A Brief History of Microsoft’s Active Directory

Microsoft Windows Server, ,

Active Directory

Active Directory Overview

For my latest CBT Nuggets course, you and I are going on an intense exploration of the wonders of Active Directory (AD). AD is a Network Operating System (NOS) that Microsoft originally built on top of Windows 2000! Obviously, with Windows Server 2016 powering many data centers today, this NOS has seen many change and improvements.

The Database

It is fair to think of AD as a sophisticated database. It holds information about your users, groups, computers, printers, and any other objects you need to define in order to make your network thrive. When Microsoft first introduced Windows NT, they were struggling with what to do about a NOS. In fact, the original “domain” concept from Microsoft featured information stored in a flat file structure and constrained administrators to a fixed number of objects they could add to the domain. It is amazing to think about this today with the vastly scalable network architectures of Server 2016.

The key technology that changed everything for Microsoft was the Lightweight Directory Access Protocol (LDAP). Microsoft was so impressed with this open standard for NOS functions they based their own Active Directory on these principles and ensured the compliance of AD with LDAP.

It is no coincidence that LDAPv3 became a reality in 1997 and Microsoft released AD in Windows 2000.

The Database Revealed

While Active Directory presents a hierarchical structure to users and administrators, it is still actually stored in a flat file database structure. Users never see this, however. They see container objects and non-container objects (leaf nodes). The most common container we use today is the OU (OrganizationUnit). These incredibly powerful structures allow us to group similar objects and then apply security and management policies to these devices as a whole.

I hope you are super excited like I am for the Windows Server 2016 Identity course at CBT Nuggets where we will use Hands On Labs to ensure you master all aspects of AD!
Pearson Education (InformIT)

CCIE Evolving Technologies – Cloud Security and Privacy

CCIE Coaching, CCIE Data Center, CCIE General, CCIE R&S, CCIE Security, CCIE SP, , ,

cloud

Cloud Security and Privacy Overview

Here is another post to help you with the new Evolving Technologies section of the written exams for CCIE. This is from the Cloud section, and specifically addresses the Security and Privacy sub-bullet.

The Top Concerns

What should be your top most concerns in this area? Here they are:

  • Secure data transfers – ensuring data travels over IPsec, or similarly protected channels is critical as information moves from your users to private, or public, or hybrid clouds; obviously public and hybrid clouds can present more risk as the Internet is often the medium of transfer.
  • Secure software interfaces – the APIs you and your provider use in your cloud services must also offer security and privacy mechanisms.
  • Secure stored data – for storage in the cloud ecosystem, is your data receiving the security and privacy it requires; what about proper disposal of data by cloud providers?
  • User access control – who has access to your data in the cloud? This is especially critical if your data is maintained by a public provider with users that fall outside of your corporate scope.
  • Data separation – if you are using cloud services in a multi-tenant environment, what techniques are in use to protect data breaches from one organization to another.

Cloud Security Controls

These tend to fall into these categories:

  • Deterrent controls – intended to reduce attacks on a cloud system. Much like a warning sign on a fence or a property, deterrent controls typically reduce the threat level by informing potential attackers that there will be adverse consequences for them if they proceed.
  • Preventive controls – strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities. Strong authentication of cloud users, for instance, makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified.
  • Detective controls – intended to detect and react appropriately to any incidents that occur. In the event of an attack, a detective control will signal the preventative or corrective controls to address the issue. System and network security monitoring, including intrusion detection and prevention arrangements, are typically employed to detect attacks on cloud systems and the supporting communications infrastructure.
  • Corrective controls – reduce the consequences of an incident, normally by limiting the damage. They come into effect during or after an incident. Restoring system backups in order to rebuild a compromised system is an example of a corrective control.

Pearson Education (InformIT)