Page 93 - Cyber Warnings August 2017
P. 93

How Windows Active Directory is the root cause of many logon

               security headaches

               By François Amigorena, CEO, IS Decisions

               Managing access to corporate networks is one of the most important parts of an IT professional’s job. The
               reason why is simple. Poor access security can lead to devastating data breaches, like that of Dropbox,
               eBay, Sony, Anthem, Sage, Three and many others. These attacks occurred as a direct result of an

               employee’s login details falling into an attacker’s hands.

               And yet, despite these attacks, many organisations are doing very little to shore up their user access
               security, with many still relying on standalone native Windows Active Directory (AD) to do the job. A great
               many experts agree that using AD on its own is incredibly risky. Analyst and director Bob Tarzey at
               Quocirca argues: “Active Directory provides basic user security, checking that credentials supplied match
               stored user profiles and then opening up access to resources. Stronger techniques are needed to ensure

               a user really is who they say they are.”

               Those companies that use AD on its own are now facing huge challenges, as IS Decisions has found
               when delving into online community forums like Peerlyst, Spiceworks, Reddit and DaniWeb.


               Many community members have been quick to point out AD’s limitations. A man who calls himself
               “Guurhart”, for example, believes “the biggest challenge is Kerberos and the weaknesses inherent in AD.
               Only the latest versions of windows give you any real chance at beating attackers who're trying to move
               laterally.”

               Scott Miller from Niagara Technology Group adds to this saying: “A major limitation of AD is the
               assumption that you will have a LAN. Azure AD (which is not AD) breaks this barrier and is worlds better
               as a concept. Unless you are totally LAN centric, AD adds so much complication.”


               Brad Voris also comments on the inflexibility of group logs, saying: “Audit logs are in the form of event
               logs with specific error messages, some of which require Group Policy configuration changes on the
               Domain Controller Default Policy. Initially there is VERY limited logs and in order to get more data you
               have to make a fair amount of changes to Group Policy. Very important.”


               Indeed, a previous piece of IS Decisions research in The Insider Threat Manifesto found that nearly half
               (49%) of IT security professionals believe there to be security holes in AD.



                    93   Cyber Warnings E-Magazine – August 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   88   89   90   91   92   93   94   95   96   97   98