Lab 1 - CYB 608 - Challenge #420 – Insider Threat: Domain Lockdown Incoming Challenge #499 – Secure PDF

Preview

Summary

Challenge #420 – Insider Threat: Domain Lockdown Incoming
Challenge #499 – Secure Roots: Domain Organization and Access Controls
w/screenshots & steps taken...

Description

CYB 608 – Ethical Hacking Week 1 Lab 10/7/2017

Challenge #420 – Insider Threat: Domain Lockdown Incoming

Domain Controller VM Start -> Administrative Tools -> Group Policy Management Edit DasGroup GPO User Configuration -> Policies -> Administrative Templates -> System -> Removable Storage Access From there, I edited CD and DVD: Deny read access, CD and DVD: Deny write access, Floppy Drives: Deny read access, etc., all the way to WPD Devices: Deny write access, and I enabled those settings, so the user is denied those functions. User Configuration -> Policies -> Administrative Templates ->Windows Components -> Windows Explorer Enabled option “Remove ‘Map Network Drive’ and ‘Disconnect Network Drive’” User Configuration -> Policies -> Administrative Templates: Policy definitions -> Start Menu and Taskbar Here, I disabled the option “Add the Run command to the Start menu”. For some reason, two of the status check marks stayed red (the first and third). I logged out and logged back in about 12 hours later, and one of the checkmarks turned green. I then double-checked my settings and the other finally turned green. I’m not sure what the problem was and why it didn’t turn green earlier, but it did finally turn green at least, and all three objectives got completed.

Challenge #499 – Secure Roots: Domain Organization and Access Controls

Domain Controller VM Start -> Administrative Tools -> Group Policy Management Forest: ad.daswebs.com -> Domains -> ad.daswebs.com I right-clicked on ad.daswebs.com, and select “New Organizational Unit”. I named it Accounting and selected okay. I did it again for Human Resources. Start -> Administrative Tools -> Active Directory Users and Computers I clicked on Users, then dragged and dropped Brimlock Stones to Accounting and Sergio Chanel to Human Resources. Start -> Administrative Tools -> Server Manager Roles -> Active Directory Domain Services -> Active Directory Users and Computers -> ad.daswebs.com -> Users I right-clicked Users and selected New -> Group, typed “HRsec”, and clicked okay (leaving Group Type as Security). I did the same for “Accountingsec”. I moved the HRsec security group I just created to the Human Resources folder and the Accountingsec security group to the Accounting folder. It took me forever to figure out why it wasn’t registering. Turns out it’s because they weren’t in these folders.

I double-clicked on Accountingsec under Account, clicked on the Members tab, then added Brimlock Stones. I did the same for HRsec with Sergio Chanel. Start -> Administrative Tools -> Group Policy Management Edit DasGroup GPO Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Autoplay Policies From here I enabled the option “Turn off AutoPlay” and selected “CD-ROM and removable media drives” from the drop-down menu. Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Security Options From here I selected “Interactive logon: Do not display last user name” and enabled it. For the last step, I opened Windows Explorer and went to the root of C drive. From here, I right-clicked on the Accounting folder, clicked the Security tab, clicked Continue, clicked Add, typed HRsec, and selected Check Names. I then clicked okay. After that, I denied Read and Write access. This way HRsec does not have read or write privileges with the Accounting folder on C drive’s root. I did the same for the HRsec folder with Accounting....