Univention Bugzilla – Bug 56737
Add links to external essential Active Directory security best practice documentation to UCS hardening guide
Last modified: 2023-10-17 15:04:38 CEST
We should add links to some external essential Active Directory security best practice documentation to the UCS hardening guide: https://help.univention.com/t/ucs-and-security-hardening/6059#samba-active-directory-domain-controller-8 For example recommendations my Microsoft: * https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory * https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-access-model But also analysis recommendations by domain experts like: * https://www.hub.trimarcsecurity.com/post/trimarc-whitepaper-owner-or-pwnd * https://www.teal-consulting.de/en/2023/07/17/troopers-conference-recap/ * https://specterops.github.io/TierZeroTable/ As I paste links here I think that just dumping a bunch of links will make it confusing. I guess we should curate and include them into an overview text where they help to provide additional value to our customers. It's important to learn from MS AD security knowledge and apply relevant parts to UCS Samba/AD.