2022 / Authentication / Microsoft / Penetration test category / Windows

Active Directory: Secure the gateway

Active Directory: Secure the gateway

Active Directory is a network service used in a Windows domain. It is used to manage user and computer accounts and groups in a domain. In addition, other information such as services, network devices and network services can also be stored in an Active Directory domain.

Active Directory is a complex and very granularly configurable system, so it’s no surprise that security problems occur time and time again. In most cases, it is just a configuration error that can lead to a security problem.

Benefit from the experience of AWARE7

In their daily work, our penetration testers gain insight into various networks of companies of different sizes and industries. Penetration testing is about finding security vulnerabilities by having our analysts think and act like an attacker. In analyzing the various networks and a higher-level analysis, we have found that it is often similar challenges that our customers face.

Insider threats in particular pose a significant threat to information security. This threat comes from people inside the organization and they gain easier access to valuable information and systems. It is important to mention that there are often “unintentional” insiders who become a threat because they have clicked on the malicious attachment of a mail. These Unintentional Insiders can also lead to other risks for an organization.

Breaking the cyber kill chain with a hardened Active Directory

To model such insider threats, Lockheed Martin developed the Cyber Kill Chain model. This divides each attack into seven phases.

  • Reconnaissance – Information Collection
  • Weaponization – Development of an executable exploit
  • Delivery – distribution of the exploit, for example by mail
  • Exploitation – exploiting the exploits and taking over the victim system
  • Installation – installation of additional malware
  • Command and Control – feedback of the malware to the attacker
  • Actions on Objectives – Exfiltration or Encryption of Data
Cyber Kill Chain

The hardening of the Active Directory is a preventive measure which provides increased security from level three of the cyber kill chain, i.e. the point of exploitation. At a minimum, a hardened Active Directory helps limit the impact of a successful cyberattack.

Hardening of the Active Directory on an exemplary infrastructure

In our 7Dossier – Active Directory, we present our top 7 tips for hardening an Active Directory infrastructure. Here we show you the hardening measures using the example of a company network of Franken Logistik.

The Franken Logistik network

With the help of our 7Dossier – Active Directory, every hardening measure on the network can be traced. The individual hardening measures are described, their influence on information security is discussed, and exemplary planning and implementations are carried out.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.