What is Active Directory? (Cyber Security 101 for the Entire World)

Folks,

Today is January 06, 2020, and as promised, here I am getting back to sharing perspectives on cyber security.


Cyber Security 101

Perhaps a good topic to kick off the year is by seeking to ask and answer a simple yet vital question - What is Active Directory?

You see, while this question may seem simple to some (and it is,) its one of the most important questions to answer adequately, because in an adequate answer to this most simple question lies the key to organizational cyber security worldwide.

The simple reason for this is that if you were to ask most CISOs or IT professionals, they'll likely tell you that Active Directory is the "phone book" of an organization's IT infrastructure, and while its true that at its simplest, it is a directory of all organizational accounts and computers, it is this shallow view that leads organizations to greatly diminish the real value of Active Directory to the point of sheer irresponsible cyber negligence because  "Who really cares about just a phone book?"

In fact, for two decades now, this has been the predominant view held by most CISOs and IT personnel worldwide, and sadly it is the negligence resulting from such a simplistic view of Active Directory that are likely the reason that the Active Directory deployments of most organizations remain substantially insecure and vastly vulnerable to compromise today.

Again, after all, who cares about a phone book?!




Active Directory - The Very Foundation of Organizational Cyber Security Worldwide

If as they say, a "A Picture is Worth a Thousand Words", perhaps I should paint you a very simple Trillion $ picture -

An organization's Active Directory deployment is its single most valuable IT and corporate asset, worthy of the highest protection at all times, because it is the very foundation of an organization's cyber security.

The entirety of an organization's very building blocks of cyber security i.e. all the organizational user accounts and passwords used to authenticate their people, all the security groups used to aggregate and authorize access to all their IT resources, all their privileged user accounts, all the accounts of all their computers, including all laptops, desktops and servers are all stored, managed and secured in (i.e. inside) the organization's foundational Active Directory, and all actions on them audited in it.

In other words, should an organization's foundational Active Directory, or a single Active Directory privileged user account, be compromised, the entirety of the organization could be exposed to the  risk of complete, swift and colossal compromise.



Active Directory Security Must Be Organizational Cyber Security Priority #1

Today, ensuring the highest protection of an organization's foundational Active Directory deployment must undoubtedly be the #1 priority of every organization that cares about cyber security, protecting shareholder value and business continuity.

Here's why - A deeper, detailed look into What is Active Directory ?

For anyone to whom this may still not be clear, I'll spell it out - just about everything in organizational Cyber Security, whether it be Identity and Access Management, Privileged Access Management, Network Security, Endpoint Security, Data Security, Intrusion Detection, Cloud Security, Zero Trust etc. ultimately relies and depends on Active Directory (and its security.)



In essence, today every organization in the world is only as secure as is its foundational Active Directory deployment, and from the CEO to the CISO to an organization's shareholders, employees and customers, everyone should know this cardinal fact.

Best wishes,
Sanjay.

A Very Simple Trillion $ Cyber Security Multiple-Choice Question

Folks,

In days to come, I'll be helping organizations worldwide understand what constitutes a privileged user in Active Directory, how to correctly audit privileged access in Active Directory, and what the world's most important Active Directory security capability is.

Today though, I just wanted to ask a very simple and elemental cyber security multiple-choice question, so here it is -

Q. What are the minimum Active Directory Security Permissions that a perpetrator needs to be able to successfully run Mimikatz DCSync against an organization's foundational Active Directory deployment?

Is it -

A. The "Get Replication Changes" Extended Right 

B. The "Get Replication Changes All" Extended Right 

C. Both A and B above 

D. Something else

I already know the answer to this simple question. I'm only asking because I believe that today every Domain Admin and every CISO at every organization that operates on Active Directory MUST know the answer to this question, and here's why.

You may be surprised if I were to share with you just how many Domain Admins and CISOs (at so many of the world's most prominent organizations) don't know even seem to know what Mimikatz DCSync is, let alone knowing the answer!

If you know the answer to this question, and care to share, please feel free to share it by leaving a comment below.

Best wishes,
Sanjay.

Time to Ignite An Intellectual Spark at Microsoft Ignite 2018!

Folks,

This week, thousands of IT professionals, managers, CISOs and CIOs are in Orlando, attending, well, Microsoft Ignite 2018 !

Image Courtesy Microsoft. Source: https://www.microsoft.com/en-us/ignite

Now, according to Microsoft's website, Microsoft Ignite has SOLD OUT!  Great!  There are 900+ sessions, 100+ instructor-led technology workshops, 60+ Microsoft Immersion workshops, and 50+ hands-on labs with access to expert proctors!

Did I mention that of course, Microsoft's very own experts are also going to be there, and collectively, they covered numerous vital areas such as Securing the Enterprise, Simplified IT Management, Identity‚ Access & Compliance, Enterprise Security etc.


So, with over 1000 sessions, 1000s of attendees, access to "expert proctors", and 100s of Microsoft's very own IT experts, THERE MUST BE AT LEAST ONE PERSON AT MICROSOFT IGNITE who could answer A very SIMPLE QUESTION -

       Question - What's The World's Most Important Active Directory Security Capability?

( URL: http://www.active-directory-security.com/2018/07/the-worlds-most-important-active-directory-security-capability.html )

Now, in case you're wondering why anyone and in fact everyone attending Microsoft Ignite should care about this question, its because in a Microsoft Windows Server based IT Infrastructure, NOT A SINGLE ONE of the numerous vital areas listed above i.e. Securing the Enterprise, Simplified IT Management, Identity‚ Access & Compliance, Enterprise Security etc. etc. can be adequately addressed without FIRST ENSURING THE SECURITY of their foundational Active Directory deployments!


Guess what?!  I'm willing to bet that 99% of experts (let alone attendees) at Microsoft Ignite don't have a clue as to the answer!


Unbelievable, haan?! So much so for a US $ 800 Billion company's  "Sold Out"  IT Conference, where 100s of world renowned IT experts, including Microsoft's finest, were presenting, and where 1000s of IT professionals (including Domain Admins of most Fortune 100 companies) were attending, yet no one likely knows the answer to this most basic of Windows Security questions!


Er, what's that millennial lingo again? Ah yes,  OMG  LOL ROFL !

Doesn't anyone RTM today?  (They don't, and here's likely why.)


On a serious note, if anyone attending Microsoft Ignite 2018 (including Microsoft's own experts) knows the answer to this 1 question, be my guest and answer the question by leaving a comment at the end of that blog post, and you'll earn my respect.

If you don't know the answer, I highly recommend reading, one, two and three, because without knowing the answer to this 1 question (and without possessing this capability,) you cannot secure anything in an Active Directory based Windows network.


Best wishes,
Sanjay

WHAT is the ONE Essential Cyber Security Capability WITHOUT which NOT a single Active Directory object or domain can be adequately secured?

Folks,

Hello again. Today onwards, as I had promised, it is finally TIME for us to help SAFEGUARD Microsoft's Global Ecosystem.

Before I share how we uniquely do so, or answer this paramount question, or ask more such ones, I thought I'd ask likely the most important question that today DIRECTLY impacts the foundational cyber security of 1000s of organizations worldwide.



Here It Is -

What Is the 1 Essential Cyber Security Capability Without Which NOT a single Active Directory object, domain, forest or deployment can be adequately secured?

A Hint

I'll give you a hint. It controls exactly who is denied and who is granted access to literally everything within Active Directory.

In fact, it comes into play every time anyone accesses anything in any Active Directory domain in any organization worldwide.




Make No Mistake

Make no mistake about it - one simply CANNOT adequately protect anything in any Active Directory WITHOUT possessing this ONE capability, and thus one simply cannot protect the very foundation of an organization's cyber security without possessing this ONE paramount cyber security capability. It unequivocally is as remarkably simple, elemental and fundamental as this.



Only 2 Kinds of Organizations

Thus, today there are only two kinds of organizations worldwide - those that possess this paramount cyber security capability, and those that don't. Those that don't possess this essential capability do not have the means to, and thus cannot adequately protect, their foundational Active Directory deployments, and thus by logic are provably and demonstrably insecure.


If you know the answer, feel free to leave a comment below.
I'll answer this question right here, likely on July 04, 2018.

Best,
Sanjay

10 Essential Cyber Security Questions for All Organizations Worldwide

Folks,

Today, I'd like to share 10 elemental, essential and in fact paramount cyber security questions that every organization in the world should have answers to. They are directly related to the Trillion $ question I posed to Microsoft earlier this week.

(Quick Note: As I indicated last week, sometime this week, I will be respectfully taking Microsoft to Active Directory Security School. This post is not the one that takes them to school. Along the lines of yesterday's Trillion $ Q post, this post also helps set the stage for that post. That post will be titled "Defending Active Directory Against Cyberattacks", and will be out this week.)

Here they are -

1. Exactly who has the Replication Get Changes All extended right effectively granted in the domain root's ACL?

2. Exactly who can change the security permissions in the ACL on the domain root object?

3. Exactly who can reset the password* of all default and custom administrative (privileged) user accounts?

4. Exactly who can modify the membership of all default and custom administrative (privileged) security groups?

5. Exactly who can manage the contents of the Systems container and the Configuration and Schema partitions?

6. Exactly who can change the security permissions in the ACL of the AdminSDHolder object?

7. Exactly who can modify the default Domain Controllers Policy or link a GPO to the Domain Controllers OU?

8. Exactly who can establish and/or manage cross forest trusts, or trusts to external domains?

9. Exactly who can reset the password* of all executive accounts (e.g. Chairman, CEO, CIO, CFO, CISO etc.)?

10. Exactly who can create, control (i.e. manage and/or delegate management of) and delete vital Active Directory       content, such as all (valuable) domain user and computer accounts, security groups, organizational units etc.?

      * If Smart cards are in use, exactly who can disable the use of Smart cards on these domain user accounts?

Not only are these 10 elemental cyber security questions directly related to Active Directory security, they directly impact and are imperative to foundational cyber security of 1000s of business and government organizations in 150+ countries worldwide.

They are imperative to foundational cyber security because anyone who can enact these tasks could instantly gain command and control over the entire organization's security. For details, after Nov 01, please visit - www.paramountdefenses.com/blog/

Incidentally, to be able to answer any and each of these 10 elemental and essential cyber security 101 questions, organizations require the ability to perform just one technical process. So, here's another trillion $ question - What is that one process?

The answer to this trillion question is coming soon, right here on this blog, later this week. (Stay tuned.)

Oh, and if any cyber security company on the planet (including but not limited to Microsoft, Amazon, IBM, Google, Cisco, EMC, Dell, Centrify, Palo Alto Networks, FireEye, CyberArk, BeyondTrust, Leiberman Software, Checkpoint Software, CrowdStrike, Palantir Technologies, Kasperky Labs, Tripwire, HP, EY, PwC, DarkTrace, Lockheed Martin, BAE Systems, Tanium, BAH etc. etc.) has a clue as to the answer AND can help the world accurately answer these 10 basic, essential questions, let me know.

Organizations that do NOT have answers to these basic 10 cyber security 101 questions CANNOT be considered secure today.

Best wishes,
Sanjay