Technology / Active Directory ‘mismanagement’ leaves firms vulnerable to attacks

Active Directory ‘mismanagement’ leaves firms vulnerable to attacks

As many as nine in ten businesses could be vulnerable to cyber threats due to their mismanagement of the Microsoft Active Directory system, according to a new report.

Research by Skyport Systems found that many businesses using the network management infrastructure overly expose their administrators’ credentials, leaving them at risk from attackers.

For example, half of the organisations surveyed allowed their administrators to use the same accounts for Active Directory configuration as they do for everything else, and less than ten per cent had implemented secure administrative workstations as recommended by Microsoft.

Meanwhile, less than 25 per cent of businesses used multi-factor authentication for administrator accounts, nearly none had implemented host-based firewalls for their domain controllers and less than 15 per cent were using administrative whitelists.

Microsoft has recommendations for building enhanced security administrative environments, but the report found a lack of awareness of, and action taken on, this advice among companies.

“We know that over 90 per cent of all organisations use Active Directory to control policies for users and services,” said Russell Rice, senior director for product management at Skyport Systems. “Successful attacks against AD or admin credentials can be devastating because the blast radius reaches nearly every system in the enterprise.

“The data we collected and analysed shows that organisations need to pay more close attention to their AD infrastructure and use a modern approach to securing AD since many attack tools are widely available, effective and free.”

Security experts recommended that firms should implement better Active Directory hygiene by limiting domain admin privileges, configuring secure password policies and patching frequently.

Businesses should also ensure that administrator workstations are secure to prevent credential theft and misuse, and protect their domain controllers against insider and outsider threats.

Large and complex organisations are advised to build isolated forests for administration.