Week 7 Homework: A Day in the Life of a Windows Sysadmin
Overview
This homework assignment builds on the Group Policy Objectives activities from the previous class. We will create domain-hardening GPOs and revisit some PowerShell fundamentals.
The Day 3 activities must be fully completed in order to complete this activity. If they are not, you will need to refer to your student guides and set up your domain OUs, users, and groups .
Lab Environment
For this week's homework, please use the Windows Server machine and Windows 10 machine inside your Azure Windows RDP Host machine.
Windows RDP Host Machine:
Username: azadmin
Password: p4ssw0rd*
Open the Hyper-V Manager in the Windows RDP Host machine to access the nested virtual machines:
Windows 10 Machine
Username: sysadmin
Password: cybersecurity
Windows Server Machine:
Username: sysadmin
Password: p4ssw0rd*
Note: The instructions for each task will tell you which machine to work in.
The following document contains a list of Windows issues that commonly occur during this unit. Familiarize yourself with these issues so you can fix them as needed:
Understanding the Windows Unit Lab
Refer to your Unit 7 Student Guides if you have trouble with this homework.
Task 1: Create a GPO: Disable Local Link Multicast Name Resolution (LLMNR)
For this first task, you will investigate and mitigate one of the attack vectors that exists within a Windows domain.
Read about LLMNR vulnerabilities in the the MITRE ATT&CK database.
MITRE is one of the world's leading organizations for threat intelligence in cybersecurity.
MITRE maintains the Common Vulnerabilities and Exposures database, which catalogs officially known exploits.
It also maintains this MITRE ATT&CK database, which catalogs attack methods and signatures of known hacking groups.
Local Link Multicast Name Resolution (LLMNR) is a vulnerability, so we will be disabling it on our Windows 10 machine (via the GC Computers OU).
A few notes about LLMNR:
LLMNR is a protocol used as a backup (not an alternative) for DNS in Windows.
When Windows cannot find a local address (e.g. the location of a file server), it uses LLMNR to send out a broadcast across the network asking if any device knows the address.
LLMNR’s vulnerability is that it accepts any response as authentic, allowing attackers to poison or spoof LLMNR responses, forcing devices to authenticate to them.
An LLMNR-enabled Windows machine may automatically trust responses from anyone in the network.
Turning off LLMNR for the GC Computers OU will prevent our Windows machine from trusting location responses from potential attackers.
Instructions
Since this task deals with Active Directory Group Policy Objects, you'll be working in your nested Windows Server machine.
Create a Group Policy Object that prevents your domain-joined Windows machine from using LLMNR:
On the top-right of the Server Manager screen, open the Group Policy Management tool to create a new GPO.
Right-click Group Policy Objects and select New.
Name the Group Policy Object No LLMNR.
Right-click the new No LLMNR GPO listing and select Edit to open the Group Policy Management Editor and find policies.
In the Group Policy Management Editor, the policy you are looking for is at the following path: Computer Configuration\Policies\Administrative Templates\Network\DNS Client.
Find the policy called Turn Off Multicast Name Resolution.
Enable this policy.
Exit the Group Policy Management Editor and link the GPO to the GC Computers organizational unit you previously created.

Question

01-02-2024
Computers and Technology

contestada

Week 7 Homework: A Day in the Life of a Windows Sysadmin
Overview
This homework assignment builds on the Group Policy Objectives activities from the previous class. We will create domain-hardening GPOs and revisit some PowerShell fundamentals.
The Day 3 activities must be fully completed in order to complete this activity. If they are not, you will need to refer to your student guides and set up your domain OUs, users, and groups .
Lab Environment
For this week's homework, please use the Windows Server machine and Windows 10 machine inside your Azure Windows RDP Host machine.
Windows RDP Host Machine:
Username: azadmin
Password: p4ssw0rd*
Open the Hyper-V Manager in the Windows RDP Host machine to access the nested virtual machines:
Windows 10 Machine
Username: sysadmin
Password: cybersecurity
Windows Server Machine:
Username: sysadmin
Password: p4ssw0rd*
Note: The instructions for each task will tell you which machine to work in.
The following document contains a list of Windows issues that commonly occur during this unit. Familiarize yourself with these issues so you can fix them as needed:
Understanding the Windows Unit Lab
Refer to your Unit 7 Student Guides if you have trouble with this homework.
Task 1: Create a GPO: Disable Local Link Multicast Name Resolution (LLMNR)
For this first task, you will investigate and mitigate one of the attack vectors that exists within a Windows domain.
Read about LLMNR vulnerabilities in the the MITRE ATT&CK database.
MITRE is one of the world's leading organizations for threat intelligence in cybersecurity.
MITRE maintains the Common Vulnerabilities and Exposures database, which catalogs officially known exploits.
It also maintains this MITRE ATT&CK database, which catalogs attack methods and signatures of known hacking groups.
Local Link Multicast Name Resolution (LLMNR) is a vulnerability, so we will be disabling it on our Windows 10 machine (via the GC Computers OU).
A few notes about LLMNR:
LLMNR is a protocol used as a backup (not an alternative) for DNS in Windows.
When Windows cannot find a local address (e.g. the location of a file server), it uses LLMNR to send out a broadcast across the network asking if any device knows the address.
LLMNR’s vulnerability is that it accepts any response as authentic, allowing attackers to poison or spoof LLMNR responses, forcing devices to authenticate to them.
An LLMNR-enabled Windows machine may automatically trust responses from anyone in the network.
Turning off LLMNR for the GC Computers OU will prevent our Windows machine from trusting location responses from potential attackers.
Instructions
Since this task deals with Active Directory Group Policy Objects, you'll be working in your nested Windows Server machine.
Create a Group Policy Object that prevents your domain-joined Windows machine from using LLMNR:
On the top-right of the Server Manager screen, open the Group Policy Management tool to create a new GPO.
Right-click Group Policy Objects and select New.
Name the Group Policy Object No LLMNR.
Right-click the new No LLMNR GPO listing and select Edit to open the Group Policy Management Editor and find policies.
In the Group Policy Management Editor, the policy you are looking for is at the following path: Computer Configuration\Policies\Administrative Templates\Network\DNS Client.
Find the policy called Turn Off Multicast Name Resolution.
Enable this policy.
Exit the Group Policy Management Editor and link the GPO to the GC Computers organizational unit you previously created.

Respuesta :

Otras preguntas

Training food handlers in food allergy awareness helps to prevent

An unknown solution has a pH of 8. How would you classify the solution? A.acidic B.basic C.neutral D.There is not enough information to answer the question

Solve for x. −32>−5+9x

In animal farm what is the animal ms primary motivation for finishing the windmill on time after the first time it was destroyed

ENGLISH HELP! Sorry if the font is too small, you're probably gonna have 2 zoom in. 15. Which choice best supports the idea that automata were not really as m

Jamina drove for 2 hours at an average speed of 40km/h. She then drove for 3 hours at an average speed of 50km/h. What was her average speed for the whole journ

A cyclist rides her bike at a speed of 36 kilometers per hour. What is this speed in meters per second? How many meters will the cyclist travel in 5 seconds? D

true or false big companies usually devote entire departments to market research

How is 2/3 related to 1

the sum of 3x^2+4x-2 and x^2-5x+3 is