Press "Enter" to skip to content

Active Directory: How attackers are lured into the trap with deception

table of contents

This article takes a new approach to securing Active Directory (AD): active defense. While the previous articles in the Active Directory series were about the gateways offered by Active Directory, how system administrators can avoid misconfigurations, harden their environment and discover possible attacks through logs and monitoring, the new method aims to quickly identify attempted attacks and to mislead intruders.

Focus on network security in Active Directory

Allegedly misconfigured accounts that look as if they are real, but trigger an alarm in the event of abuse, are intended to lure unwanted guests into the corporate network. It is undisputed among security experts that using the “Assume Breach” approach, attackers have no difficulty in compromising any system in a company, for example through phishing or the exploitation of a vulnerability, and executing commands from there. The fact that an organization is attacked is therefore not a question of if, just a question of when. This should have become clear at the latest with the increasingly devastating ransomware attacks.

Companies still usually only invest in preventing and hardly in recognizing possible security incidents. With Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR), newer technologies that are supposed to detect compromised systems are pushing onto the mass market, as described in the articles “New Defense Approaches in IT Security: EDR and XDR” and “Endpoint Security and EDR tools: quickly identify and react to dangers “. However, advanced attackers have adapted to it and can circumvent these and established security measures such as malware scanners with a little effort. Even if monitoring is in place and an internal or external security operations center (SOC) has a close eye, the reports are mostly false warnings, which leads to a certain level of alarm fatigue on the part of defenders.

  • Access to all heise + content
  • exclusive tests, advice & background: independent, critically well-founded
  • Read c’t, iX, MIT Technology Review, Mac & i, Make, c’t photography directly in your browser
  • register once – read on all devices – can be canceled monthly
  • first month free, then monthly from € 9.95
  • Weekly newsletter with personal reading recommendations from the editor-in-chief

Start FREE month

Start your FREE month now

Already subscribed to heise +?

Sign up and read

Register now and read articles right away

More information about heise +

Article Source

Disclaimer: This article is generated from the feed and not edited by our team.