Jerry Devore, expert on hardening Active Directory, discusses the importance of good credential hygiene, the impact of NTLM2 on compatibility level in Active Directory, and addressing security gaps in Active Directory. He also highlights the challenges of Active Directory consolidation and upgrade after mergers and acquisitions, emphasizing the need for AD cleanup and application modernization.
Prioritizing credential hygiene is essential for enhancing Active Directory security.
Addressing vulnerabilities in Active Directory, such as insecure configurations and outdated protocols, is crucial to minimize the risk of exploitation.
Deep dives
Importance of Credential Hygiene and AD Hardening
One of the main points discussed in the podcast is the importance of credential hygiene in Active Directory (AD) hardening. The speaker emphasizes that credential hygiene plays a crucial role in mitigating risks and preventing security breaches. He mentions that in the past, organizations made mistakes with service accounts and excessive delegation of domain admin accounts, resulting in insecure configurations. Old policies and insecure configurations still persist due to fear of breaking functionality or lack of understanding of their original purpose. The speaker suggests that organizations should prioritize cleaning up old policies, implementing tier models, and adopting zero trust concepts to enhance credential hygiene and strengthen AD security.
Addressing Vulnerabilities and Exploits
The podcast also highlights the need to address vulnerabilities and exploits in Active Directory. While AD is not typically exposed to the internet, it is often targeted by attackers once they gain access to a network. The speaker mentions that attackers frequently use AD as a lateral mover after breaching a system. He explains that hardening AD involves addressing issues such as insecure configurations, poor credential management, and outdated protocols like SMB1. The speaker emphasizes the importance of proper configuration, raising functional levels, and implementing secure protocols like NTLM2 and LDAP signing to minimize the risk of exploitation.
Adopting Baselines and Continuous Monitoring
Another key point discussed in the podcast is the adoption of security baselines and the importance of continuous monitoring. The speaker mentions that organizations can leverage tools like the Microsoft Security Compliance Toolkit and compare their current AD policies against established baselines, such as those provided by CIS. By doing so, organizations can identify gaps, prioritize changes, and improve overall AD security. The speaker suggests breaking down the necessary changes into manageable increments rather than attempting large-scale policy changes in a single instance. This approach allows for better testing, monitoring, and control over the impact of each change.
The Longevity of Active Directory and Azure Integration
The podcast also addresses the longevity of Active Directory and the role of Azure integration. The speaker mentions that organizations still heavily rely on Active Directory, even though the cloud and new technologies have emerged. He highlights the need to balance AD and Azure, as most organizations have a presence in both environments. The speaker suggests leveraging Azure AD join and integrating authentication to ensure seamless access to on-premises resources while minimizing attack paths. Furthermore, the speaker highlights the importance of gradually replacing Group Policy Objects (GPOs) with Mobile Device Management (MDM) policies to facilitate better device management and security.
Active Directory is still part of our lives - but can we make it more robust? Richard talks to Jerry Devore about his ongoing blog series on hardening Active Directory. Jerry talks about credential drift - decisions made in the past to turn down (or off!) security features in AD that made sense at the time but are no longer relevant. Most of these efforts only consume time - no products are involved, or the products are free. Check out the links in the show notes for Compliance tools that can help you find vulnerabilities in your infrastructure, including AD.
