Active Directory Security - Truth is Stranger than Fiction
For decades, Windows AD has been something that every analyst has loved and hated. Used in over 90% of enterprises, various manufacturers and software developers prioritize being compatible. On the other hand, many old services still heavily rely on AD. Decoupling an AD environment is difficult when maintenance and operation personnel are overly dependent, resulting in some uncomfortable security settings with maintenance and operations. Due to these problems and other historical factors, numerous underground network administrators (or Shadow Admins) have often taken advantage of improper AD configurations. With the rising number of cyberattacks targeting and exploiting AD, enterprises can no longer afford to ignore AD security issues and the business-altering risk they can produce.
In this presentation, we will discuss different AD security topics from previous years, explore exaggerated errors from real-world cases, share security tips, and look at the challenges faced by AD analysts today, such as permission inventory, neglected core assets, and security problems due to the implementation of permission separation. Finally, we will provide the audience with a deeper understanding of their own AD, how to define their acceptable level of risk, and how to approach their AD security.