Basic knowledge of network security (hacker) intranet penetration

Enterprise 2023-07-12 03:28:09 views: null

0x01 Intranet overview

Intranet also refers to Local Area Network (LAN), which refers to a computer group composed of multiple computers interconnected in a certain area. Usually within a radius of several kilometers. The local area network can realize functions such as file management, application software sharing, printer sharing, process arrangement in the working group, e-mail and fax communication services.
The intranet is closed, and it can consist of two computers in an office, or thousands of computers in a company. For example, banks, schools, enterprise factories, government agencies, Internet cafes, unit office networks, etc. all belong to this category.

0x02 Workgroup

2.1 Introduction

Work Group (Work Group), in a large unit, there may be hundreds of computers connected to each other to form a local area network, and they will all be listed in the "Network (My Network Places)", if these computers are not grouped, it is conceivable What a mess, it was difficult to find a computer. In order to solve this problem, there is the concept of "working group". Different computers are generally classified into different working groups according to their functions (or departments). Among them, the computers of the administrative department are included in the "administrative department" working group. If you want to access the resources of a certain department, you can find the workgroup name of that department in the "Network", and double-click to see all the computers in that department. Compared with the case of no grouping, it is much more orderly, especially for large local area networks.

2.2 Join/Create a working group

Right-click "Computer" on the desktop, select "Properties" from the pop-up menu, click "Change Settings", "Change", type the name you want in the "Computer Name" column, and click "Properties" in the "Workgroup" column. Type the name of the workgroup you want to join in the field.
If the workgroup name you entered does not exist in the network, it is equivalent to creating a new workgroup, of course only your computer is in the group for the time being. After clicking the "OK" button, Windows prompts that you need to restart. After restarting, enter "Network" to see the members of the workgroup you have joined.

2.3 Leaving the working group

Just change the workgroup name. However, others can still access your shared resources online. You are also free to join any other workgroup on the same network. A "workgroup" is like a "community" that can enter and exit freely, so that computers in the same group can access each other.

Therefore, the working group does not have a real centralized management function. All computers in the working group are equal, that is, there is no distinction between servers and clients.

2.4 Limitations of working groups

If a company has 200 computers, we hope that the account Alan on a certain computer can access the resources in each computer or log in on each computer. Then in the "workgroup" environment, we must create the Alan account in each SAM database of these 200 computers. Once Alan wants to change the password, he must change it 200 times! What if it is a company with 5,000 or tens of thousands of computers in a company with only 200 computers now? It is estimated that the administrator will go crazy.

0x03 domain

3.1 Introduction

A domain (Domain) is a collection of computers with a security boundary (a security boundary means that in two domains, users in one domain cannot access resources in another domain), and a domain can be simply understood as an upgraded version of "work Compared with the workgroup, it has a stricter security management control mechanism. If you want to access the resources in the domain, you must have a legal identity to log in to the domain, and what resources do you have in the domain? Such permissions also depend on your user identity in the domain.

Domain Controller (DC for short) is a computer similar to a management server in a domain, which is equivalent to the guard of a unit. It is responsible for the verification of each connected computer and user. If you want to visit each other, you must first pass its audit.

3.2 Organizational Unit OU

In a domain, an organizational unit OU is a container that organizes objects into logical management groups, including one or more objects, such as user accounts, groups, computers, printers, applications, file shares, or other OUs.

3.3 Single domain

In a typical small business with a fixed geographic location, setting up a single domain will suffice.
Generally, at least two domain servers should be established in a domain, one as a DC and the other as a backup DC. If there is no second backup DC, once the DC is paralyzed, other users in the domain cannot log in to the domain, because the database of the active directory (including user account information) is stored in the DC. And if there is a backup domain controller (BDC), at least the domain can still be used normally, and the paralyzed DC can be restored during the period.

3.4 Parent Domain and Child Domain

For management and other needs, it is necessary to divide multiple domains in the network. The first domain is called the parent domain, and the domains of each branch are called the subdomains of this domain.

For example, if a large company has different branches in different geographical locations, it needs a structure such as parent domain and subdomain. If branches in different geographic locations are placed in the same domain, it will take a long time for information exchange (including synchronization, replication, etc.) between them, and occupy a large amount of bandwidth. (Because in the same domain, there are many items of information exchange, and they are not compressed; while between domains, there are relatively few items of information exchange, and they are compressed.)

Another advantage is that subsidiaries can manage their own resources through their own domains.

Another situation is due to security policy considerations, because each domain has its own unique security policy. For example, if a company's financial department wants to use specific security policies (including account password policies, etc.), then the financial department can be managed as a subdomain.

3.5 Domain tree

A domain tree refers to a collection of several domains formed by establishing trust relationships. A domain administrator can only manage the inside of the domain, and cannot access or manage other domains. To access each other between two domains, a trust relationship (Trust Relation) needs to be established.

A trust relationship is a bridge connecting domains to domains. The parent domain and child domains in the domain tree can not only manage each other according to needs, but also allocate device resources such as files and printers across the network, so that different domains can realize the sharing and management of network resources, as well as mutual communication and data transmission.

In a domain tree, the parent domain can contain many subdomains, and the subdomain refers to each segment in the domain name relative to the parent domain. Subdomains can only use the parent domain as the suffix of the domain name, that is to say, in a domain tree, domain names are continuous.

3.6 Domain Forest

A domain forest refers to a set of several domain trees formed by establishing trust relationships. The resources in the entire forest can be managed and used through the trust relationship established between the domain trees, thereby maintaining the original characteristics of the original domain itself.

3.7 DNS domain name server

DNS domain name server (Domain Name Server) is a server that converts domain name (domain name) and its corresponding IP address (IP address).

In the introduction of the domain tree, you can see that the names of the domains in the domain tree are very similar to the names of the DNS domains. In fact, the names of the domains are the names of the DNS domains, because the computers in the domain use DNS to locate domain controllers and servers. and other computers, network services, etc.

Under normal circumstances, we locate the domain controller by looking for the DNS server when infiltrating the intranet, because usually the DNS server and the domain controller will be on the same machine.

3.8 Active Directory

Active Directory (Active Directory) is a component that provides directory services in a domain environment.

What is a directory? A directory is the storage of information about network objects such as users, groups, computers, shared resources, printers, and contacts. Directory service is a service that helps users quickly and accurately find the information they need from the directory.
If the intranet of an enterprise is regarded as a dictionary, then the resources in the intranet are the content of the dictionary, and the active directory is equivalent to the index of the dictionary. That is, the active directory stores shortcuts of all resources in the network, and users locate resources by looking for shortcuts.

3.9 Logical structure

In Active Directory (Active Directory), administrators can completely ignore the specific geographic location of managed objects, and place these objects in different containers in a certain way. Since this method of organizing objects does not consider the specific geographical location of the managed objects, this organizational framework is called "logical structure".

The logical structure of the active directory includes the organizational unit (OU), domain (domain), domain tree (tree), and domain forest (forest) mentioned above. All domains in the domain tree share an active directory, and the data in this active directory is stored in various domains, and each domain only stores the data in this domain.

0x04 Main functions of Active Directory

  • Accounts are managed centrally, and all accounts are stored on the server, which is convenient for reordering/resetting passwords of accounts.
  • Centralized software management, unified push software, unified installation of network printers, etc. Distributing software by using the software publishing strategy can allow users to freely choose to install the software.
  • Centralized management of the environment, using AD can unify the client desktop, IE, TCP/IP and other settings.
  • Enhance security, deploy anti-virus software and anti-virus tasks in a unified manner, centrally manage users' computer rights, and formulate user password policies in a unified manner, etc., can monitor the network, and manage data in a unified manner.
  • More reliable, less downtime. For example: use AD to control user access rights, use clustering, load balancing and other technologies to set up disaster recovery for file servers, which is more reliable and less downtime.
  • Active directory is the basic platform of Microsoft's unified management, and other services such as isa, exchange, and sms all depend on this basic platform.

0x05 Difference between AD and DC

If the network scale is large, we will consider putting many objects in the network: computers, users, user groups, printers, shared files, etc. into a large warehouse in an orderly manner, and do a good job of retrieving information to Facilitate finding, managing and using these objects (resources). This hierarchical database is the Active Directory database, referred to as the AD library.

So which computer should we put this database on? The regulation is like this, we call the computer where the Active Directory database is stored DC. So if we want to implement a domain environment, we actually need to install AD. When AD is installed on a computer in the intranet, it becomes a DC.

Then if you have a domain environment, answer the original question: In a domain environment, you only need to create an Alan account in the active directory once, then you can log in to Alan on any of 200 computers. If you want to change the Alan account The password only needs to be changed once in Active Directory.

0x06 Security domain division

The purpose of security domain division is to divide a group of computers with the same security level into the same network segment. The computers in this network segment have the same network boundary. Firewalls are deployed on the network boundary to implement NACL for other security domains. (Network access control policy), which IPs are allowed to access this domain and which are not allowed to access this domain; which IPs/network segments are allowed to access this domain and which IPs/network segments are not allowed to access. It minimizes its risk, and when an attack occurs, it can isolate the threat to the maximum extent and reduce the impact on computers in the domain.

0x07 DMZ area

7.1 Introduction

DMZ is called "separation zone", also known as "demilitarized zone". It is to solve the problem that the external network cannot access the internal network server after the firewall is installed, and a buffer zone between the non-secure system and the secure system is set up.
This buffer zone is located in the small network area between the internal network and the external network of the enterprise. Some server facilities that must be made public can be placed in this small network area, such as corporate Web servers, FTP servers, and forums.
On the other hand, through such a DMZ area, the internal network is more effectively protected, because this kind of network deployment, compared with the general firewall solution, has one more checkpoint for attackers.

7.2 Barrier function of DMZ

  • The internal network can access the external network: users of the internal network need to freely access the external network. In this strategy, the firewall needs to perform NAT.
  • Intranet can access DMZ: This policy enables intranet users to use or manage servers in the DMZ.
  • The external network cannot access the internal network: This is the basic policy of the firewall. The internal network stores the company's internal data. Obviously, these data are not allowed to be accessed by external network users. If you want to access, you have to do it through VPN.
  • The external network can access the DMZ: the server in the DMZ needs to provide services to the outside world, so the external network must be able to access the DMZ. At the same time, accessing the DMZ from the external network requires the firewall to complete the translation from the external address to the actual address of the server.
  • The DMZ cannot access the internal network: If this policy is not enforced, the internal network will not be protected when intruders compromise the DMZ. 
  • DMZ cannot access the external network: There are exceptions to this policy. For example, in our example, when the mail server is placed in the DMZ, it needs to access the external network, otherwise it will not work normally.

0x08 Classification of computers in the domain

  • domain controller
  • member server
  • Client computer
  • dedicated server

The domain controller stores the active directory database, which is necessary in the domain, while the other three are not necessary, that is to say, the simplest domain can only contain one computer, and this computer is the domain controller of the domain device.

The role of each server in the domain can also be changed. For example, when the domain server deletes the active directory, if it is the last domain controller in the domain, the domain server will become an independent server. If it is not the only domain controller in the domain, then will make the server a member server.

At the same time, a stand-alone server can be converted into a domain controller, or joined to a domain as a member server.

0x09 Interpretation of permissions in the domain

9.1 group

A group is a collection of user accounts. By assigning permissions to a group of users instead of assigning permissions to each user, administrators do not need to set their own unique access permissions for individual user accounts in daily work, but add user accounts to corresponding security groups. The administrator can give the corresponding security group access rights, so that all user accounts added to the security group will have the same rights. Using security groups instead of individual user accounts can facilitate and simplify network maintenance and management.

9.2 Domain Local Groups

Domain local groups, multi-domain users access single-domain resources (access to the same domain). User accounts, universal groups, and global groups can be added from any domain, and permissions can only be assigned within the domain in which they reside. Domain local groups cannot be nested within other groups. It is mainly used to grant access to resources located in this domain.

9.3 Global Groups

Global group, single-domain users access multi-domain resources (must be users in the same domain). Users and global groups can only be added on the domain where the global group was created, permissions can be assigned in any domain in the domain forest, and global groups can be nested in other groups.

9.3 General group

Universal group, whose members come from user accounts, global groups, and other universal groups in any domain in the domain forest, can be assigned permissions in any domain in the domain forest, and can be nested in other domain groups. It is very suitable for cross-domain access in a domain forest.

It can be easily memorized like this:

  • Domain Local Groups: From the whole forest for this domain
  • Global group: from this domain for the whole forest
  • Universal group: from all forests for all forests

0x10 AG-DL-P policy

  • A(account), means user account
  • G(Global group), means global group
  • U(Universal group), means universal group
  • DL (Domain local group), said domain local group
  • P (Permission permission), which means resource permission.

The AG-DL-P strategy is to add user accounts to global groups, add global groups to domain local groups, and then assign resource permissions to domain local groups. It is easier to organize and manage users according to the principles of AGDLP.
After the formation of AGDLP, when granting a certain authority to a user, it is only necessary to add the user to a certain local domain group.

0x11 Permissions for local domain groups

11.1 Permissions for local domain groups

  • Administrators (administrator group)
  • Remote Desktop Users (remote login group)
  • Print Operators
  • Account Operators (Account Operators group)
  • Server Operators (server operator group)
  • Backup Operators (Backup Operators group)

11.2 Permissions for Global Groups and Universal Groups

  • Domain Admins (Domain Admins group)
  • Enterprise Admins (Enterprise System Administrators group)
  • Schema Admins (Schema Admins group)
  • Domain Users (Domain User Group)

Guess you like

Origin blog.csdn.net/jazzz98/article/details/131611204
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com