What you need to know about Active Directory
With more and more IT admins shifting their IT infrastructure to the cloud, Active Directory, the keystone of every Windows Domain Network is losing out to security vulnerabilities.
Active Directory, the means by which everyone (users, customers, and partners) authenticate to a system, have been providing Identity and Access management to enterprises, large or small, for two decades. Robust IAM enables IT admins to control and regulate the usage of IT services, specify applications, files and networks. Without this type of control, the services of every single business would be constantly under attack from hackers. That isn’t to say that businesses aren’t under attack, just to recognize that Identity and Access Management, in and of itself plays a crucial role in allowing the IT department to understand and isolate any security issues.
Active Directory, synonymous with access management due to Microsoft leadership and dominance in the tech space, created a Windows-based ‘Active Directory’ to manage the Windows system, cementing themselves as the key player in directory services for the past twenty years.
Unfortunately for Active Directory, as many IT services are now performed through the cloud, the centralization and control of cybersecurity issues within this vertical are harder than before.
Why is Active Directory security crucial?
Cybercriminals target Active Directory, a lot. Standard attacks will involve penetrating the system and performing what is known as ‘reconnaissance’ (a military term) to discover users, servers, and computers in an enterprise network. This is the springboard for multi-stage attacks that give access to organizational resources and data within the company.
Traditionally, network and physical infrastructure layers were given the entire security budget and Active Directory was basically ignored, even though the access we grant users in Active Directory are the same credentials that are later abused, stolen and sold on by hackers, either by through human error or on purpose.
From 2018, organizations began to pay attention to Active Direction due to some high-profile faux pas, such as the Uber incident or the 2017 wipeout from NotPetya indicating a growing acceptance that Active Directory is critical infrastructure that needs to be secured.
What would be Doomsday for Active Directory users?
The NotPetya attack of 2017 isn’t far enough away for us to forget. Publicly attributed to Russian military hackers in early 2018 by the British government, NotPetya infected and shut down shipping line Maersk- it wiped out all of the domain controllers and resulted in the rebuilding of 4000 servers globally. Unforgettable, unbelievable – the NotPetya attack is known as scorched earth and it’s exactly what everyone is so afraid of.
Scorched earth means that everything gets wiped out. Not a single domain controller left anywhere, meaning that all the apps, files and users become useless. Nothing would work, as users couldn’t access their data and applications, that’s hospitals, banks – everything.
In this type of scenario, companies should have a well-practiced Active Directory recovery plan that includes all the clients and users, backups of the Operating system and network and domain controllers which are stored in a separate network, enough to set up an entirely new system.