ad-security-assessment-technical

Is your Active Directory in urgent need of attention?

ad-security-assessment-technical

Image credit: https://github.com/Orange-Cyberdefense/arsenal

Active Directory is responsible for authorisation, authentication and privilege control as the core of most organisations’ IT infrastructure.

And the image above is how a hacker sees it – the mind map is specifically called “Pentesting Active Directory,” created by an organisation specialising in attacking Active Directory the same way a hacker would.

In our experience, many (or most) IT admins don’t see Active Directory security the same way or with the same level of complexity. They take care of 2-5% of the image above, as their main objective is to keep the business running.

An IT admin sees Active Directory as a tool to achieve specific objectives – place a user in a group, install a server and join it to the Directory, edit a group policy here, or disable a user.

You could understand how an IT admin views Active Directory if you think of an architect, or a construction worker, building a skyscraper. They don’t think of all the potential ways a burglar might bypass the building’s defenses, and that’s not their job. Their job is to ensure the building has all the amenities and quality required by its inhabitants; everything works and will continue to work for decades.

Assessing Active Directory Security

If we look at your AD from a defender’s point of view, compared to the construction workers’/architect above, we see a completely different picture.

An attacker doesn’t simply look for vulnerabilities; they look for a combination of improper configurations that might represent a weakness.

A hacker also looks for ways an IT admin is used to configure things for decades, which might be less secure today than they were ten years ago.

But IT admins keep doing things the way they used to, with little regard for security, because security is not their job. Security is the job of the security department if you have one.

For example: when people experience IT issues on their computers, your IT helpdesk or even your main IT admin might sign in to their computer for troubleshooting.

No big deal, one might say.

But if the admin signs in with their main admin account, this simple action might have exposed your entire organisation to an immediate and devastating security breach.

Here is why:

Imagine, if the regular employee calling IT for help did not know that the issues they were having were caused by a hacker, instead of a software malfunction.

The hacker might intentionally cause a fault, to get an IT admin to sign in to the already compromised regular employee machine.

The moment your IT admin signs in to a compromised computer, their admin password, which has access everywhere, becomes known to the hacker.

As simple as taking a candy from a child.

And this is just one way hackers could compromise your company through a weakness in the way your IT administrators do their job.

The issue I described above is related to processes and procedures, and the image linked in the beginning of this article has processes and procedures as a vector of attack as just one of many attack vectors.

If you would like your Active Directory to be secure, the first step is to discover all the ways in which it can be misused today and all of its people, process and technology vulnerabilities, with the help of our Active Directory Security Assessment service.

Share:

Facebook
Twitter
Pinterest
LinkedIn
On Key

Related Posts

WEBSITE SECURITY REPORT

GOLD

Imagine you own a house and want to add an additional floor. First you have to review and strengthen the foundations. This service builds cybersecurity foundations to facilitate growth in a resilient, timely manner.

This service will also provide the company with a cybersecurity risk assessment and improvement plan but with significantly more support from a senior consultant to help the company embed improvements in a continuous, timely manner

SILVER

The dreaded car MOT is looming. It’s the unforeseen wear & tear that results in some necessary annual maintenance. Our cybersecurity review will highlight what needs to be done as your engineers.

In addition to the context gathering stage and security footprinting service, a senior consultant will perform a risk assessment to understand the company’s cyber risks and provide recommendations. They will also be available to undertake monthly calls for answering questions, providing guidance and checking on whether risks are reducing.

BRONZE

You’re embarking on a more active lifestyle, chosen to go on a diet and get in shape. Think of this service as the cybersecurity equivalent of the personal trainer, helping you along the way.

After an initial context gathering stage, a junior security consultant will be available once per month to answer questions and provide recommendations based on company goals and activities. A cybersecurity footprinting service will allow the company to continuously monitor its external security posture.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.