Active Directory (AD) is a foundational piece of technology infrastructure used to handle business-critical components of a network, such as applications, data and users. Due to its strategic importance, AD has become an easier target for cyber criminals, warns distributor Exclusive Networks Africa and its vendor partner Tenable.
Tenable says managing and securing AD is extremely complex, particularly at scale within an enterprise environment, and IT security managers are compelled to do all they can to keep threat actors at bay.
Exclusive Networks and Tenable emphasise the danger of a ‘golden ticket’ attack or one where malicious actors specifically target AD or the ‘crown jewels’ of an organisation. If successful, these actors gain almost unlimited access to an organisation’s domain, including devices, files and domain controllers.
Stefan van de Giessen, country manager: SA and SADC at Exclusive Networks Africa, says malicious actors exploit weaknesses in the Kerberos identity authentication protocol to bypass authentication.
He specifies the main weakness of this protocol is that all authentication tokens passed by it have a lifespan.
Exclusive Networks Africa adds that attackers can create dormant accounts, giving them backdoor access so that even if they are discovered, they can return to the environment unnoticed – even being able to erase their forensic footprints as they move through an organisation's network.
Human factor
Van de Giessen says another vulnerability is created because most organisations configure their AD and then leave it as is, without reviewing the rights and access levels associated with the user or application.
An additional area of concern is the human element because users are the easiest target for any hackers.
“Users are constantly targeted to sharing their login credentials. Once obtained, the hackers can install additional tools to get access to the network and ultimately to the account directory,” says Van de Giessen.
He says once an attacker gains a foothold in an organisation, they require access to a privileged user account.
“The purpose of AD is to enable IT departments to create and manage user accounts and control access to resources on corporate networks. With it, administrators can create and enforce security policies for the network… threat actors will therefore target users with high-level privileges to gain access to the information they are looking for.”
In addition to revealing user-level exposures, says Van de Giessen, AD protection also extends to uncovering domain-level exposures as well as understanding device-level attack paths.
He adds: “It is extremely challenging to manage Active Directory securely within an enterprise, and requires significant expertise and ongoing attention, as well as the right tools. Fortunately, IT security teams can fight back with solutions to secure AD environments and thereby disrupt one of the common attack paths in both advanced persistent threats as well as ‘everyday’ breaches.
“Keeping on top of the security of Active Directory is crucially important for businesses because the service ‘holds the keys to the kingdom’ by providing access to systems, applications and resources. An attacker’s ability to invade an organisation’s identity infrastructure is central to how secure your company actually is. Businesses must be aware of vulnerabilities and take steps to strengthen their Active Directory security, to keep their networks safe from cyber attacks,” he concludes.
Share