https://community.isc2.org/t5/Governance-Risk-Compliance/Windows-AD-Trust-review/m-p/52149#M706 <P>Both flags are related to Trust relationships in AD.</P><P>&nbsp;</P><P>It is very difficult to say what can go right/wrong without full understanding of the environment.&nbsp; What trusts are set up?&nbsp; What does the forrest look like?&nbsp; Are these flags being used Internally/externally/ both?</P><P>&nbsp;</P><P>Microsoft Technet has a wealth of knowledge on these flags and others.&nbsp; Here is one link:</P><P>&nbsp;</P><P><A href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc794801(v=ws.10)?redirectedfrom=MSDN" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc794801(v=ws.10)?redirectedfrom=MSDN</A></P><P>&nbsp;</P><P>SID filtering quarantining is typically used to prevent&nbsp;&nbsp;<SPAN>attackers that have compromised a domain controller in a trusted domain to use the SID history attribute to&nbsp;</SPAN><SPAN>grant themselves unauthorized rights.</SPAN></P><P>&nbsp;</P><P><SPAN>Others?</SPAN></P><P>&nbsp;</P><P><SPAN>d</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Sun, 24 Jul 2022 22:59:59 GMT dcontesti 2022-07-24T22:59:59Z https://community.isc2.org/t5/Governance-Risk-Compliance/Windows-AD-Trust-review/m-p/52146#M705 Hello:<BR />I wanted some quick education on important windows AD Trust terminology for an AD trust relationships audit.<BR /><BR />I have researched online but I can’t seem to find good business level (the why behind the what) explanations<BR /><BR />Specifically; What is meant by the following flag values<BR />SID Filtering Forestaware = false (or true)<BR />SID Filtering Quarintine = false (or true).<BR /><BR />what is the significance of these flags, why so, what could go wrong if set one way vs. the other and best practice security settings for them Sat, 23 Jul 2022 21:26:24 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Windows-AD-Trust-review/m-p/52146#M705 Midude2000 2022-07-23T21:26:24Z https://community.isc2.org/t5/Governance-Risk-Compliance/Windows-AD-Trust-review/m-p/52149#M706 <P>Both flags are related to Trust relationships in AD.</P><P>&nbsp;</P><P>It is very difficult to say what can go right/wrong without full understanding of the environment.&nbsp; What trusts are set up?&nbsp; What does the forrest look like?&nbsp; Are these flags being used Internally/externally/ both?</P><P>&nbsp;</P><P>Microsoft Technet has a wealth of knowledge on these flags and others.&nbsp; Here is one link:</P><P>&nbsp;</P><P><A href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc794801(v=ws.10)?redirectedfrom=MSDN" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc794801(v=ws.10)?redirectedfrom=MSDN</A></P><P>&nbsp;</P><P>SID filtering quarantining is typically used to prevent&nbsp;&nbsp;<SPAN>attackers that have compromised a domain controller in a trusted domain to use the SID history attribute to&nbsp;</SPAN><SPAN>grant themselves unauthorized rights.</SPAN></P><P>&nbsp;</P><P><SPAN>Others?</SPAN></P><P>&nbsp;</P><P><SPAN>d</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Sun, 24 Jul 2022 22:59:59 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Windows-AD-Trust-review/m-p/52149#M706 dcontesti 2022-07-24T22:59:59Z https://community.isc2.org/t5/Governance-Risk-Compliance/Windows-AD-Trust-review/m-p/52152#M707 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/985787817">@Midude2000</a>&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/715155969">@dcontesti</a> Personally I would check with the Center for Internet Security (CIS) <A href="https://www.cisecurity.org/" target="_blank">https://www.cisecurity.org/</A> they have a range of guidance and baselines and tools, which help you review the current environment.&nbsp;</P><P>&nbsp;</P><P>There is a bunch of free baselines for Microsoft Windows Servers, Desktop etc have a look through those baselines, and register, there is some very good guidelines you can use for reviews and even some tools to check those baselines against as well.</P><P>&nbsp;</P><P>An example of an updated baseline or benchmark is:</P><P>&nbsp;</P><P><A href="https://www.cisecurity.org/insights/blog/update-cis-microsoft-windows-10-enterprise-release-1703-benchmark-v1-0-0" target="_blank">https://www.cisecurity.org/insights/blog/update-cis-microsoft-windows-10-enterprise-release-1703-benchmark-v1-0-0</A></P><P>&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 25 Jul 2022 00:32:33 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Windows-AD-Trust-review/m-p/52152#M707 Caute_cautim 2022-07-25T00:32:33Z