SRP (Software Restriction Policies) et Active Directory : sécurisez votre parc informatique

SRP (Software Restriction Policies) et Active Directory : sécurisez votre parc informatique

Hello and welcome to this new video by Tranquil IT Systems!
Today we are going to talk to you about a interesting aspect of active directory that
some of you know, strategy software restriction, more commonly called
PRS. These are simply integrated GPOs of
Active Directory that will allow you to authorise software in “white lis mode
or prohibit software in “black list” mode. Why do I talk to you about gpo today,
it’s because the srp represents an essential tool for the security of your
IT infrastructure. At Tranquil IT Systems, we’ve learned
to give more confidence to the srp than anti-virus. Indeed antivirus tends to report
many more false positives than it does blocking virus’ or ransomware!
You have certainly heard of ransomware (or ransom softwarein French),
which affect many structures each year public and private in the world.
99% of the time, these malwares infect your park through incorrect
action of a user, who accidentally opened an infected link or clicked on a fradulent attachment. This kind of error is unfortunately common
and has often irreversible repercussions on your activity. It is difficult to prevent entry
of the virus in your system but you can however block its execution thanks to
PRS. The SRP may allow you to restrict the launch executables in a directory where the user has a writen access. This way, even if a user
imports it on a USB stick or downloads by mistake a virus, the execution is blocked. For example, if a user brings the
Wannacry virus on a USB drive intentionally or not, and puts it on the desktop, it will be blocked by the SRPs which will then secure your computer park. Here we can see that I disposed of the virus Wannacry on the desk, I run it, we can see Wannacry’s activity is
in the process of exploring and we see that quickly, without SRP, the machine is
infected quickly. I will now show you how the
implement it. This set up can sometimes be quite
tedious, so be vigilant. We will leave here on a gpo user. In order to make a smooth migration we
create two OU’s for the SRP, a gpo srp light and a hard srp gpo. The gpo srp light will work in blacklist mode. By default everything will be allowed and only a few
folders will be prohibited, such as the download folder. The hard srp gpo will work in mode
white list, and it will not authorise anything by default and will only allow the directories
listed. This is the best method. This mode of operation allows a transition
over several days. You can first of all pass all
your users in srp_light and then switch little by little some users in srp_hard
to handle exceptions until you switch all users in srp_hard. This method is recommended to avoid
the waves of calls, only the few tilted users will have problems. Now that we have put in place the PRS’s,
we will see their effectiveness, continuing with the same example of Wannacrypt We see here that even though Wannacry was
intentionally deposited it has been blocked. During your phase of adding exceptions,
do not hesitate to help the observer Windows event. Indeed, each program execution
blocked by the srp, an entry into the observer event will appear which can greatly
help you. As well, in addition to the SRP for the protection from
ransomware, we also advise you to prohibit the execution of macros in
office documents if they are not not necessary for your users of course. And also to forbid javascript execution
in your pdf readers. Our wapt adobe reader package includes this
security. Thank you for watching this video, we
hope it helps you in the management of your computer park. If you do not feel confident putting everything
in place alone Tranquil IT Systems can offer outsourcing services
and advice, do not hesitate to call us! If you liked this video or even if you
did not like it, do not hesitate to tell us in the comments to help us improve! You can contact us by mail or by
phone (you have all the information in the description below) and follow us on
social networks ! See you soon for new videos!

Daniel Ostrander

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *