Join 2 of the best field experts in infrastructure recovery and learn from their experiences how to PREVENT what happened to their customers.

This 1 day with unique notes-from-the-field and pragmatic content is delivered in workshop format.
Handouts and notes will be shared with all students to implement the concepts and minimize your breach.

 

Block 1: Network Configuration and Management

The network needs to be configured correctly, in many cases we see the network being overcomplicated, preventing a fast recovery process or just plain flat. In this session you will learn how the network should look like to be secure and yet easy to manage and control. You will learn about segmentation, micro segmentation, firewall configuration (both the network-based firewall and the operating system based), the important value of preventing outbound traffic, VPN configurations, when and why VPN is needed, and should not be used and how to use the Windows firewall for protocol based microsegmentaion

• Network Isolation
• Network Segmentation
• Network Firewall Configuration
• Windows Firewall Configuration
• Network Monitoring
• Network Management
• Proxy configuration for outbound rules

Block 2: Securing High Privileged Accounts and Control Plane

In this session, you will learn how to protect the control plane, which is the place you can assume total control over the environment. In many cases we see this has not been done in a correct manner, exposing the environment to common tactics like kerberoasting and lateral movement, let´s remedy that by looking at how we can prevent it or at least slow a threat actor down enough to have the SOC react.

• Securing the Control Plane
• Protecting High Privileged Accounts
• Global Admin and Domain Admin
• Built-in Groups
• Smart Delegation and RBAC
• Using Jump Hosts and Privileged Access Workstations
• Administrative Tiering

Block 3: Virtualization and Disaster Recovery

The virtualization platform is the number one target for a threat actor, it is also the most important platform you have, since all value runs on top of it. In this session you will learn how to manage it and how it should be configured. We will cover the major platforms like VMware, Hyper-V and Azure Local. You will also learn how to set up the disaster recovery solution and of course the self-service platform that gives the operator secure access to the workload without having any insights to the underlaying platform.

• Virtualization Technologies
• Self-Service and Isolation
• Disaster Recovery

Block 4: Managing Windows Server, Active Directory and Entra ID

As the administrator you need to use you high privileged accounts, but doing so also put you at risk, in this session you will learn how to do what you need to do, at the same time avoiding exposure you your valuable credentials. You will learn how to connect remotely using MFA, internally without exposing CredSSP stored account information and much.

• Windows Server Management fundamentals
• Using System Center
• Using Group Policy
• RSAT and RDP based Management
• Remote PowerShell
• Remote connectivity using Application Proxy and NPS MFA extension

Block 5: Securing Backups

The backup solution is the last line of defense, in our line of work we often need to restore data from the backup, when possible, I should say, because the sad story is that whatever the customer was hoping for does not always work. In this session you will learn how to create a backup and restore solutions that not only protect your data from the normal “woops”, but also is ransomware proof. You will also learn what needs to be backed up to be able to restore.

• Backup Solutions
• What should be included?
• How to restore different types of workloads