Situation
Due to a security incident, one of my tasks was to implement a secure MFA protocol that allowed all Privileged access users to require a YubiKey 5 with a certificate on it to log onto our servers and computers (where required).
Task
Implement Yubico YubiKeys with a logon that would be difficult to be phished/abused for all our privilged accounts.
Action
- Created the secure certificate that would be generated for each user on a YubiKey.
- Created the infrastructure and group policies that forced privileged access users to logon with a yubikey.
- Changed the user profiles via Active Directory to only allow smartcard login, forcing the use of the PIN and a YubiKey to be inserted to log into a server.
- Created a SCCM deployment to all servers that installed the smartcard driver for Yubikeys onto all our current servers.
- Updated our gold image to include the Yubikey driver preventing new servers potentially slipping through the standard we had set.
- Trained users on how to login using the yubikey and its limits.
- Created privileged user accounts to separate duties for each account, preventing standard user accounts having administrator abilities on servers.
Result
A reduction in our attack vector and abusable privileged accounts. Improved security procedures for all privileged access users.