Question

At the end of the lab, you will be asked to respond to the following in a 2- to 2.5-page response at the end of your Microsoft Word document:

Explain the types of information that can be stored in an Active Directory user record.

Address the following in your response:

• What are some of the additional tabs that are available in the Active Directory Users and Computers "Advanced Features" mode?
• What are some of the specific challenges and risks associated with accountmanagement in a large infrastructure?
• How can inadequate access controls or access management leave critical information vulnerable?
• What protections does encryption offer and how important is key management tokeeping any encryption system secured?
• Considera cloud-hosted Infrastructure as a Service (IaaS) environment with many users accessing these systems from all over the world. What advantages or challenges might there be managing these identities and associated keys?

Finally, conclude this week's assignment with a page explaining how the tools and processes demonstrated in the lab might be used by an infrastructure administrator to help secure an environment.

Submit your assignment.

Answer 1

Explain the types of information that can be stored in an Active Directory user record.

Ans: Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. However, Active Directory became an umbrella title for a broad range of directory-based identity-related services.

Active Directory Domain Services (AD DS) is the cornerstone of every Windows domain network. It stores information about members of the domain, including devices and users, verifies their credentials and defines their access rights. The server running this service is called a domain controller. A domain controller is contacted when a user logs into a device, accesses another device across the network, or runs a line-of-business Metro-style app sideloaded into a device.

It has the ability to record different types of information about different objects. Active directory trend towards relying on standard protocols which stores in an activity directory user record.

Some of the informations that can be stored in Active directory are:

1. Organization personal informations

2. Sites

3. Computers

4.Users

5. Shares

6. Information or data about any other network object.

What are some of the additional tabs that are available in the Active Directory Users and Computers "Advanced Features" mode?

Ans:

Many administrators are familiar with Additional Account Info tab since there have been AD domains based on Windows Server 2003. It is to be reminded that the Additional Account Info tab to appear in the User Properties of Active Directory Users and Computers (ADUC) console, you had to download Windows 2003 Resource Kit and register a special library Acctinfo.dll .

After that if you open the properties window of any AD user, you can see a new tab containing different information useful for a domain administrator, like:

• Password Last Set – time when a user password has been changed
• Password Expires – a period of time when the password expires
• User Account Control / Locked – the account status (enabled, disabled, locked, etc.)
• Last logon (logoff) – the time of the last logon (logoff) of the user on the domain controller
• Information on the counters of failed/successful logons
• SID, GUID information and SID History

So, to add Acctinfo.dll to the Active Directory Users and Computers in the x64 version of Windows (Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012 / R2), you have to:

• Download the Account Lockout and Management Tools from Microsoft website (the archive as of 8/22/2012, contains the self-extracting archive ALTools.exe with the size of 850 KB) and unpack it.
• Copy the library file acctinfo.dll to C:\Windows\SysWOW64 directory
• Start a command prompt as an administrator and register the library in the system:

  1	regsvr32 C:\Windows\SysWOW64\acctinfo.dll

• 
  Create a shortcut for Active Directory Users and Computer (dsa.msc) snap-in, and specify in the shortcut properties that you want to run the console in the 32-bit mode:

  1	C:\Windows\System32\dsa.msc -32

• Open ADUC console with this shortcut and enable the display of the advanced features (View->Advanced Features)
• Left open the properties of any domain user and make sure that the new Additional Account Info tab has appeared.
• You can expand the features of this tab by integrating a separate Account Lockout Status button into it, which allows to start LockoutStatus.exe (Microsoft Account Lockout Status) directly from the ADUC console. This utility can analyze the logs of the AD domain controllers and determine which domain controller has locked the account

What are some of the specific challenges and risks associated with accountmanagement in a large infrastructure?

Ans:

1.There is an inherent conflict between the aspiration of data to limit the number of records and volatility of potential future.

2.It is important to maintain flexibility to respond to unforeseen changes over the life cycle of a project when there is larger infrastructure.

3.It requires an end-to-end risk-management view, as opposed, individualized process-step responsibility when the capacity of data is vulnerable.

4.The mitigation capabilities causes risks with account management in a large infrastructure

How can inadequate access controls or access management leave critical information vulnerable?

Ans:

1.If there is no proper access management,there will be problem in loosing security of which data is viewed by whom.

2.It is important to access and maintain employees only to access their job or function.

3.There is no urgency to remove access at any time before checking data concurrency.

4.Major problem with incorrect access management is audits and compliance issues.

What protections does encryption offer and how important is key management tokeeping any encryption system secured?

Ans:

1.Private key and public key gives protection which improves complexity, and in particular this means dealing with encryption keys.

2.It Encouraged organisations to encrypt their data more and more,removable media such as tapes and mobile devices like laptops.

3.checking the protection of ensure the central key repository.

4.It provides a public key to encrypt data and a private key to decrypt data.

Considera cloud-hosted Infrastructure as a Service (IaaS) environment with many users accessing these systems from all over the world. What advantages or challenges might there be managing these identities and associated keys?

Ans:

1.Insufficient iteration between client and contractor's top team is the challange in managing associated keys

2.Proactive risk activation is a major advantage in cloud-hosted Infrastructure as a Service (IaaS) environment with many users accessing these systems.

3.On site visual management and onsite change handling can be done in cloud hosted Iaas.

4.Consistency over management approval of multiple adjustments.

Finally, conclude this week's assignment with a page explaining how the tools and processes demonstrated in the lab might be used by an infrastructure administrator to help secure an environment

Ans:

1.Industry experts and security professionals,responsible for software security are using this infrastructure administrator to help secure an environment.

2.These tools are used in Measuring Security in the economics of insecure software.

3.This brings deeper understanding of the vulnerabilities to the security reasons.

4.Helps in economics and security for the study of academic researchers.

5.It helps in perform various levels of testing.

6.It helps in to understand the scope of security,develops mindset.

7.Helps in the understanding of right tools to specifically disallowed use case.

8.Use Source Code When Available during a black box engagement.

9.Brings the testing techniques to understand more.

10.Document of test results can be formed using this tool.

Note: This information is about 3-4 pages, if you have any queries, feel free to comment

And if my answer suffice to the requirements, kindly upvote.

Happy Learning