You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ADDS/README.md
+2-3Lines changed: 2 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1185,12 +1185,11 @@ Some security experts also [recommend using IPSec with null encapsulation to pro
1185
1185
They argue that Privileged Access Workstations (PAWs) are somewhat portable
1186
1186
and might not always be located within a well-defined administrative subnet.
1187
1187
While this point is valid, it raises the question of why RDP should be treated so differently,
1188
-
considering that RDP is just one of many [remote administration protocols](#identifying-management-traffic)\
1188
+
considering that RDP is just one of many [remote administration protocols](#identifying-management-traffic)
1189
1189
that could be exploited by malicious actors.
1190
1190
IPSec enforcement must also be taken into account when planning for disaster recovery.
1191
1191
Microsoft even [recommends](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack#domain-controller-operating-systems)
1192
-
installing domain controllers with the `Server Core` option and managing them remotely using RSAT instead of RDP.
1193
-
1192
+
installing domain controllers with the **Server Core** option and managing them remotely using RSAT instead of RDP.
1194
1193
Moreover, many IT environments are not mature enough to support a full PAW deployment.
1195
1194
However, they can at least implement Tier 0 jump hosts, which should ideally be protected by MFA.
1196
1195
In designing the `DCFWTool` to be usable by over 90% of organizations "as is",
0 commit comments