AD History and Exposure
To say that Active Directory has not changed much over the past two decades is an understatement. As Active Directory hits its 21st birthday, some things remain the same, notably the objects and attributes that are contained within the infrastructure.
What does all this mean? First, very little effort needs to go into Active Directory education, as it has not and will not change. Second and more importantly, attackers have been able to find hidden backdoors and develop sophisticated attacks to obtain domain dominance.
Each feeds the other. If organizations are not staying on top of Active Directory while attackers are constantly finding backdoors, the attacks will continue to escalate, and efforts to secure AD will continue to slide.
• Environment is based on domains and forests
• Users, groups, and computers are the core objects
• Each domain is broken down for management of objects using organizational units (OUs)
• Group Policy is the preferred method for controlling users and computers
• Required services such as DNS and DHCP remain consistent
• Kerberos and NTLMv2 remain the preferred authentication protocols
• Password policy controls remain unchanged and stagnant
To read full download the whitepaper:
SECURING ACTIVE DIRECTORY: HOW TO PROACTIVELY DETECT ATTACKS