One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8392224 |
| Date de publication | 2023-10-06 05:00:34 (vue: 2023-10-06 14:07:04) |
| Titre | 7 meilleures pratiques pour la sécurité active de la répertoire pour empêcher les attaquants de sortir 7 Best Practices for Active Directory Security to Keep Attackers Out |
| Texte | Active Directory security is a top-of-mind and ongoing concern for countless cybersecurity teams. Why? Because attackers are relentless in their efforts to target this vital directory service and identity management hub for Microsoft Windows-based networks. If a bad actor infiltrates a company\'s Active Directory (AD) they can work to escalate their privileges, move laterally through the network and gain access to sensitive data and systems. There are multiple ways to fortify your Active Directory security. In this post, we\'ll look at seven examples of Active Directory security best practices that can help you reduce the risk of costly breaches. These best practices make it tougher for bad actors to gain access to your AD in the first place. First, let\'s take closer look at Active Directory and its purpose. Then, we\'ll explain why Active Directory security is important and describe some common risks associated with it. What is Active Directory? Microsoft introduced Active Directory nearly a quarter-century ago. Today, it is a crucial component of Windows-based networks for businesses around the globe. AD plays a central role in how resources are managed and organized within a networked environment. AD stores information about objects on a network-like a printer, application or a user\'s account-and makes it easy for network administrators and users to locate and use that information. AD also manages user identities, authentication and access permissions. Active Directory allows administrators to enforce security policies, set password policies and control access to sensitive systems and data. So, for example, if you want to check your email or access the internet via your company\'s Windows-based network, AD is what permits you to connect to those resources. It also facilitates the single sign-on (SSO) authentication process. Why is Active Directory security so important? As noted at the top of this post, if a bad actor can compromise Active Directory, they are well on their way toward gaining access to sensitive data-or doing something worse. Here are just a few reasons that AD environments are prime targets for attackers: Centralized control. Active Directory is a central point of control for network resources including user accounts and servers. Once inside AD, attackers can take control of your entire network and potentially compromise other resources connected to it. Credential theft. Attackers can steal usernames and passwords stored in your AD. They can then use those credentials to access other systems, apps and data within your company. Privilege escalation. Active Directory stores information about user roles, permissions and group memberships. So, if an attacker can escalate their privileges within AD, they can gain access to other systems or admin accounts. That will allow them to make lateral moves within the network and expand their foothold. Persistence. Once attackers are inside Active Directory, they can establish persistence within the network. They can set up backdoor access, add rogue user accounts or manipulate security policies-moves designed to make it easier for them to evade detection. And if they are discovered, it will be harder for security teams to remove them from the network because they will have already created multiple other points of entry. What are some common Active Directory security risks? By now, it is probably clear that two of the most significant Active Directory security risks are unauthorized access to accounts and systems and the theft of credentials like usernames and passwords. The latter is, of course, a vital strategy for gaining unauthorized access. As your business works to improve Active Directory security, you will want to address common risks like these sooner than later: Inadequate password policies. Strong passwords are essential to prevent data breaches and data loss. If your password practices and policies are lacking, you can be sure that attackers will take full advantage of those weaknesses. To |
| Envoyé | Oui |
| Condensat | 100 2008 2012 2016 2019 2022 26923 about abuse abusing access account accounts accounts acls acquire active activities actor actors add additional address admin administered administrative administrator administrators admins advantage ad against ago all allow allows already also another any application applications approach apps are around assign associated attacker attackers attackers: attacks attributes auditing authenticated authentication authority authorized automatically available awareness back backdoor bad based basis because before being best both breaches breaks broadly buildup business businesses but can capabilities cases cause central centralized century certificate changes changing check cite clear client closer collection common company complete completely complex component comprehensive compromise compromised computer computers concern configured configuring connect connected connectivity consider continuously control controller controls costly could countless course create created creating creative credential credentials criminals criteria critical crucial cve cyber cybersecurity damage data day days dedicated default defend deleted deleting depending describe designed detect detection determine direct directory directory disable disabling discovered discovers disruptions document does doing domain doubt down down” due each eager easier easy efforts elevate eliminating email employ employees enable encryption enforce enhance ensure entire entry environment environments error escalate escalation essential establish evade every everyday evolving example example: examples expand expiration explain exploit exploiting exposed exposure facilitates fast features features field financial find first fixes focused foothold forest formal fortify frequent from full gain gaining globe good grant group guess hardening harder hardware harm have help here hidden high highly history how however hub human identified identifiers identify identifying identities identity implementing important improve inactive inactivity inadequate include include: including individual infiltrates information inside insider insiders install instead instructions intellectual intent internet introduced involves isn isolated itdr its joined just keep key kit known lack lacking later later: lateral laterally latter layer learn least legacy legitimate less let like likelihood likely limit limiting lists local locate locked look loss lot machine make makes malicious manage manageability managed management management manages manipulate manual many may means measures memberships mere mfa microsoft mind minimized mischief misconfiguration misconfigurations misconfigured models modify month more more most move movement moves msa msas much multifactor multiple mundane must nearly necessary need needs network networked networks not note: noted notify now objects offers often once one ongoing only operating organized originate other others otherwise out outdated over own part particularly passphrases password passwords patch path perform performing period permissions permits persistence personnel place placing plan plays point points policies policy polp pose possible post potentially practice practices practices prevent prime principle printer prioritize privilege privileged privileges proactive probably process proofpoint property protect purpose quarter quickly ransomware rbac reasons record reduce reduced reducing regularly regularly related relentless relevant rely remediate remove rename reports require resources response restricted rights risk risks rogue role roles rotates routine running safely same saw saw scan scanning secure security see seek seem segment sensitive separate serious server servers service services set settings seven should sid sign significant single software solution solutions some something sooner specific sso stakeholders stale start starter stay steal steps stop stored stores strategies strategy strict strong strongly such sure surprisingly system systems systems take taking target targeting |
| Tags | Threat Ransomware Vulnerability |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.