Monday, January 6, 2020

What is Active Directory?


Today is January 06, 2020, and as promised, today onwards we are going to start sharing our cyber security insights.

Cyber Security 101

Perhaps we should begin by adequately answering a most simple yet most important question - What is Active Directory?

While this question may seem simple to some (and it is,) its one of the most important questions to answer adequately, because in an adequate answer to this most simple question lies the key to organizational cyber security worldwide.

Popular Belief - IT Phone Book ?

If you were to ask most CISOs or IT professionals, they'll likely tell you that Active Directory is the "phone book" of an organization's IT infrastructure because at its simplest, it is a directory of all organizational accounts and computers.

For two decades now, this has been the predominant view held by most CISOs and IT personnel worldwide. In fact, as recently as a few weeks ago, in a presentation, a prominent CISO labelled  Active Directory simply as "The Phone Book."

Sadly, in the simplistic view lies likely a BIG folly, because when you view something as just a "phone book,", in your mind you've already sub-consciously attributed a very low value to it, and dismissed any thought of it even requiring security.

In fact, it is the sheer negligence resulting from this simplistic view and folly that are the reason that the Active Directory deployments of most organizations remain substantially insecure and vastly vulnerable to compromise today.

After all, who cares about a phone book?!

Active Directory - The Very Foundation of Organizational Cyber Security Worldwide

Ladies and gentlemen, factually speaking, an organization's Active Directory deployment is the single most valuable IT and corporate asset, worthy of the highest protection, because it is the very foundation of an organization's cyber security.

It is said that a "A Picture is Worth a Thousand Words", so perhaps I should paint you a simple Trillion $ picture -

You see, the entirety of an organization's very building blocks of cyber security i.e. all the organizational user accounts and passwords used to authenticate their people, all the security groups used to aggregate and authorize access to all their IT resources, all their privileged user accounts, all the accounts of all their computers, including all laptops, desktops and servers are all stored, managed and secured in (i.e. inside) the organization's foundational Active Directory.

In other words, should an organization's foundational Active Directory be compromised, the entirety of the organization could potentially be exposed to the very serious risk of complete, swift and colossal compromise.

So, you see, an organization's Active Directory is a little more than just a "phonebook." In fact, it is the very foundation of the organization's entire cyber security, the heart of Privileged Access, and the lifeline of its entire IT infrastructure.

Technically Speaking

Technically speaking, Active Directory is a highly scalable, secure, resilient, enterprise-grade, multi-mastered directory service, with which Microsoft has integrated all three As of cyber security - Authentication, Authorization and Auditing.

At a minimum, in Windows, Active Directory is the account/credential database used by Kerberos, the native authentication protocol in Windows, and every domain controller also happens to be a Kerberos Key Distribution Center (KDC), and based on this fact alone, Active Directory is the foundation of cyber security in a Windows Server based IT infrastructure.

It is also the focal point of administrative delegation and auditing for virtually all identity and access management functions because its powerful and sophisticated ACL based security model serves to protect every IT asset (user account, security group, computer account, group policy, OU, printer, SCP etc. etc.) that is represented as an object in Active Directory.

In addition, because Microsoft has also integrated host and security policy management with Active Directory, since every computer account is connected to Active Directory, group policy enables organizations and admins (i.e. privileged users) to easily, instantly and centrally specify (or alter) the security policy protecting thousands of computers from Active Directory.

Further, in a Windows Server based network that relies on Active Directory integrated DNS, even (something as basic as) name resolution depends on Active Directory. Similarly, over the years, Microsoft has integrated just about everything, from enterprise email (i.e. Microsoft Exchange) to RAS and VPN security to Azure connectivity with Active Directory.

Did I mention that over the last two decades, collectively billions of dollars worldwide have been spent by companies and vendors to integrate just about everything in IT (applications, management, access, security etc.) with Active Directory?

Finally, and most importantly, the very Keys to the Kingdom i.e. the most powerful privileged user accounts (and groups) e.g. Domain Admins, all reside in Active Directory and are all protected and secured in Active Directory by AD ACLs.

In short, in an organizational forest, NOT a leaf moves without the Active Directory being involved.

Active Directory Security Must Be Organizational Cyber Security Priority #1

If you've read this far, and followed everything I've so simply stated above, then it should be unequivocally clear to you that ensuring the highest protection of an organization's foundational Active Directory deployment must undoubtedly be the #1 priority of every organization that cares about cyber security, protecting shareholder value and business continuity.

What else could be more important?

For anyone to whom this still isn't clear, I'll spell it out - just about everything in organizational Cyber Security, whether it be Identity and Access Management, Privileged Access Management, Network Security, Endpoint Security, Data Security, Intrusion Detection, Cloud Security, Zero Trust etc. ultimately relies and depends on Active Directory (and its security.)

In essence, today every organization in the world is only as secure as is its foundational Active Directory, and from the CEO to the CISO to an organization's shareholders, employees and customers, everyone should know this cardinal fact.

We'll leave it at this for today.

Best wishes,

No comments:

Post a Comment

Paramount Defenses Logo

© 2006 - 2024 Paramount Defenses.
All Rights Reserved.

Your Privacy

We use cookies to give you the best online experience. Please let us know if you accept these cookies.