Burnchi

Burnchi

欢迎来到我的安全屋~
github
bilibili
HomeArchives

Internal Network Basics

#内网安全107
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This text discusses various concepts related to network security and domain management. It explains the different types of domains, such as workgroups, single domains, parent domains, and child domains. It also discusses the roles of domain controllers and domain name servers in managing and authenticating computers and users within a domain. The text emphasizes the importance of Active Directory in providing directory services and centralized management of user accounts. It also mentions the use of a DMZ as a buffer zone between secure and non-secure systems, and the classification of computers in a domain, including domain controllers, member servers, client computers, and independent servers. The text briefly explains different network adapter modes in virtual machines and the use of Windows PowerShell for security testing. It concludes by mentioning the ability to manage Active Directory using PowerShell and how to check the PowerShell version and execution policy.

All notes are sourced from "Internal Network Security Attack and Defense - Penetration Testing Practical Guide".

Workgroup#

A workgroup is like a freely joinable and exitable society, with no centralized management. All computers in the workgroup are peers.

Domain#

A domain is a collection of computers with a security boundary (a domain cannot access resources in another domain). To access resources within a domain, users must log in to the domain with a valid identity, and the permissions they have within the domain depend on their identity within the domain.

Single Domain#

Used for small companies with fixed geographical locations. There is usually at least one domain server acting as a domain controller (DC) and another as a backup DC for disaster recovery.

Parent Domain and Child Domain#

Used for large companies with branches located in different places. Multiple domains are created, with the first domain being the parent domain and the domains of the branches being child domains. Each branch can manage its own resources for security reasons.

Domain Tree#

A domain tree is a collection of multiple domains that have established trust relationships. If two domains need to communicate with each other, they must establish a trust relationship. Parent domains and child domains within a domain tree can manage each other as needed and can distribute files, printers, and other devices and resources across networks.

Domain Forest#

Used for companies that have merged with other companies. Multiple domain trees are combined to form a domain forest, which can retain the original characteristics of the merged companies.

Domain Controller (DC)#

A computer in a domain that acts as a management server. The DC stores a database of accounts, passwords, and other information for the domain.

Domain Name Server (DNS)#

A server that translates domain names into corresponding IP addresses. The domain names in a domain tree are very similar to DNS domain names. In fact, computers in the domain use DNS to locate domain controllers, servers, and other computers and network services. The name of the domain is the name of the DNS domain. DNS servers and domain controllers are usually configured on the same machine.

Active Directory (AD)#

A component that provides directory services in a domain environment. The Active Directory stores "shortcuts" to all resources in the network. All domains within a domain tree share a single Active Directory, which stores data distributed across the domains.

Difference Between DC and AD#

The Active Directory database is also known as the AD database. To implement a domain environment, AD must be installed. If AD is installed on a computer, it becomes a domain controller (DC), which stores the Active Directory database.

Division of Security Domains#

The purpose of dividing security domains is to group a set of computers with the same security level into the same network segment.

In an internal network connected by a router, the network can be divided into three zones: the highest security level internal network, the medium security level DMZ, and the lowest security level external network (Internet). These three zones are responsible for different tasks and require different access policies.

Domain Computer Classification#

  • Domain Controller: Stores all account information and security policies, and manages all network access.
  • Member Server: A computer that has joined the domain and installed a server operating system, but does not have Active Directory installed. Its main task is to provide network resources, such as file servers, application servers, databases, web servers, mail servers, print servers, etc.
  • Client: A computer that has installed an operating system other than Windows. Users can log in to the domain using these computers and domain accounts.
  • Standalone Server: A server that has not joined a domain and does not have Active Directory installed. It cannot use any services provided by Active Directory. It can be a domain controller or a member server.

Domain Permissions#

Groups are collections of user accounts. By assigning permissions to a group of users, permissions do not need to be assigned to each user individually, simplifying network maintenance and management.

Domain Local Groups#

Mainly grant permissions to access resources within the domain. Domain local groups cannot be nested in other groups.

Global Groups#

Used for single-domain users to access resources in multiple domains. Global groups can be nested in other groups.

Universal Groups#

Used for cross-domain access within a domain forest. Universal group members are not stored in domain controllers, but in the Global Catalog (GC). Any changes will be replicated throughout the forest.

Simple Memory#

Domain local groups come from the entire forest and apply to the local domain; global groups come from the local domain and apply to the entire forest; universal groups come from the entire forest and apply to the entire forest.

Built-in Groups#

Built-in groups are pre-defined groups that have specific permissions and are created automatically when a domain is created.

Virtual Machine#

Network Adapter#

Bridged Mode#

Uses the IP of the Wi-Fi or physical network card, as if the virtual machine and the host are plugged into the same switch.

NAT Mode#

Uses the IP of the virtual network card (VMware 8), and the virtual machine can access all computers in the same network segment as the host. However, except for the host, other computers in the local network cannot access the virtual machine (as sharing resources in the network is not allowed).

Host-only Mode#

Host-only virtual network is the most private and strict network configuration. The virtual machine is in a separate network segment. Compared to NAT mode, the virtual machine cannot access the Internet in Host-only mode. However, in Host-only mode, the virtual machine and the host can communicate with each other (like in a local area network) and share resources. If Windows connection sharing is not enabled, the virtual machine cannot communicate with any other computers in the local network except for the host.

Windows PowerShell Basics#

PowerShell is a popular and powerful security testing tool that requires support from the .NET environment.

Features#

  • It is installed by default on Windows 7 and later versions. Scripts can run in memory without being written to disk.
  • It is unlikely to trigger antivirus software.
  • It can be executed remotely.
  • Many tools are developed based on PowerShell.
  • It makes Windows script execution easier. Running cmd.exe is usually blocked, but running PowerShell is usually not blocked.
  • It can be used for Active Directory management.

Basic Concepts of PowerShell#

.ps1 Files#

PowerShell scripts are simple text files with the extension .ps1, containing a series of PowerShell commands.

Execution Policy#

By default, the execution policy is set to "Restricted", which means scripts cannot be run.

Running Scripts#

Scripts can be run by entering the full path and file name.

Pipeline#

The pipeline is used to pass the output of one command as the input to another command, with the commands connected by "|". For example, the following command stops all running programs whose names start with the letter "p":

PS> get-process p* | stop-process

PowerShell Commands#

Please refer to page 18 for a list of PowerShell commands.

Setting Up a Domain Environment#

  • Windows Server 2012 R2: 192.168.1.1 (DC)
  • Windows Server 2008 R2: 192.168.1.2
  • Windows 7: 192.168.1.3

WIN2012#

Configure Network Card Information#

Set DNS to 192.168.1.1.

Change Computer Name#

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.