ANALYSIS OF CYBER ATTACKS ON ACTIVE DIRECTORY AND METHODS OF INCREASING THE SECURITY LEVEL OF THE WINDOWS SERVER OPERATING SYSTEM

Authors

DOI:

https://doi.org/10.35546/kntu2078-4481.2023.1.16

Keywords:

vulnerabilities, cyber-attacks, Active Directory, attack tools, attacks prevention, risk reduction, mitigating the consequences of cyber-attacks

Abstract

The article examines cyber-attacks on Active Directory of Windows Server operating system and investigates possible ways to prevent and mitigate them. Considering the popularity of Active Directory for building corporate networks, cyber criminals are highly interested in attacking it to disrupt its work or gain access to confidential information, and therefore, there is an increasing need for preventing and mitigating these attacks. The paper gives an overview of available publications on these issues. At the same time, the authors of the article emphasize the necessity of studying different types of attacks on Active Directory, in particular, new attacks, as well as the importance of being aware of versatile methods and tools for mitigating these attacks. The work studies and analyses the cyber-attacks on Active Directory, including Password Spraying, Pass-the- Hash, Golden Ticket and Silver Ticket Attacks, DNS Spoofing, attacks on group policy objects, DNS amplification, DCSync and SMB Relay attacks. The authors consider instruments available to cyber criminals and should be factored in by cybersecurity professionals while configuring and testing the defense of corporate networks based on Active Directory (Mimikatz, Bloodhound, Empire, CrackMapExec, Nmap, Metasploit, Responder, PowerUp, LaZagne). Through the analysis of different types of cyber-attacks and tools possibly exploited by intruders, the study determines general vulnerabilities of Active Directory, and corresponding attack vectors. In addition, possible strategies to mitigate the risks of successful attacks are considered, including implementing strong password policies, multi-factor authentication, least-privilege access control, software updates and security patches, and monitoring and suspicious activity detection. Consequently, the article provides information on the security risks associated with Active Directory and suggests practical advice for IT professionals who want to strengthen their defenses against cyber-attacks targeting this mission-critical system.

References

Kotlaba Lukas, Buchovecka Simona, Lorencz Robert. Active Directory Kerberoasting Attack: Monitoring and Detection Techniques. In ICISSP. 2020 p. 432-439. https://doi.org/10.5220/0008955004320439

Muthuraj S., Sethumadhavan M., Amritha P. P., Santhya, R. Detection and prevention of attacks on active directory using SIEM. In Information and Communication Technology for Intelligent Systems: Proceedings of ICTIS 2020, Volume 2. Springer Singapore, 2021. p. 533-541. https://doi.org/10.1007/978-981-15-7062-9_53

Mokhtar Basem Ibrahim, Jurcut Anca D., ElSayed Mahmoud Said, Azer Marianne A. Active Directory Attacks – Steps, Types, and Signatures. Electronics, 2022, 11(16): 2629. https://doi.org/10.3390/electronics11162629

Nebbione Giuseppe, Calzarossa Maria Carla. A Methodological Framework for AI-Assisted Security Assessments of Active Directory Environments. IEEE Access, 2023, 11: 15119-15130. https://doi.org/10.1109/ACCESS.2023.3244490

Clark Charlie. Analysis of a new AD vulnerability. Network Security, 2022, 2022.12. https://doi.org/10.12968/S1353-4858(22)70069-4

Oni Bamidele, Kpelafiya Aboubakar. Windows Active Directory vs. Linux Directory Services, 2023.

Ільєнко A.В., Ільєнко С., Куліш T. Перспективні методи захисту операційної системи Windows. Електронне фахове наукове видання «Кібербезпека: освіта, наука, техніка», 2020, 4(8). C. 124-134.

Струков В. М., Гуділін, В. В. Захист від атак підвищення привілеїв в корпоративних інформаційних системах. Протидія кіберзлочинності та торгівлі людьми: зб. матеріалів Міжнар. наук.-практ. конф.(м. Харків, 18 трав. 2021 р.). Харків: ХНУВС, 2021. С. 79-82.

Юкальчук, А. І., Загоруйко, Л. В., & Мартьянова, Т. А. Моделювання apt-атак, що експлуатують вразливість Zerologon. Прикладні аспекти сучасних міждисциплінарних досліджень, 2022. C. 231-234.

Philip Robinson. Top 10 Active Directory Attack Methods. URL: https://www.lepide.com/blog/top-10-activedirectory-attack-methods/

Jason Morano. The anatomy of Active Directory attacks. URL: https://blog.quest.com/the-anatomy-ofactive-directory-attacks/

Carlos Polop. Hack Tricks. Active Directory Methodology. URL: https://book.hacktricks.xyz/windows-hardening/active-directory-methodology

Darren Mar-Elia Attacking Active Directory: Tools and Techniques for Using your AD Against You. URL: https://www.semperis.com/blog/tools-attacking-active-directory/

Microsoft. Windows Server. Active Directory Domain Services. Security principals. URL: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-principals

Active Directory Security. URL: https://www.quest.com/solutions/active-directory/active-directory-security.aspx

Published

2023-06-28