Microsoft Active Directory šAttack ā¦
Active Directory is a directory service developed by Microsoft to manage the Windows domain network .
It is software to arrange, store information; provide access and permissions based on that information. It arranges all the Networkās Users, Computers and other Objects into Logical, Hierarchical grouping. The information is used to authenticate/authorize the Users, Computers and resources that are a part of the network. Active Directory lookout this by using Kerberos Authentication and Single Sign-On (SSO).
Active Directory acts as a single repository for all of this user and computer-related information which makes it easier for user management. Active directory comes with windows server and it can be used to manage the entire organization.
Active Directory is most commonly used for Identity Management Services in the world. 95% of the Fortune 1000 companies implement the Active directory in their network .
As Active Directory manages the organizationās resources it has become a common target for attackers. It can be exploited without ever attacking patchable exploits.
Active Directory components consist of:
1. Physical Components
2.Logical Components
While designing the infrastructure we need to consider both the components. Logical components of the Active Directory structure can be changed at any given time consistent with the business requirement. But physical components are not easy to modify.
ACTIVE DIRECTORY DOMAIN SERVICES ?
i. Domain Services:
The domain service stores the centralized data and manages the communication between users and the domain controller. It is the primary functionality of Active Directory Domain Service.
ii. Certificate Services:
It allows Domain Controller to provide digital certificates, signature and public-key cryptography and is used to manage, generate and share certificates.
iii. Directory Federation Services:
It works based on the federated identity. It provides Single Sign-On (SSO) authentication for multiple applications in the same session so that user donāt have to keep providing same credentials and also provide functionality that extends users SSO access to the application and systems outside the companyās firewall.
iv. Lightweight Directory Service:
It supports cross platform domain services, like any Linux computers present in the network.
v. Rights Management:
Rights management is used as a security tool to control information rights and data access policies.
How to mitigated the Active Directory Attack ?
- Windows Audit Categories
2. Auditing Subcategories Descriptions
3.Account Management
4.Detailed Process Tracking
5. Directory Service Access
6. Privileged activities like access
Some of my point of view regarding the Active Directory Attack :-
Regarding the active directory attack my suggestion is all What matters isnāt how long an attacker has privileged access to Active Directory, but how much the attacker has planned for the moment when privileged access is obtained.
And todayās world is facing too much problem regarding this attack because 99% people are using Microsoft windows. i.e. Microsoft is making security defaults available to everyone, because managing security can be difficult. Identity-related attacks like password spray, replay, and phishing are common.
The credentials for these emergency access accounts should be stored offline in a secure location such as a fireproof safe. Only authorized individuals should have access to these credentials. You can use Conditional Access to configure policies similar to security defaults, but with more granularity including user exclusions, which arenāt available in security default
Go to my LinkedIn for new updates related Cyber Attack and many more Articles ā¦
I hope this is helpful, and I would be interested to hear about other resources that you find useful. Please leave a message here, on Medium.
āRahul KT
