Last year we looked at some of the specifics of how to secure a windows network from 6000 hostile users with domain creds. Those users are still there, still hostile and still hell bent on breaking our stuff. I will recap the security measures we have in place and expand upon the specifics of the important ones. But there is also a holistic approach to building an Active Directory Domain from the bottom up so that security is built in, just like software design. As I have learned more about the attack vector I have realized that following best practices in design, that on first glance appear to have little security value, do in fact build the foundation of our ongoing success at beating back the attackers. You can’t build a house on quicksand.

Back to Derbycon 2014 video list