Hello everyone and welcome to ZD Tech, ZDNet’s daily editorial podcast. My name is Louis Adam and today I will explain to you the central role that Active Directory plays in the security of an enterprise.
Active Directory is a directory service developed by Microsoft and widely used in businesses. Alternatives exist, but Active Directory remains the most obvious solution for administering a fleet of computers running on Windows operating systems – which is often the case in companies.
Manage all devices in a fleet
This tool is used in particular to list all the devices in an organization and administer them remotely: it is for example thanks to Active Directory that your computer is able to connect to the printers, servers and workstations of the rest of the company.
But it is above all through Active Directory that administrators set the authorizations and permissions of the various network users: the service makes it possible to centralize identification and authentication on a network of devices running Windows.
Unsurprisingly, control of Active Directory is therefore today a major issue for cyberattackers and defenders alike.
A target of choice
For attackers who have succeeded in compromising a user and who wish, for example, to deploy ransomware across the company’s entire IT infrastructure, taking control of this service is a priority.
The main objective: to become an administrator of the domain, a high-privilege position that gives a lot of power over the entire computer system.
An attacker capable of taking control of this service is therefore in a strong position to carry out malicious operations while concealing his presence from defenders. The complexity of the directory is such that in some cases, the only way to ensure that an attacker who has gained a foothold on the system is out of harm’s way is to rebuild the directory from scratch. A generally costly measure of last resort for a company.
Prevention is better than cure
Securing Active Directory is therefore a priority that Anssi, the French cybersecurity agency, regularly reminds companies.
But the agency also publishes tools, guides and documents aimed at helping companies gain maturity on the subject. The general idea is to clearly identify accounts with important privileges and to secure access to these accounts as well as possible.
But in a company with a large IT infrastructure, the task of securing Active Directory can quickly become complex and delicate. This is why many third-party services and software specialize in supporting administrators to harden access to this resource. It’s not always free, but as often, prevention is better than cure.