Sunday, April 27, 2025

Active Directory Hardening

 

Active Directory Hardening

Core Concepts:

  • Understanding General AD Concepts: Establishes foundational knowledge about domains, trees, forests, and trust relationships within Active Directory.
  • Tiered Administration: Introduces the concept of separating administrative privileges into tiers (Tier 0 for critical assets like domain controllers, Tier 1 for servers and applications, and Tier 2 for end-user devices) to limit the impact of compromised accounts.
  • Least Privilege: Emphasizes granting users only the necessary permissions to perform their tasks, reducing the potential for misuse.

Securing Authentication Methods:

  • Password Policies: Configuring strong password complexity requirements (minimum length, character types), password history, and maximum password age to mitigate brute-force and password reuse attacks.
  • NTLM vs. LM Hashing: Ensuring that Windows stores password hashes using the more secure NTLM protocol instead of the weaker LM hash.
  • SMB Signing: Enabling digital signing for Server Message Block (SMB) communication to protect against Man-in-the-Middle (MITM) attacks and ensure data integrity during file and printer sharing.
  • LDAP Signing and Channel Binding: Configuring Lightweight Directory Access Protocol (LDAP) signing and channel binding to secure communication between clients and domain controllers, preventing MITM attacks.

Securing Hosts through Group Policies:

  • Leveraging Group Policy Objects (GPOs) to centrally manage and enforce security settings across the domain.

Implementing the Least Privilege Model:

  • Creating appropriate account types (standard user accounts vs. privileged accounts).
  • Utilizing Role-Based Access Control (RBAC) on hosts.
  • Implementing the Tiered Access Model for administrative accounts.

Protection Against Known AD Attacks:

  • Briefly touches upon common Active Directory attacks like Kerberoasting, exploiting weak passwords, brute-forcing RDP, and vulnerable public shares.

Microsoft Security Compliance Toolkit:

  • Introduces the Microsoft Security Compliance Toolkit as a valuable resource for downloading pre-configured security baselines and templates that can be applied through Group Policy to harden Active Directory.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Splunk

Splunk  has three main components, namely Forwarder, Indexer, and Search Head. These components are explained below: Splunk  Forwarder Splun...

  • Email Header Analysis Tools:
      Email Header Analysis Tools: MXToolbox Email Header Analyzer:  https://mxtoolbox.com/EmailHeaders.aspx  - A very popular and user-friendly...
  • Network Mapper (Nmap)
     Understanding Nmap:  Nmap, short for Network Mapper, is a powerful open-source tool widely used by cybersecurity professionals for network ...