![]() To get started, lets cover some basic concepts: ![]() My goal in this post is not to make you an IPsec expert but rather help you quickly understand one way it can be used to improve your security posture. Getting Started If you have ever tried to get your head around Microsoft's implementation of IPsec you know the learning curve can be steep. Therefore, we need to combine firewall rules with the authentication protocols in IPsec which allows us to build "identity based firewall rules". However, for most organizations the PAW is somewhat portable. If your PAWs are going to always have the same IP address you could implement a firewall rule which restricts port TCP 3389 to a defined list source IP addresses. Why IPSec? When I explain this concept to customers I am often asked why not simply use firewall rules and avoid the complexity of IPsec. An additional benefit is that we restrict how stolen credentials can be used unless an administrator's PAW is also acquired. ![]() By imposing this restriction, we limit the risk of exposing highly privileged credentials to a keyboard logger on a less trusted system such as an administrator's standard workstation. In that post, I mentioned that it is possible to use IPsec to ensure an admin can only make a RDP connection to Tier 0 devices (domain controllers) from a PAW. Hi Everyone, this is Jerry Devore back with a follow-up topic from my previous post on Privileged Administrative Workstations (PAW) which is a hardened device configuration used to protect privileged credentials. First published on TechNet on Jul 24, 2017
0 Comments
Leave a Reply. |