all users in that domain. It also serves as an authentication server, as when a computer is joined to a domain it uses a set of credentials that are managed on the domain controller. It also serves an authorization function by preventing users from making unauthorized system changes outside their scope of work/the company policy, ensuring compliance with all SOPs when managing company hardware being utilized by remote users. Domains can exist as a structure and thus, so can domain controllers across many operating systems, though windows provides the most prolifically distributed version with active directory, which serves intensive accounting and management purposes.
  • 🤖 Insertion: "Domain Controllers also replicate data between each other to ensure consistency and reliability of data across the network. This replication is critical in larger networks where there are multiple Domain Controllers."

What is the benefit of being able to login with the same username and password on any computer joined to the domain? What are the security risks?

  • There are a number of benefits, from small scale inter-personal benefits to large scale organizational ones. For one, lets say something happened to your laptop: you could borrow one from a coworker, or be provided a temporary one from your employer, or potentially even join one of your own backup devices to the domain. Either way, you would be able to sign in and access the resources and proper configurations you need to pick up working efficiently and effectively. On a larger scale, it serves an accounting purpose: the actions of a user within a domain are logged, and in some cases so are certain system processes and known red flags, delivering enhanced security. As for risks, your credentials would have an even greater degree of usefulness to any bad actor, whether an insider or otherwise. Anybody who has your credentials would be able to access the network and potentially hop into other systems or perform bad deeds under the guise of being you.
  • 🤖 Insertion: "While the same username and password across a domain can increase productivity and ease of use, it also increases the risk of lateral movement for attackers if they gain access to a single set of credentials. Lateral movement refers to the techniques that a cyber attacker uses to move through a network in search of sensitive data and other high-value assets."

Describe how group policies are used in domains?

  • when group policy settings are changed on the domain controller, they are changed for all users on that domain, overriding any local settings. In this way, they primarily serve a system administration role, allowing admins to easily deliver network or company wide changes to all users effective immediately, directly from the server.
  • 🤖 Insertion: "Group Policies can also be used to deploy software, scripts, and even updates to computers within the domain. This allows administrators to manage software installations and updates centrally, reducing the time and effort required to maintain software across a large network."

In what other ways can you think of that domains could be used beyond what was presented in the reading?

  • Domains seem to serve primarily a management function. While the obvious assumption would be a corporate network, and that is likely a large amount of the use cases, it could really be used in any situation where a large group of machines need to be managed. Crypto mining is one thought: a domain could be created for a group of crypto mining machines, to make the process of managing a large group of potentially monitor-less pcs easy. Or a domain could be created to manage a large quantity of IoT devices, like managing a large group of cameras and speakers across a warehouse.

Things I want to know more about

  • How exactly do domains work at their core? do microsoft's active directory and other solutions like LDAP use the same type of technology to manage groups of users? 🤖 Answer: "At their core, domains work by providing a centralized location for storing data about network resources, such as users, computers, and groups. This data is stored in a database, which is managed by a Domain Controller. Microsoft's Active Directory and LDAP (Lightweight Directory Access Protocol) are both directory services, but they use different protocols and technologies. Active Directory uses LDAP as one of its base protocols, but it also includes additional features, such as support for Kerberos for authentication and Group Policies for managing users and computers."
  • what are some of the most realistic use cases for domains that we are likely to encounter in the cybersecurity field? What does managing domains look like from the POV of a sysadmin? 🤖 Answer: "In the cybersecurity field, domains are often used in corporate or enterprise environments to manage large numbers of users and computers. This can include managing user access rights, deploying software updates, and enforcing security policies. From the perspective of a sysadmin, managing domains involves tasks such as adding and removing users, configuring Group Policies, managing permissions, and monitoring for any security issues. It also involves ensuring the health and availability of the Domain Controllers."
  • what are some more pressing security risks of using a domain? 🤖 Answer: "While domains provide many benefits, they also come with some security risks. One of the most significant risks is the potential for a single point of failure. If a Domain Controller is compromised, the attacker could potentially gain access to the entire network. Additionally, the centralized nature of domains means that if a user's credentials are compromised, an attacker could potentially access any system on the network that the user has permissions for. Finally, misconfigurations in Group Policies or access controls can lead to security vulnerabilities."