ACTIVE DIRECTORY SECURITY ASSESSMENT

The Cyphere Active Directory Security Assessment (ADSA) is a specialised offering designed to provide you with a deep dive into security configuration and vulnerabilities that could be leveraged for company-wide attacks. This is followed by recommendations for risk mitigation and remediation measures.

Get In Touch

No salesy newsletters. View our privacy policy.

Why is Active Directory security important?

Active directory is a central component to all steps of a cyber kill-chain. This is the primary reason why Active Directory security is a critical element for organisations.

Active directory (also known as ‘ad’) is a critical element for keeping corporate environments operational and downtimes are unthinkable in this day and age. The ultimate target of any cybercriminal is to compromise the domain controllers of a business, that are the heartbeat of any network. Once compromised, it allows open access to the entire estate. Literally, it is direct access to staff emails, open access around differnet portals and applications, any user’s password hashes and infiltration across multiple networks in case of trusted domain relationships (with third-parties, multiple regions, etc). 

It does not matter how many security solutions you have deployed, how many security resources you have on hand – without a secure Active Directory setup, your environment is a low hanging fruit for attackers. Whether it is an insider attacker, an external attacker or supply chain attack vector – it all comes down to compromise of one, two or all three security principles – Confidentiality, Integrity and Availability

Improve the big picture today.

 

cyber kill chain

How does AD security assessment works?

01. Initial Scoping & Objectives

Our AD security experts with you to define the assets in scope covering primary security concerns and any specific requirements. Specialised assessments like these are defined with test cases built around both authenticated and unauthenticated attack vectors.
These objectives and understanding of environment is gained at this stage. 

04. Specific Activities

This phase includes specific activities such as password cracking and statistical analysis to assess the password culture of a company. 

Authentication and authorisation mechanisms are reviewed for the presence of any weaknesses around active direcotry forest, group membership, user accounts, privileged access (Enterprise admins, Domain Admins, Local Admins), service accounts and access controls. Checks around object ACLs’ covering security group memberships, AdminSDHolder, DCSync, trust relationships, integrated services (Azure Connect or others).

02. reconnaissance & information gathering

Information gathering phase works as first sub-phase of collecting information and intelligence about the AD structure and implementation. 

First step to preparation is based on whether on-premises AD, Azure Active Directory or hybrid model is in use. All the main components such as Active Directory domain services, certificate services, federation services (if ADFS in use), LDAP are taken into consideration at this point.

Number and layout of active directory domains, overall structure, company hierarchy and understanding of Active Directory forest all fall into this initial understanding.

05. AD Security Best Practices

Active directory security best practices are checked against the following areas:

  • AD infrastructure, logical structure
  • Group Policy Security checks
  • Domain Controller Security configuration
  • Sites, Services, Namespace, Zones
  • Authentication and Authorisation Mechanisms
  • Password Cracking, Hashing, Databases
  • AD delegation, User and Privileged Access Management
  • Logging & Monitoring
  • Insecure Information Storage Practices
  • Administrative workstations
  • Anti-virus, Patching, Backup, Services and Domain Controller checks

03. Manual Security Hardening Review

A manual approach is followewd to perform checks such as hardening reviews against Domain Controllers – It covers assessing the services in use, auditing and account policies, password policies and kerberos settings.
Access control list reviews include ACL scans against DC computer objects, critical groups such as domain admins (DA), enterprise admins (EA) and equivalent users/groups (backup, operators, etc).
Identify any escalation paths and GPO weaknesses that would help an attacker exploit privileged access memberships vertically or horizontally.

06. REPORTING & DEBRIEF

This includes analysis on the test output, evaluation of the risk impact and attack likelihood before providing action plans to remediate the identified security issues. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels.

Our engagement process includes delivering a free of charge debrief to management and technical teams.
Cyphere also provide a remediation consultancy where we define and execute the risk mitigation plan.

Your trusted Active Directory Security experts

Active Directory security issues

Key Benefits of Active Directory Security Assessment (ADSA)

Active Directory Security Testing Methodology

To perform an Active Directory assessment, it is important to understand the context of business and associated assets in scope for the engagement. Our proven approach to security assessments is based on more than a decade of experience, industry practices and effective ways to exceed customer expectations. 

Cyphere’s review methodology for active directory environment is broken down into the following phases:

  1. Initial scoping & objectives
  2. Information gathering
  3. Security hardening review
  4. Environment specifics
  5. Security best practices
  6. Detailed report & debrief
active directory security assessment

Once a year recommended Active Directory security health check

Our Security Assessments Approach

Customer Business Insight

The very first step remains our quest to gain insight into drivers, business, pain points and relevant nuances. As part of this process, we understand the assets that are part of the scope.

Services Proposal

It is important to gain grips with the reality, therefore, we always stress on walkthroughs or technical documentation of the assets. After asset walkthroughs, a tailored proposal is designed to meet your business’ specific requirements.

Execution and Delivery

Cyphere’s approach to all active directory environment reviews involve excellent communication before and during the execution phase. Customer communication medium and frequency are mutually agreed, and relevant parties are kept updated throughout the engagement duration.

Data Analysis & Reporting

Execution phase is followed by data analysis and reporting phase. Cyphere performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. Our detailed report address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels

Debrief & Support

As part of our engagement process, customers schedule a free of charge debrief with management and technical teams. This session involves remediation plan, assessment QA to ensure that customer contacts are up to date in the language they understand.

Recent Blog Entries

BOOK A CALL