The World's Most Advanced Active Directory Security Insights

Folks,

As the world's #1 cyber security company in two vital areas of security i.e. Active Directory Security and Privileged Access, in days and weeks to come, you can expect us to share advanced security insights on these two vital areas on this blog.

Today, we just wanted to share a few advanced cyber security insights on Active Directory Security -

1. A Letter to Benjamin Delpy Regarding Mimikatz and AD Security


2. How to Mitigate the Risk Posed by Mimikatz DCSync


3. Active Directory Beyond the MCSE


4. How to Discover Stealthy Admins in Active Directory


5. How to Correctly Discover Shadow Admins in Active Directory


6. Active Directory Access Control Lists - Actual Attack and Defense


7. How to Easily Solve the Difficult Problem of Active Directory Botnets


8. How to Easily Identify and Thwart Sneaky Persistence in Active Directory


9. A Simple Trillion Dollar Active Directory Privilege Escalation Example


10. Active Directory Effective Permissions - Paramount to Global Security

You see, the key to all of the above lies in this.

Best wishes,
Sanjay.

Active Directory Security - An Executive Summary for CISOs

Folks,

Over the last few years, we've had thousands of organizations reach out to us to request our assistance on numerous aspects of Active Directory Security, predominantly on how to correctly audit privileged access in Active Directory.

We thus have substantial insights on just how much organizations worldwide know about Active Directory Security and how well their security leadership (CISOs) understand the paramount importance of Active Directory Security today.

In our vast experience, we have found that the IT and cyber security leadership at thousands of organizations worldwide may still not yet understand the paramount importance of securing and defending their foundational Active Directory.


To help the CISOs of all organizations worldwide understand the paramount importance of Active Directory Security,  earlier today we released a simple two-page Executive Summary on Active Directory Security -

This Executive Summary (PDF) can be downloaded from here - Active Directory Security.

Today, virtually every aspect of organizational Cyber Security, whether it be Identity and Access Management, Privileged Access Management, Network Security, Endpoint Security, Data Security, Intrusion Detection, Cloud Security, Zero Trust etc. ultimately relies and depends on Active Directory (and consequently, on Active Directory's security.)

In the interest of their organization's foundational cyber security, we highly recommend that all CISOs worldwide read it.

Best wishes,
Sanjay.

What is Active Directory Security, and Why is it Paramount ?

Folks,

Today, we just wanted to take a few moments to shed some light on a paramount area of organizational cyber security.


As you may know, Microsoft Active Directory is the very foundation of IT, cyber security and privileged access worldwide.

Given the foundational role that Active Directory plays in IT, cyber security and privileged access today, its own security i.e. the security afforded to an organization's mission-critical Active Directory deployment is of paramount importance.

Should an organization's foundational Active Directory be compromised, the very foundation and bedrock of its cyber security would have been compromised, and the entirety of its IT resources would be at risk of compromise.

Factually, the compromise of an organization's foundational Active Directory is tantamount to a system-wide compromise.

Active Directory Security

Active Directory Security is the area of cyber security that covers the adequate protection (security and defense) of an organization's foundational Active Directory deployments, and it usually includes the following seven (7) areas -

1. Active Directory Logical Structure - Ensuring that Forest, Domain and Trust relationships are logically sound


2. Domain Controller Security - Ensuring the adequate physical, system and network security is afforded to all DCs


3. Privileged Account Security - Ensuring that all privileged users are accurately identified, reduced and protected


4. Delegation of Administration - Ensuring that all access is delegated based on the principle of least privilege


5. Active Directory Configuration Security - Ensuring the security of AD Schema, Backups, FSMOs, Replication, etc.


6. Secure Administrative Practices - Ensuring admin-workstations, alt admin-accounts, trustworthy-tooling etc.


7. Active Directory Threat Intelligence (to actively detect attacks against AD) and Active Directory Auditing

Active Directory Security must be a top organizational cyber security priority today because it has a direct bearing on the organization's foundational security, and thus directly impacts the foundational security of the entirety of its IT resources.



Recommended Reading

Active Directory Security is a vast subject and its adequate protection requires that organizations possess a sufficient understanding of its attack surface, and all of its components, so here's some recommended reading to get started -

1. Begin with this simple Active Directory Security - An Executive Summary to understand its paramount importance.


2. Next, use this simple, effective Active Directory Security Checklist to identify what areas to provide coverage for.


3. Finally, use this Microsoft guide titled Best Practices for Securing Active Directory for prescriptive guidance.

Finally, you may want to review these this.



Highest Priority

It is a less known fact that virtually all major cyber security breaches including JP Morgan, Sony Hack, Target, Snowden, OPM Breach, Anthem, Avast etc., all involved the compromise/misuse of a single Active Directory privileged user account.

Consequently, the accurate identification of privileged users in Active Directory is of the highest (paramount) importance, because as evidenced above, the compromise of a single Active Directory privileged user could result in a colossal breach.

Unfortunately Microsoft's guidance on this paramount area of Active Directory Security seems insufficient and light, so we highly recommend that organizations refer to this guidance - How to Correctly Audit Privileged Access in Active Directory.




Summary

In summary, as the bedrock of an organization's IT, cyber security and privileged access, today Active Directory Security is paramount to cyber and organizational security, and thus must be an organization's highest cyber security priority.

We recommend that all organizations to learn more about and adequately implement Active Directory Security.

Best wishes,
Sanjay.

Active Directory Security Checklist

Folks,

Active Directory Security is of paramount importance to organizational cyber security worldwide today, and it is absolutely imperative that organizations adequately secure and defend their Active Directory deployments from being compromised.

Albeit paramount, given its vast attack surface, adequately securing and defending an organization's Active Directory requires knowledge, expertise and effort, and organizations often require specific guidance to ensure completeness.

IT personnel at organizations worldwide, especially Domain Admins, IT Managers and CISOs could greatly benefit from a clear understanding of exactly what all they need to cover in the process of securing their Active Directory deployments..

Active Directory Security Checklist

To make it easy for IT personnel at organizations worldwide to be able to adequately assess, secure and defend their Active Directory, we have developed a simple, practical and complete 10-point Active Directory Security Checklist -

This checklist (PDF) can be downloaded from here - Active Directory Security Checklist.



This simple checklist can help organizations worldwide ensure that they have adequately provided coverage for all areas of their Active Directory that need to be addressed to attain and maintain a sound Active Directory security posture.

Best wishes,
Sanjay.

What is Active Directory?

Folks,

Today is January 06, 2020, and as promised, today onwards we are going to start sharing our cyber security insights.


Cyber Security 101

Perhaps we should begin by adequately answering a most simple yet most important question - What is Active Directory?

While this question may seem simple to some (and it is,) its one of the most important questions to answer adequately, because in an adequate answer to this most simple question lies the key to organizational cyber security worldwide.



Popular Belief - IT Phone Book ?

If you were to ask most CISOs or IT professionals, they'll likely tell you that Active Directory is the "phone book" of an organization's IT infrastructure because at its simplest, it is a directory of all organizational accounts and computers.

For two decades now, this has been the predominant view held by most CISOs and IT personnel worldwide. In fact, as recently as a few weeks ago, in a presentation, a prominent CISO labelled  Active Directory simply as "The Phone Book."

Sadly, in the simplistic view lies likely a BIG folly, because when you view something as just a "phone book,", in your mind you've already sub-consciously attributed a very low value to it, and dismissed any thought of it even requiring security.

In fact, it is the sheer negligence resulting from this simplistic view and folly that are the reason that the Active Directory deployments of most organizations remain substantially insecure and vastly vulnerable to compromise today.

After all, who cares about a phone book?!




Active Directory - The Very Foundation of Organizational Cyber Security Worldwide

Ladies and gentlemen, factually speaking, an organization's Active Directory deployment is the single most valuable IT and corporate asset, worthy of the highest protection, because it is the very foundation of an organization's cyber security.

It is said that a "A Picture is Worth a Thousand Words", so perhaps I should paint you a simple Trillion $ picture -

You see, the entirety of an organization's very building blocks of cyber security i.e. all the organizational user accounts and passwords used to authenticate their people, all the security groups used to aggregate and authorize access to all their IT resources, all their privileged user accounts, all the accounts of all their computers, including all laptops, desktops and servers are all stored, managed and secured in (i.e. inside) the organization's foundational Active Directory.

In other words, should an organization's foundational Active Directory be compromised, the entirety of the organization could potentially be exposed to the very serious risk of complete, swift and colossal compromise.

So, you see, an organization's Active Directory is a little more than just a "phonebook." In fact, it is the very foundation of the organization's entire cyber security, the heart of Privileged Access, and the lifeline of its entire IT infrastructure.



Technically Speaking

Technically speaking, Active Directory is a highly scalable, secure, resilient, enterprise-grade, multi-mastered directory service, with which Microsoft has integrated all three As of cyber security - Authentication, Authorization and Auditing.

At a minimum, in Windows, Active Directory is the account/credential database used by Kerberos, the native authentication protocol in Windows, and every domain controller also happens to be a Kerberos Key Distribution Center (KDC), and based on this fact alone, Active Directory is the foundation of cyber security in a Windows Server based IT infrastructure.

It is also the focal point of administrative delegation and auditing for virtually all identity and access management functions because its powerful and sophisticated ACL based security model serves to protect every IT asset (user account, security group, computer account, group policy, OU, printer, SCP etc. etc.) that is represented as an object in Active Directory.

In addition, because Microsoft has also integrated host and security policy management with Active Directory, since every computer account is connected to Active Directory, group policy enables organizations and admins (i.e. privileged users) to easily, instantly and centrally specify (or alter) the security policy protecting thousands of computers from Active Directory.

Further, in a Windows Server based network that relies on Active Directory integrated DNS, even (something as basic as) name resolution depends on Active Directory. Similarly, over the years, Microsoft has integrated just about everything, from enterprise email (i.e. Microsoft Exchange) to RAS and VPN security to Azure connectivity with Active Directory.

Did I mention that over the last two decades, collectively billions of dollars worldwide have been spent by companies and vendors to integrate just about everything in IT (applications, management, access, security etc.) with Active Directory?

Finally, and most importantly, the very Keys to the Kingdom i.e. the most powerful privileged user accounts (and groups) e.g. Domain Admins, all reside in Active Directory and are all protected and secured in Active Directory by AD ACLs.

In short, in an organizational forest, NOT a leaf moves without the Active Directory being involved.



Active Directory Security Must Be Organizational Cyber Security Priority #1

If you've read this far, and followed everything I've so simply stated above, then it should be unequivocally clear to you that ensuring the highest protection of an organization's foundational Active Directory deployment must undoubtedly be the #1 priority of every organization that cares about cyber security, protecting shareholder value and business continuity.

What else could be more important?

For anyone to whom this still isn't clear, I'll spell it out - just about everything in organizational Cyber Security, whether it be Identity and Access Management, Privileged Access Management, Network Security, Endpoint Security, Data Security, Intrusion Detection, Cloud Security, Zero Trust etc. ultimately relies and depends on Active Directory (and its security.)


In essence, today every organization in the world is only as secure as is its foundational Active Directory, and from the CEO to the CISO to an organization's shareholders, employees and customers, everyone should know this cardinal fact.


We'll leave it at this for today.

Best wishes,
Sanjay.