Deflecting Active Directory Attacks
Many of today’s enterprises use Microsoft Active Directory (AD) either as their enterprise directory or as the network OS (NOS) directory for their Windows infrastructure. AD has become an important asset in most enterprises, and valuable things must be protected accordingly. This paper provides examples of attacks against Active Directory and shows how an enterprise directory can be protected against them. The attacks addressed in this paper include password cracking-, elevation of privilege- and denial-of-service-based attacks. The main goal of this paper is to show AD users the urgent need for taking a multi-pronged approach toward locking down and securing AD.
KeywordsActive Directory Authentication Protocol Trust Relationship User Account Domain Administrator
Unable to display preview. Download preview PDF.
- [IETFO3]IETF website, “Public Key Cryptography for Initial Authentication in Kerberos”: http://www.ietf.org/proceedings/O3mar/I-D/draft-ietf-cat-kerberos-pk-init-16.txt, 2003
- [MS 102]Microsoft Knowledge Base website, article “MSO2-001: Forged SID could result in elevated privileges in Windows 2000”: http://support.microsoft.coml?kbid=2892432002, 2002
- [MS 104]Microsoft Knowledge Base website, article “How To Use Visual Basic Script to Clear SidHistory”: http://support.microsoft.com/?kbid=295758, 2004