Figure 4-4: Medium-term goal plan  The figure shows six separate areas:  1

122 
CHAPTER 4 | Security and identity 
Long-term plan 
The long-term goals (see Figure 4-5) detail the final parts to date in an ever-evolving strategy. 
Securing your environment never stops. Therefore, this strategy will need to be reviewed and adapted 
over time, but it will provide you with a basis to begin and grow. 
As with software development, you should apply a lifecycle with regard to how you control access to 
resources. Your approach should be based on the latest principles and JEA. Following on from this, all 
administrators should be issued strong authentication mechanisms such as SmartCard or Passport 
Authentication. 
To really enhance protection, you can implement a secure forest that is isolated from a traditional user 
forest. Here, you can store the most secure systems in the environment and be fully isolated from the 
production network. The next section is to implement code integrity, which will ensure that only 
authorized code can be run on the systems. 
Finally, you can use a new feature in Hyper-V Server 2016 called shielded virtual machines. This uses a 
Generation 2 VM to encrypt a VM. In this case, you can begin by focusing on domain controllers so 
that an attacker can’t inspect a VM and copy it from the drives or do a host attack to gain access to 
the VM. Shielded VMs are described further later in this chapter. 

Download 13,37 Mb.

Do'stlaringiz bilan baham: