In the last few years, organisations are seeing a spectacular rise in Pass-The-Ticket and Pass-The-Hash attacks. This kind of attack allows for credential theft through vulnerabilities present in Windows and Active Directory systems.
With the design and implementation of a tiered administration model within Active Directory and the use of Privilege Access Workstations, this risk can be effectively mitigated.
Without this kind of model, an adversary could very easily and quickly steal all the credentials to a companies Active Directory.
The Tier model is composed of three levels and only includes administrative accounts, not standard user accounts:
Tier 0 – Direct Control of enterprise identities in the environment. Tier 0 includes accounts, groups, and other assets that have direct or indirect administrative control of the Active Directory forest, domains, or domain controllers, and all the assets in it. The security sensitivity of all Tier 0 assets is equivalent as they are all effectively in control of each other.
Tier 1 – Control of enterprise servers and applications. Tier 1 assets include server operating systems, cloud services, and enterprise applications. Tier 1 administrator accounts have administrative control of a significant amount of business value that is hosted on these assets. A common example role is server administrators who maintain these operating systems with the ability to impact all enterprise services.
Tier 2 – Control of user workstations and devices. Tier 2 administrator accounts have administrative control of a significant amount of business value that is hosted on user workstations and devices. Examples include Help Desk and computer support administrators because they can impact the integrity of almost any user data.
Symbiosys has designed and implemented a number of these models, along with Bastion Forests, Privilege Access Workstations and related security measures.
Please reach out to us and we will gladly assist in helping you understand your businesses Active Directory risk and how to manage and mitigate it.