
Photo by cdd20 on Unsplash
Risk mitigation for Active Directory
Deviations
In a previous article [1], I analyzed the problems that have given Active Directory (AD) a poor reputation among security admins. However, only a minor share of known vulnerabilities originates from the nature of AD itself. Many problems are the result of the default settings that Microsoft still delivers with AD; configurations and processes that admin teams implement in their AD organizations can be even more problematic.
To design and operate AD as securely as possible – in the context of this article I talk about Active Directory Domain Services (AD DS) – it is very important to understand which of today's cyberthreats affect AD, what goals attackers pursue, and what techniques they deploy to achieve their goals. The current talk can give non-experts the impression that an IT infrastructure is virtually defenseless against cybercriminals if it is based on AD. In reality, though, AD is never the first point of contact or the gateway for the attacker, and hijacking AD is just as rarely the ultimate target.
The initial contact is usually made over a user device (phishing, drive-by downloads) or an application (Exchange administrators might well remember the HAFNIUM zero-day exploit). The attackers' objectives range from total destruction (wiper) to the theft of very specific information (research data for industrial espionage, commercial documents for market manipulation, or whale phishing attacks on high-level executives). Somewhere in between you also see attackers encrypting an organization's entire data as a means of blackmail (ransomware), injecting code into the development cycle (software supply chain attacks), or influencing the networked physical infrastructure (power generation or gas pipeline attacks).
Mitigating Risks
In most AD implementations that have grown historically, attackers find numerous opportunities
...Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
