Lead Image © Mykola Velychko, Fotolia.com
Focusing on security in Active Directory
Externally Sealed Off
Active Directory (AD) environments are often the focus of attackers. As soon as malware can access credentials on a domain member PC, the entire AD is at risk of being taken over. In particular, privileged user and administrator accounts are under fire. In this article, I apply best practices to demonstrate how you can increase security in the Microsoft directory service.
For optimal AD security, small and medium-sized companies should position themselves as enterprise environments, which, in most cases, have access to significantly more resources for securing their IT infrastructure. Microsoft itself provides detailed instructions for securing its directory service [1].
Inquisitive Intruders
An attacker usually enters a network through a single endpoint, such as an insecure PC, server, router, or other network device. Once this endpoint has been taken over, the criminal must familiarize himself with the network, because only with sufficient information can the intruder efficiently spy on the rest of the network or carry out further attacks. This spying is also called reconnaissance, or recon.
Locating administrator accounts in the network is an important step in this process. By using a pass-the-hash (PtH) attack, for example, an attacker can access the network and privileged user accounts with the rights of the transferred account and do damage to the network almost completely unobserved.
Dangerous PtH Attacks
Pass-the-hash attacks are targeted directly at AD user accounts; those with privileged rights are particularly interesting, of course, and can be administrator or user accounts that have the right to change user passwords, for example. With changes to the user account, attackers gain access rights other than PtH. PtH attacks are based not only on user
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Refurbished: Windows 2012 Active Directory
Microsoft’s Windows Server 2012 offers numerous improvements in Active Directory, as well as better and easier management.
-
Making Kerberoasting uneconomical
A method known as Kerberoasting is an exploitation technique of the Kerberos authentication protocol. We take a closer look at the available safeguards and detection measures against this attack. -
Secure Active Directory with the rapid modernization plan
The rapid modernization plan by Microsoft is a practical guide to securing Active Directory, so criminals cannot gain access to privileged user accounts. -
Save money with Samba as the domain controller on a legacy Windows NT-style domain
Samba can act as a PDC or BDC on a Windows NT4-style domain. Compared with a Windows-only solution, Samba saves money on licensing, and users can log in from Linux or OS X. -
What's new in Samba 4
In December 2012, the open source world received the first, and very long awaited, release of the Samba 4.x series.