Content

DeMISTIfying Infosec: Active Directory

By Katherine Teitler

Active Directory

Active Directory is an important aspect of enterprise management. The tool was developed in the late 1990s, previewed in 1999, and publicly deployed with Windows 2000. Initially meant to centralize domain management, its capabilities were upgraded in 2003 and again in 2008. 

Active Directory allows network administrators to manage identity-related services for end user access to systems, applications, or other network resources, and governs end user software, files, and accounts. It is a centralized method of automating network management in a distributed environment. Active Directory is hierarchical, replicated, and extensible. Mismanagement or failure to keep up with change management can result in the loss of data, unauthorized system access, system downtime, and more.

Active Directory consists of multiple directory services:

  • Domain services
  • Lightweight Directory Services (LDAP)
  • Certificate Services
  • Federation Service
  • Rights Management

Active Directory uses LDAP to assign domain names, SSL/TSL and Kerberos-based authentication for security, hierarchical and centralized data classification for faster and more accurate networking administration, and data availability across multiple servers for improved extensibility.

https://msdn.microsoft.com/en-us/library/windows/desktop/aa746492(v=vs.85).aspx

When setting up Active Directory it is important to first develop a robust domain controller security policy. Domain controllers authenticate and authorize all users and computers in a Windows domain network; unsecured domain controllers put the organization at risk for attack against shared folders and usernames. In addition, domain admin privileges themselves should be managed with the principle of least privilege so that compromise of admin privileges doesn’t result in an easily escalated attack.

It is also incredibly important to administer Group Policy settings correctly. Group Policy provides an automated, centralized method for configuring and deploying security settings to all computers and users within the domain. Two default settings come “out of the box”: Default Domain Policy and Default Domain Controller Policy. These are responsible for securing domain user account passwords and domain controllers respectively. 

 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.