Active Directory Security
Security practices aimed at protecting Microsoft's Active Directory from attacks and misconfigurations.
Understanding Active Directory Security
Active Directory serves as the backbone of identity and access management (IAM) in enterprise environments. Attackers often target AD due to its role in controlling authentication, authorization, and policy enforcement across networks.
Key Security Components
Authentication and Authorization
Uses Kerberos authentication for secure user logins.
Implements group policies to control access.
Privilege Management
Enforces the principle of least privilege (PoLP) to limit user permissions.
Uses Role-Based Access Control (RBAC) to restrict administrative functions.
Security Monitoring and Auditing
Logs and monitors AD activities to detect anomalies.
Implements Security Information and Event Management (SIEM) solutions.
Common Security Threats
Pass-the-Hash (PtH) Attacks: Exploits stored password hashes to gain unauthorized access.
Golden Ticket Attacks: Uses stolen Kerberos keys to access resources.
Privilege Escalation: Attackers exploit misconfigurations to gain higher-level privileges.