The compromise of a single Active Directory credential can lead to unauthorized access to your servers, applications, virtualization platforms and user files across your enterprise. One of the reasons for credential vulnerability is that Windows stores credentials in the Local Security Authority (LSA), which is a process in memory.
Microsoft recently updated its guidance for how organizations should approach privileged access in Active Directory (AD). A key component is shifting from the tiered access model (TAM) and the Enhanced Security Admin Environment (ESAE) (also known as the Active Directory Red Forest) to the Enterprise Access Model (EAM). This article explains the drawbacks of the older models and the key principles of EAM.
Even as more advanced forms of authentication, such as biometrics, are developed and implemented, passwords continue to be a commonly used form of authentication. This is partly due to the fact that they are relatively simple to implement and require little infrastructure to support. However, the fact that they are so widely used also means that they are a common target for hackers, which is why it’s so important to use strong, unique passwords and manage them properly.
Post-exploitation tools are used by threat actors to move laterally inside a network and escalate their privileges in order to steal data, unleash malware, create backdoors and more. Red teams and ethical hackers also use these tools; indeed, simulating the efforts of adversaries plays a key role in implementing effective controls to secure systems, applications and files.
With attackers constantly developing new tactics to compromise credentials and data, it is increasingly important to monitor critical systems such as Active Directory (AD) for signs of malicious activity. Many organizations turn to security information and event management (SIEM) products for help.
Once an attacker establishes a foothold in your Active Directory (AD) domain, they begin looking for ways to achieve their final objective, such as to sensitive data on file servers or in databases, spread ransomware or bring down your IT infrastructure. To do so, they must first gain additional access rights — ideally, membership in highly privileged groups like Domain Admins. BloodHound Active Directory helps them find paths to do just that.
Cybersecurity today seems like an arms race: Enterprises implement more and more security tools to try defend their networks against increasingly frequent and sophisticated attacks. But simply increasing the number of tools in your arsenal is not an effective cybersecurity strategy.
Identity governance and administration (IGA) helps organizations give each person the right access to the right IT resources, at the right time and for the right reasons. Let’s take a look at 6 core best practices for successfully implementing IGA, as well as some tips for choosing the right tool.
The Privileged Attribute Certificate (PAC) is an extension to Kerberos service tickets that contains information about the authenticating user and their privileges. A domain controller adds the PAC information to Kerberos tickets when a user authenticates in an Active Directory (AD) domain. When Kerberos ticket services are used to authenticate to other systems, they can retrieve the PAC from a user’s ticket to determine their level of privileges without having to query the domain controller.
Firewalls are the first line of defense in any network. Firewalls can be software or appliances, and organizations can configure them up to allow or disallow some or all IP traffic, or to verify specific traffic types based on rules that use deep packet inspection. For maximum effectiveness, it’s critical to monitor the operation of your firewalls to spot threats and misconfiguration.
