COMP2221 Networks in Organisations Richard Henson April 2012.
48
COMP2221 COMP2221 Networks in Networks in Organisations Organisations Richard Henson Richard Henson April 2012 April 2012
-
Upload
nigel-newman -
Category
Documents
-
view
219 -
download
1
Transcript of COMP2221 Networks in Organisations Richard Henson April 2012.
COMP2221COMP2221
Networks in OrganisationsNetworks in Organisations
Richard HensonRichard Henson
April 2012April 2012
Week 9 – Closer look at W2K Week 9 – Closer look at W2K etc. Architectureetc. Architecture
ObjectivesObjectives– Explain new security features brought in Explain new security features brought in
with active directorywith active directory– Apply secure file system principles and Apply secure file system principles and
active directory to controlling access for active directory to controlling access for groups of network usersgroups of network users
– Apply active directory group policies across Apply active directory group policies across one/more domain using active directoryone/more domain using active directory
Origins of Origins of Active Directory…Active Directory…
US President Clinton, May 1998:– “e-commerce” directive
Objective to use the Internet for doing business– Internet therefore had to be capable of
secure data transfer…
Microsoft new Strategy Desire/need to engage with the
architecture of the “new” Internet– DNS system– Public Key Infrastructure
» LDAP for engaging with object-oriented directories
– Secure remote authentication through» Domain trees based on DNS» Kerberos naming
– Virtual Private Networks
Launch of Active DirectoryLaunch of Active Directory
Gave Windows networks…. “credibility”Gave Windows networks…. “credibility”– ““global catalog” (object-oriented database for global catalog” (object-oriented database for
whole domain)whole domain)» all network users, groups of users, devices, services all network users, groups of users, devices, services
centrally controlled by domain controller clustercentrally controlled by domain controller cluster
and “kudos…”and “kudos…”– distributed database, means to access it, and distributed database, means to access it, and
security features all developed with RFCssecurity features all developed with RFCs» stark contrast with rival Novell’s NDS - stark contrast with rival Novell’s NDS -
proprietary protocols; not in compliance with proprietary protocols; not in compliance with standardsstandards
The Active Directory “store”The Active Directory “store” Global Catalog Global Catalog
– stored as file NTFS.DIT when the first stored as file NTFS.DIT when the first domain controller is createddomain controller is created
– distributed across alldistributed across all domain controllersdomain controllers» covers all “objects” on domain controllerscovers all “objects” on domain controllers
e.g.e.g. shared resources such as servers, files, printers; shared resources such as servers, files, printers; network user and computer accountsnetwork user and computer accounts
– directory changes automatically replicated directory changes automatically replicated to all domain controllersto all domain controllers
Active Directory and Active Directory and Domain TreesDomain Trees
Organisational names chosen for AD can Organisational names chosen for AD can logically link domains into a treelogically link domains into a tree– called the DNS Zonecalled the DNS Zone– eeach domain identified by its DNS domain nameach domain identified by its DNS domain name
» hierarchy needs carefully planninghierarchy needs carefully planning
– very useful for organisation very useful for organisation networknetworkss that may that may require more than one domain (e.g. old campus require more than one domain (e.g. old campus and new campus?)and new campus?)
Evolution from Evolution from Exchange Server…Exchange Server…
““Schema” database model evolved from Schema” database model evolved from Microsoft Exchange ServerMicrosoft Exchange Server– properties of mailbox holdersproperties of mailbox holders
Extended to all objects/properties in the Extended to all objects/properties in the domaindomain– holds DNS names for all objects in the domainholds DNS names for all objects in the domain– allows “search” by selected attributes to find an allows “search” by selected attributes to find an
object easily, regardless of where it is in the treeobject easily, regardless of where it is in the tree All managed through Microsoft Management All managed through Microsoft Management
Console (MMC) interfaceConsole (MMC) interface
Managing Group PolicyManaging Group Policy
Group Policy Management ConsoleGroup Policy Management Console Biggest improvement in Windows Biggest improvement in Windows
Servers since 2000Servers since 2000 Applies principles of MMC to managing Applies principles of MMC to managing
group profilesgroup profiles– particularly useful for testing/viewing the particularly useful for testing/viewing the
resultant profile of interaction between resultant profile of interaction between several group profiles in a particular orderseveral group profiles in a particular order
Security Features of Security Features of Active Directory (1)Active Directory (1)
SSL (Secure OSI level 5)SSL (Secure OSI level 5) Internet Information Server (IIS) used to create Internet Information Server (IIS) used to create
websites accessible only via https/SSLwebsites accessible only via https/SSL
LDAP over SSLLDAP over SSL LDAP important for internet lookupLDAP important for internet lookup used with secure sockets layer (SSL) for used with secure sockets layer (SSL) for
checking server credentials for extranet and e-checking server credentials for extranet and e-commerce applicationscommerce applications
Transitive Domain TrustTransitive Domain Trust default trust between contiguous Windows default trust between contiguous Windows
domains greatly reduces management overheaddomains greatly reduces management overhead
Security and Active Directory (2)Security and Active Directory (2)
Kerberos AuthenticationKerberos Authentication authentication of users on remote domains authentication of users on remote domains
not part of the same DNS zonenot part of the same DNS zone
Smart Card SupportSmart Card Support logon via smart card for strong logon via smart card for strong
authentication to sensitive resourcesauthentication to sensitive resources
Protecting Local PasswordsProtecting Local Passwords From Windows 2000 onwards (actually, available From Windows 2000 onwards (actually, available
in NT 4 from SP4), more sophisticated in NT 4 from SP4), more sophisticated challenge-response encryption (NTLMv2) was challenge-response encryption (NTLMv2) was available to all systems…available to all systems…– until Vista arrived this was turned off by default until Vista arrived this was turned off by default
» for “compatibility reasons”for “compatibility reasons”
– passwords on XP systems therefore usually easy to passwords on XP systems therefore usually easy to “hack” (!)“hack” (!)
Any network user on a pre-Vista client system Any network user on a pre-Vista client system should make should make sure this password should make should make sure this password protection feature is turned on…protection feature is turned on…– can be added for domain users through group policycan be added for domain users through group policy
Active Directory and Active Directory and “controlling” Users“controlling” Users
““Groups” already well established for Groups” already well established for managing network users managing network users
Active directory centrally organised resources Active directory centrally organised resources including all computers including all computers – allowed groups to become more powerful for user allowed groups to become more powerful for user
managementmanagement– exploited by enabling the organisation of users exploited by enabling the organisation of users
and groups of users into:and groups of users into:» organisational unitsorganisational units» sitessites» domainsdomains
Managing Domain Users with Managing Domain Users with Active DirectoryActive Directory
Same user information stored on all Same user information stored on all domain controllersdomain controllers
Users can be administered at or by Users can be administered at or by secure access to administrator on any secure access to administrator on any domain controller for that domaindomain controller for that domain– flexibility but potential danger!flexibility but potential danger!
Making Sure Users don’t get Making Sure Users don’t get the Administrator Password!the Administrator Password! File security assumes that only the File security assumes that only the
network manager can log on as network manager can log on as administratoradministrator– but if a user can guess the password…but if a user can guess the password…
Strategies:Strategies:– rename the administrator account to something rename the administrator account to something
more obscuremore obscure– only give administrator password to one other only give administrator password to one other
personperson– change administrator password regularlychange administrator password regularly
How AD Provides SecurityHow AD Provides Security
Manages which “security principal(s)” Manages which “security principal(s)” have access to each specific resourcehave access to each specific resource– i.e. users, computers, groups, or services i.e. users, computers, groups, or services
(via service accounts)(via service accounts)» each has a unique identifier (SID) each has a unique identifier (SID)
Validates the authentication process…Validates the authentication process…– for computers, at startupfor computers, at startup– for users, at logonfor users, at logon
More about the SIDMore about the SID
The SID (Security ID) comprises:The SID (Security ID) comprises:– domain IDdomain ID
» common to all security principals common to all security principals within the domainwithin the domain
– unique relative identifier (RID)unique relative identifier (RID)
Access TokensAccess Tokens
Generated when a user logs on to the Generated when a user logs on to the networknetwork
Contains:Contains:– user’s SIDuser’s SID– SIDs for each group to which the user is a SIDs for each group to which the user is a
membermember– assigned user rights or privileges as a result of assigned user rights or privileges as a result of
processing the IDs in the specified orderprocessing the IDs in the specified order
ACE (Access Control Entries)ACE (Access Control Entries)
Each object or resource has an access Each object or resource has an access control list (ACL) e.g.control list (ACL) e.g.– objects and their propertiesobjects and their properties– shared folders and printer sharesshared folders and printer shares– folders and files within the NTFS file systemfolders and files within the NTFS file system
ACEs contained within ACLACEs contained within ACL– protects resource against unauthorised usersprotects resource against unauthorised users
More on ACLsMore on ACLs
Two distinct ACLs each object or Two distinct ACLs each object or resource:resource:– discretionary access control list (DACL) discretionary access control list (DACL)
» list of the SIDs that are either granted or denied list of the SIDs that are either granted or denied access and the degree of access that is allowed access and the degree of access that is allowed
– systems access control list (SACL)systems access control list (SACL)» list of all the SIDs whose access or manipulation of list of all the SIDs whose access or manipulation of
the object or resource needs to be audited, and the the object or resource needs to be audited, and the type of auditing that needs to be performedtype of auditing that needs to be performed
Mechanism of AD securityMechanism of AD security Users are usually assigned to security groups Users are usually assigned to security groups
within ADwithin AD When a user attempts to access a directory When a user attempts to access a directory
object or network resource…object or network resource…– the security subsystem looks at the SID for the the security subsystem looks at the SID for the
user and the SIDs of the security groups to which user and the SIDs of the security groups to which the user is a memberthe user is a member
– checks to see whether it/they match the security checks to see whether it/they match the security descriptors assigned to the resourcedescriptors assigned to the resource
If there is a match…If there is a match…– user is granted the degree of access to the user is granted the degree of access to the
resource that is specified in the ACLresource that is specified in the ACL
Power of Group IDs in Power of Group IDs in Policy-based SecurityPolicy-based Security
Groups of users can be granted or denied Groups of users can be granted or denied access to or control over entire classes of access to or control over entire classes of objects and sets of resourcesobjects and sets of resources
Group Policy feature allows security & usage Group Policy feature allows security & usage policies to be established separately for:policies to be established separately for:– computer accountscomputer accounts– user accountsuser accounts
Group Policy be applied at multiple levels: Group Policy be applied at multiple levels: – users or computers residing in a specific OUusers or computers residing in a specific OU– computers or users in a specific AD sitecomputers or users in a specific AD site– an entire AD domainan entire AD domain
Active Directory and Active Directory and Group PolicyGroup Policy
Power of Group Policy:Power of Group Policy:– allows network administrators to define and allows network administrators to define and
control the policies governing:control the policies governing:» groups of computersgroups of computers
» groups of usersgroups of users
– administrators can set group policy for any administrators can set group policy for any of the sites, domains, or organizational units of the sites, domains, or organizational units in the Active Directory Domain Treein the Active Directory Domain Tree
Monitoring Group Policy Monitoring Group Policy
Policies are ADDITIVEPolicies are ADDITIVE– watch simulation… (AGAIN!)watch simulation… (AGAIN!)
Windows 2000 policiesWindows 2000 policies– need to assess which specific cumulative set of need to assess which specific cumulative set of
policies were controlling the environment for a policies were controlling the environment for a specific user or computerspecific user or computer
Windows 2003 GPMCWindows 2003 GPMC– tracking and reporting the Resultant Set of Policy tracking and reporting the Resultant Set of Policy
(RSoP):(RSoP):» net effect of each of the overlapping policies on a specific user net effect of each of the overlapping policies on a specific user
or computer within the domainor computer within the domain
Extending User/Group Extending User/Group Permissions beyond a domainPermissions beyond a domain Possible for user permissions to be safely Possible for user permissions to be safely
applied beyond the local domainapplied beyond the local domain– so users on one network can gain access to files on another so users on one network can gain access to files on another
networknetwork
– authentication controlled between servers on the local authentication controlled between servers on the local and trusted domainsand trusted domains
Normally achieved through “adding” groups from Normally achieved through “adding” groups from a trusted domaina trusted domain
NOT the same as “remote logon”NOT the same as “remote logon”– needs special username/password authorisation…needs special username/password authorisation…
Managing Users Managing Users & Their Profiles& Their Profiles
Once they get the hang of it, users save Once they get the hang of it, users save all sorts of rubbish to their user areasall sorts of rubbish to their user areas– may well include lots of downloaded web may well include lots of downloaded web
pages and imagespages and images Problem!Problem!
– 5000 users5000 users– each user takes 1 Gb of space...each user takes 1 Gb of space...– total disk space required is 5000 Gbytes!total disk space required is 5000 Gbytes!
Managing User ProfilesManaging User Profiles Back to the issue of “information pollution” Back to the issue of “information pollution”
discussed last week…discussed last week… Windows 2000 Disk Quotas:Windows 2000 Disk Quotas:
– allowed administrators to track and control user NTFS allowed administrators to track and control user NTFS disk usagedisk usage
» coupled with Group Policy and Active Directory technologycoupled with Group Policy and Active Directory technology
» only problem: not easy to manage disk quotasonly problem: not easy to manage disk quotas needed scripting, reporting and remote usage methods needed scripting, reporting and remote usage methods
Windows 2003 Disk Quotas:Windows 2003 Disk Quotas:– better all round functionality and easier enterprise-wide better all round functionality and easier enterprise-wide
disk quota manageabilitydisk quota manageability
Third Party User Third Party User Space for AdministratorsSpace for Administrators
Plenty of third party software available to Plenty of third party software available to manage user quotasmanage user quotas– e.g. Quota Managere.g. Quota Manager
One strategy:One strategy:– set max disk space per user to 100 Mbytesset max disk space per user to 100 Mbytes– send warning message at 100 Mbytessend warning message at 100 Mbytes– disable user’s home area at 105 Mbytesdisable user’s home area at 105 Mbytes
Also - software to automatically delete stored Also - software to automatically delete stored web pages in user foldersweb pages in user folders
User RightsUser Rights Users MUST NOT have access to Users MUST NOT have access to
sensitive parts of the system (e.g. sensitive parts of the system (e.g. network servers, local system software) network servers, local system software) – operating system can enforce thisoperating system can enforce this
Users SHOULD:Users SHOULD:– have access to basic software toolshave access to basic software tools– NOT be denied on the grounds that the NOT be denied on the grounds that the
software could be misused…software could be misused…» c.f. no-one is allowed to drive a car because some c.f. no-one is allowed to drive a car because some
drivers cause accidents!drivers cause accidents!
Controlling/Monitoring Group Controlling/Monitoring Group Policy across DomainsPolicy across Domains
AD across a distributed enterprise…AD across a distributed enterprise…– ““enterprise” administrators have the authority to enterprise” administrators have the authority to
implement and alter Group Policies anywhere implement and alter Group Policies anywhere – important to manage and restrict their number... important to manage and restrict their number...
Enterprise admins need to inform domain admins:Enterprise admins need to inform domain admins:– what has changedwhat has changed– when it changedwhen it changed– the implications of the change for directory and network the implications of the change for directory and network
operations…operations… Otherwise…Otherwise…
– a change to Group Policies affecting a domain might a change to Group Policies affecting a domain might occur with distastrous consequencesoccur with distastrous consequences
Network Threats, Network Threats, Vulnerabilities, and AttacksVulnerabilities, and Attacks
Protection implemented should relate to the Protection implemented should relate to the IMPACT if the threat became a realityIMPACT if the threat became a reality– i.e. the value to the enterprise of the information or i.e. the value to the enterprise of the information or
operation that would be compromisedoperation that would be compromised Example:Example:
– most networks probably wouldn’t need or want to most networks probably wouldn’t need or want to implement fingerprint and retinal scanning to control implement fingerprint and retinal scanning to control access to the average user’s workstationaccess to the average user’s workstation
– might, however, want to implement smart cards to might, however, want to implement smart cards to control access to critical domain controllerscontrol access to critical domain controllers
ThreatThreat Someone or something that has the capability Someone or something that has the capability
or potential to compromise the security of a or potential to compromise the security of a directory, network, or informationdirectory, network, or information
Three factors involved:Three factors involved:– MotiveMotive– MethodMethod– OpportunityOpportunity
Threats do not involve people and do not Threats do not involve people and do not have motive e.g. :have motive e.g. :– firefire– floodflood
Threat (2)Threat (2) ANY action by a user, condition, or process ANY action by a user, condition, or process
that has the potential to disclose, damage, or that has the potential to disclose, damage, or disrupt operations or information:disrupt operations or information:– attempted unauthorized entry into your attempted unauthorized entry into your
networknetwork– fire that breaks out in the building that houses the fire that breaks out in the building that houses the
network serversnetwork servers– virus that attempts to corrupt or delete needed virus that attempts to corrupt or delete needed
information are all examples of viable threats to information are all examples of viable threats to the security of the directory and the networkthe security of the directory and the network
– people internal to the organization!people internal to the organization!» internal threats more threatening than external ones!!!internal threats more threatening than external ones!!!
Vulnerability Vulnerability Any weakness in security that provides an Any weakness in security that provides an
opportunity for an attack and that, by its opportunity for an attack and that, by its utilization, can allow an attack to succeedutilization, can allow an attack to succeed
Could be:Could be:– softwaresoftware– hardwarehardware– social or physical environmentsocial or physical environment
Requires constant vigilance on many frontsRequires constant vigilance on many fronts– e.g.: if running Windows on servers, the latest e.g.: if running Windows on servers, the latest
service pack and patches neededservice pack and patches needed– requires monitoring Microsoft Web site for updates requires monitoring Microsoft Web site for updates
AttackAttack Any action by a user or software process that, Any action by a user or software process that,
if successful, results in the disruption, if successful, results in the disruption, disclosure, or damage to enterprise disclosure, or damage to enterprise information, services, or operationsinformation, services, or operations
Shares the characteristics of motive, method, Shares the characteristics of motive, method, and opportunity:and opportunity:– assume the intent on the part of the attacker to assume the intent on the part of the attacker to
deliberately be:deliberately be:» attempting to damage or steal informationattempting to damage or steal information» disrupt operationsdisrupt operations» uses or exploits the directory to gain access to or uses or exploits the directory to gain access to or
deny service from the directory or network resourcedeny service from the directory or network resource
User-Based AttacksUser-Based Attacks Most common source of attacks are those Most common source of attacks are those
initiated by people:initiated by people:– anonymous usersanonymous users attempting external attempting external
penetration of the enterprise networkpenetration of the enterprise network– an an authenticated userauthenticated user working working
from inside the networkfrom inside the network Can be either of:Can be either of:
– physical attacksphysical attacks on the equipment supporting the on the equipment supporting the directory or networkdirectory or network
» e.g. stealing/damaging equipment or physical network itselfe.g. stealing/damaging equipment or physical network itself
– based on based on using the networkusing the network or directory or directory environmentenvironment
» anonymous users, authenticated users, or even administratorsanonymous users, authenticated users, or even administrators
Threat: Anonymous UsersThreat: Anonymous Users Usually attempts to use vulnerabilities in Usually attempts to use vulnerabilities in
the network, service, or application the network, service, or application softwaresoftware– e.g. via scanning toolse.g. via scanning tools– e.g exploiting a well-known but not patched e.g exploiting a well-known but not patched
error conditionerror condition» when a known vulnerability is patched, the software when a known vulnerability is patched, the software
update usually provides a description of the weakness, update usually provides a description of the weakness, providing all the information needed to hackproviding all the information needed to hack
» therefore critical to stay on top of released patches and therefore critical to stay on top of released patches and security updates…security updates…
Exploitation of LDAPExploitation of LDAP
LDAP spec known at all (an RFC)LDAP spec known at all (an RFC) An anonymous user might be able to use An anonymous user might be able to use
LDAP to:LDAP to:– flood domain controllers with lookup queriesflood domain controllers with lookup queries– read domain informationread domain information– identify user account security policiesidentify user account security policies– find account names and SIDsfind account names and SIDs– identify shares on domain computersidentify shares on domain computers
Thwarting DoS attacksThwarting DoS attacks
SOME anonymous attacks can be SOME anonymous attacks can be mitigated by tightening security settingsmitigated by tightening security settings
Further action against anonymous DoS Further action against anonymous DoS attacks:attacks:– monitoring domain controllers for monitoring domain controllers for
unreasonably high levels of LDAP queriesunreasonably high levels of LDAP queries– renaming default file shares such C$, D$, renaming default file shares such C$, D$,
etc. and renaming the administrator etc. and renaming the administrator accountaccount
Threat: Authenticated UsersThreat: Authenticated Users
Examples:Examples:– spoofed-account access (via spoofed-account access (via
hacking/cracking tools)hacking/cracking tools)– illicit use of a valid account (obtained illicit use of a valid account (obtained
through some social engineering scheme)through some social engineering scheme)– valid user who has decided to attack valid user who has decided to attack
information, services, or operations for information, services, or operations for some personal or professional reasonsome personal or professional reason
Headache for administrators:Headache for administrators:
Accounts have legitimate access to a range Accounts have legitimate access to a range of resources and informationof resources and information
More difficult to detect the attacks More difficult to detect the attacks Can validly start processes that will have the Can validly start processes that will have the
effect of creating DoS conditions by effect of creating DoS conditions by consuming inordinate amounts of service consuming inordinate amounts of service resourcesresources– flood of LDAP queries or connectionsflood of LDAP queries or connections– filling disk space (for example, storing many filling disk space (for example, storing many
extremely large objects in the directory)extremely large objects in the directory)
Threats: AdministratorsThreats: Administrators Network Administrators themselves….Network Administrators themselves….
– potentially HUGE threats to the directory, network, & potentially HUGE threats to the directory, network, & enterprise information accessible via the network….enterprise information accessible via the network….
– must always be a highly responsible/accountable must always be a highly responsible/accountable jobjob
Threat could be Threat could be – ““spoofing” an administers accountspoofing” an administers account– an account with invalidly elevated privilegesan account with invalidly elevated privileges– a trusted administrator who has for some reason a trusted administrator who has for some reason
decided to attack the directory or network…decided to attack the directory or network…
Administrators & associated Administrators & associated personnel…personnel…
Not just administrators…Not just administrators… Accounts with some administrative rights can:Accounts with some administrative rights can:
– modify permissions on objects within their scopemodify permissions on objects within their scope– enable accounts to be trusted for delegationenable accounts to be trusted for delegation– change passwords on other user accounts to be change passwords on other user accounts to be
used for further (spoofing & repudiation) attacksused for further (spoofing & repudiation) attacks– change security settings causing DoS change security settings causing DoS
conditionsconditions
Security Precautions (1)Security Precautions (1)
Monitoring, analysis, responsiveness to Monitoring, analysis, responsiveness to anomalies in authenticated users anomalies in authenticated users permissions allocated by defaultpermissions allocated by default– a massive amount to monitor…a massive amount to monitor…– need to prioritiseneed to prioritise
» and/or use SIEM toolsand/or use SIEM tools
– analysis will detect anomaliesanalysis will detect anomalies– quick response will minimise the damage…quick response will minimise the damage…
Security Precautions (2)Security Precautions (2) What to monitor…What to monitor…
– members of sensitive security groups & determine members of sensitive security groups & determine sensitive account information (names, addresses, sensitive account information (names, addresses, phone numbers, password, etc…)phone numbers, password, etc…)
How to analyse…How to analyse…– discover linkage of Group Policiesdiscover linkage of Group Policies– identify sitesidentify sites– identify the OSs of the domain controllersidentify the OSs of the domain controllers– discover and disclose much additional information discover and disclose much additional information
stored in the directorystored in the directory– read most objects in the directoryread most objects in the directory
Software-Based Attacks Software-Based Attacks The whole AD forest and domain directory The whole AD forest and domain directory
structure are based on the schemastructure are based on the schema– any software application that any software application that
corrupts the schema could:corrupts the schema could:» compromise the entire directorycompromise the entire directory
» make the enterprise network inoperativemake the enterprise network inoperative
Automated attacks via viruses or worms that Automated attacks via viruses or worms that might “accidentally” affect the schema could might “accidentally” affect the schema could have a damaging or disruptive effect on ADhave a damaging or disruptive effect on AD
Email attachmentsEmail attachments HUGE riskHUGE risk
– user education doesn’t seem to stop people from user education doesn’t seem to stop people from opening every attachment that shows up in their opening every attachment that shows up in their inboxesinboxes
Can users be trusted? If notCan users be trusted? If not– a whole messaging system can be configured to a whole messaging system can be configured to
block, or at least scan, all attachmentsblock, or at least scan, all attachments– additional measures can be adopted, such as:additional measures can be adopted, such as:
» turning off preview panes that automatically display messagesturning off preview panes that automatically display messages
» converting HTML mail to plain textconverting HTML mail to plain text
» blocking email clients from accessing the Internetblocking email clients from accessing the Internet
Environment-Based Attacks Environment-Based Attacks Damage or destruction to the server hardware Damage or destruction to the server hardware
(via fire, flood, tornado, hurricane, lightning, (via fire, flood, tornado, hurricane, lightning, etc) etc) – could potentially render the AD environment could potentially render the AD environment
inoperative (strict backup and restoration inoperative (strict backup and restoration procedures are vital)procedures are vital)
Consistent threat across platformsConsistent threat across platforms– disaster preparedness and recovery plans MUST disaster preparedness and recovery plans MUST
include provisions for offsite data backupsinclude provisions for offsite data backups» make sure that the backups are actually taken offsitemake sure that the backups are actually taken offsite
» consider a secondary physical site that is ready to go in case the consider a secondary physical site that is ready to go in case the worst happensworst happens
![Josiah Henson--The Rev. Josiah Henson, 'Uncle Tom', In Scotland [Microform] (1877)](https://static.fdocuments.net/doc/165x107/577ce3991a28abf1038c8971/josiah-henson-the-rev-josiah-henson-uncle-tom-in-scotland-microform.jpg)
