Step one to breaking into any system and causing havoc is reconnaissance. An attacker will gather as much information about your environment as possible. They’ll look for security software, and make extensive lists of anything that your systems will tell them about themselves.
Then they’ll start to look at your users. Social engineering is one of the most common ways to get into a secure network. Why break in when you can get someone to let you in? This is why training and vigilance are so necessary.
Not too far into a targeted attack, they start to access your Active Directory system. Why? Because Active Directory knows where everything is. It’s precisely what it’s designed to do.
- Network Shares
- Domain Controllers
- Routing Tables
Once they get this information, looking for places that are good to attack becomes easy. As they gain access to more systems, this process snowballs.
You are owned.
Those are words that you do not want to hear.
Now stealing information and documents becomes easy.
What are you doing to protect your active directory? Are you monitoring your Active Directory and actively securing it?