Security News > 2021 > January > Rethinking Active Directory security

In the wake of a cyberattack, Active Directory is sometimes dismissed as just another service that needs to be recovered, and security is an afterthought.

Since Active Directory is used as a source from which to sync to other identity stores, any tampering with Active Directory can cause a devastating ripple effect across your identity infrastructure.

While Active Directory was not the main vector in the SolarWinds attacks, several common Active Directory attack techniques were used to move around both the on-premises and cloud identity and application environments to extend the reach of the attackers.

Specific security provisions must be in place to monitor for and prevent unsanctioned changes within Active Directory itself, as well the ability to return to a known secure state, should a change find its way past prevention efforts.

The hardening of Active Directory is often an underappreciated task, but it should be considered key to limiting the impact should an attacker get into your environment and try to leverage Active Directory to move through your network.

Since Active Directory is a prime target for attackers attempting to steal credentials and deploy ransomware across the network, it's worth considering the repercussions of an Active Directory attack even if you're not directly responsible for its daily operation.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ggHhsTGnwVY/