AD History and CyberExposure

Active Directory has been the main identity and access management solution for organizations over the past 21 years. some things remain the same, notably the objects and attributes that are contained within the infrastructure.

Objects fall into two different categories:

Resources: printers, computers, or other shared devices.

Security Principals: users, passwords, groups, etc., or any object that needs to be authenticated, or that can be given permissions.

AD allocates a unique Security Identifier (SID) to each of these security principals objects.

“IAM” solution is known not only to admins but attackers. Attackers have been able to find hidden backdoors and develop sophisticated attacks to obtain domain dominance

If organizations are not staying on top of Active Directory while attackers are constantly finding backdoors, the attacks will continue to escalate, and efforts to secure AD will continue to slide.

 The Active Directory structure :

? Environment is based on domains, trees, and forests

? Users, groups, and computers are the core objects

? Each domain is broken down for management of objects using organizational units (OUs)

? Group Policy is the preferred method for controlling users and computers

? Required services such as DNS and DHCP remain consistent

? Kerberos and NTLMv2 remain the preferred authentication protocols

? Password policy controls remain unchanged and stagnant