Saturday, April 15, 2023

How To Use The Microsoft Enterprise Model To Protect Your Active Directory

 


As some of you may or may not know, I have a book that is coming out next month on the Zero Trust Framework.  It deals with the topic of Quantum Physics, and how it can be used in this respect.  I also just recently signed the book contract for another one, and this will deal specifically with how to deploy the Zero Trust Framework into Microsoft Azure.

As you probably know as well, Azure is one of the Cloud deployment juggernauts, along with the likes of AWS, and Google Private Cloud.  A key component of Azure is what is known as the “Azure Active Directory”, or the “AAD” for short. 

Long story short, this is where all of the employee groups and profiles are stored, in an effort to streamline the permissions, rights, and privileging process.  Now, I am far away from being an expert on Azure, but I do know that from the standpoint of Cybersecurity, this is has always been a favored target to prey upon.

But unfortunately, there are many avenues from which a Cyberattacker can enter into the AAD in a covert fashion, so this leaves many IT Security teams scratching their heads trying to figure out how to best protect their infrastructure.  Probably one of the best ways to do this is to see what is most at risk for you, based upon what your security requirements are.  This is also known as the “Tier Zero Assets”.

So what are some of these that you should include in your list?  The following is a sampling of what you should consider:

1)     Focus on the Domain Control Groups:

This simply means to focus your attention on those objects in the AAD that have control over mission critical domains.  This does not necessarily mean something when you register a domain, but rather, a domain is something that has achieved a main of classification.  For example, you can designate your accounting department as domain, and all of the employees profiles that you put into this category would become known as the “Objects”.  This is the level in which you will also super user privileges, which are the “Privileged Accounts”.  So as you can see, looking at and carefully scrutinizing these domain control groups should become of prime importance.

2)     Look at the mission critical processes:

Remember, it is not just all about your employees.  Some of your important processes could also be contained in your AAD infrastructure as well.  For example, these could also include any computing resources that are stored On Prem or and in your Azure account.  Here are some examples of what I am talking about:

*Root Certificate Authorities

*The Azure Active Federation Services

*Azure Active Directory Connect Services

*Any other Privileged Access Management tool that you make use of, such as those offerings from CyberArk

But keep in mind that the above is not an all-inclusive list.  There are other so-called objects that could be important to your business as well, and this is where conducting an all-encompassing Risk Assessment will come into play.

3)     Automation:

At the present time, automation is a big buzzword in Cyber.  With this in mind, also comes the usage of AI and ML tools.  This is starting to become a big trend today, especially with the ChatGPT software platform that has come out from Open AI.  To keep up with all of this, all of the major Cloud providers are planning to offer their own version of this, and developing new tools that can be accessed and deployed within a matter of minutes.  In this regard, the automation of code execution processes becomes popular, given the fact that a business could have hundreds or thousands of them to run on a daily basis.  

My Thoughts On This:

As I have mentioned, what I have provided here is by no means an exhaustive list, rather, it is just to give you an idea of what to look for as you further try to protect your AAS infrastructure.  Also keep in mind that keep in mind that depending upon the size of your business, an AAD infrastructure can become quite complex. 

Therefore, it is important that your IT Security team, or even the IT Department, try to streamline it as much as possible to better protect it.

Also, it is important that you come up with a plan of attack as to how you are going to do this.  Therefore it is highly recommended that you do this in phases and steps, in order to make sure that no mistakes are made and nothing is overlooked in the end. 

A great place to use as a resource is the “Enterprise Access Model”.  It spells out in greater detail what should be deemed as a “Zero Tier” Asset.  It can be downloaded at this link:

https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-access-model

 

 

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...