Microsoft has responded to the repeated success of attackers pursuing horizontal kill chains via pass-the-hash and related attacks with a reference architecture and other best practices that seek to isolate privileged credentials. The term “red forest” has been coined as an informal name for a special administrative forest Microsoft recommends for holding the accounts that have privileged access to your production forest and require additional security.
A key feature of this guidance is a three-tier enhanced security admin environment (ESAE) in which admin accounts are divided into three levels of security:
- Tier 0 — Basically enterprise admins with forest-level admin authority
- Tier 1 — Server, application and cloud admin authority
- Tier 3 — Administrative control of workstation and device
In this webcast, security expert Randy Franklin Smith will explain the reasons why you might go to this extra trouble — as well as the limitations of this structure. Lastly, Randy will explore why third-party tools, like those Quest offers, may offer the most coverage in this three-tier security structure.