###BeginCaseStudy###
Case Study: 1
Humongous Insurance
Scenario:
COMPANY OVERVIEW
Humongous Insurance has a main office and 20 branch offices. The main office is located in
New York. The branch offices are located throughout North America. The main office has
8,000 users. Each branch office has 2 to 250 users.
PLANNED CHANGES
Humongous Insurance plans to implement Windows BitLocker Drive Encryption (BitLocker)
on all servers.
EXISTING ENVIRONMENT
The network contains servers that run either Windows Server 2003, Windows Server 2008, or
Windows Server 2008 R2. All client computers run either Windows 7 Enterprise or Windows
Vista Enterprise.
Business Goals
Humongous Insurance wants to minimize costs whenever possible.
Existing Active Directory/Directory Services
The network contains a single Active Directory forest named humongousinsurance.com. The
forest contains two child domains named north.humongousinsurance.com and
south.humongousinsurance.com. The functional level of the forest is Windows Server 2008
R2.
Existing Network Infrastructure
Each child domain contains a Web server that has Internet Information Services (IIS)
installed. The forest root domain contains three Web servers that have IIS installed. The Web
servers in the forest root domain are configured in a Network Load Balancing (NLB) cluster.
Currently, all of the Web servers use a single domain user account as a service account.
Windows Server Update Services (WSUS) is used for company-wide patch management. The
WSUS servers do not store updates locally. The network contains Remote Desktop servers
that run Windows Server 2008 R2. Users in the sales department access a line-of-business
Application by using Remote Desktop. Managers in the sales department use the Application
to generate reports. Generating the reports is CPU intensive. The sales managers report that
when many users are connected to the servers, the reports take a long time to process.
Humongous Insurance has the following standard server builds:
• Class 1 – Dual x64 CPUs, 4-GB RAM, Windows Web Server 2008 R2
• Class 2 – Dual x64 CPUs, 4-GB RAM, Windows Server 2008 R2 Standard
• Class 3 – Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Standard
• Class 4 – Quad x64 CPUs, 8-GB RAM, Windows Server 2008 R2 Enterprise
Current Administration Model
Humongous Insurance currently uses the following technologies to manage the network:
• Microsoft Desktop Optimization Pack
• Microsoft Forefront EndPoint Protection
• Microsoft System Center Operations Manager
• Microsoft System Center Configuration Manager
TECHNICAL REQUIREMENTS
Humongous Insurance must meet the following technical requirements:
• A certificate must be required to recover BitLocker-protected drives.
• Newly implemented technologies must minimize the impact on LAN traffic.
• Newly implemented technologies must minimize the storage requirements.
• The management of disk volumes and shared folders must be performed remotely
whenever possible.
• Newly implemented technologies must minimize the amount of bandwidth used on
Internet connections.
• All patches and updates must be tested in a non-production environment before they
are App1ied to production servers.
• Multiple versions of a Group Policy object (GPO) must be maintained in a central
archive to facilitate a rol required.
The management of passwords and service principal names (SPNs) for all service accounts
must be automated whenever possible.
###EndCaseStudy###
You need to recommend a strategy for using managed service accounts on the Web servers. Which
managed service accounts should you recommend?
A.
One account for all the web servers.
B.
One account for each web server.
C.
One account for the parent domain and one account for both child domains.
D.
One account for the parent domain and one account for each child domain.
Explanation:
There are 5 web servers in total, 3 in the forest root domain and 1 in each child domain.
Service Account Vulnerability
The practice of configuring services to use domain accounts for authentication leads to potential
security exposure. The degree of risk exposure is dependent on various factors, including:
The number of servers that have services that are configured to use service accounts. The
vulnerability profile of a network increases for every server that has domain account authenticated
services that run on that server. The existence of each such server increases the odds that an
attacker might compromise that server, which can be used to escalate privileges to other resources
on a network.
The scope of privileges for any given domain account that services use. The larger the scope of
privileges that a service account has, the greater the number of resources that can be compromised
by that account.
Domain administrator level privileges are a particularly high risk, because the scope of vulnerability
for such accounts includes any computer on the network, including the domain controllers. Because
such accounts have administrative privileges to all member servers, the compromise of such an
account would be severe and all computers and data in the domain would be suspect.
The number of services configured to use domain accounts on any given server. Some services have
unique vulnerabilities, which make them somewhat more susceptible to attacks. Attackers will
usually attempt to exploit known vulnerabilities first. Use of a domain account by a vulnerable
service presents an escalated risk to other systems, which could have otherwise been isolated to a
single server.
The number of domain accounts that are used to run services in a domain. Monitoring and managing
the security of service accounts requires more diligence than ordinary user accounts, and each
additional domain account in use by services only complicates administration of those accounts.
Given that administrators and security administrators need to know where each service account is
used to detect suspicious activity highlights the need to minimize the number of those accounts.
The preceding factors lead to several possible vulnerability scenarios that can exist, each with a
different level of potential security risk. The following diagram and table describe these scenarios.
For these examples it is assumed that the service accounts are domain accounts and each account
has at least one service on each server using it for authentication. The following information
describes the domain accounts shown in the following figure.
Account A has Administrator-equivalent privileges to more than one domain controller.
Account B has administrator-equivalent privileges on all member servers.
Account C has Administrator-equivalent privileges on servers 2 and 3.
Account D has Administrator-equivalent privileges on servers 4 and 5.
Account E has Administrator-equivalent privileges on a single member server only.