FORT MEADE, Md. - The National Security Agency (NSA) joins the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC) and others in releasing the Cybersecurity Technical Report (CTR), “Detecting and Mitigating Active Directory Compromises.” The guidance provides prevention and detection strategies for the most prevalent techniques used to target Active Directory (AD).
Gaining control over AD gives malicious actors privileged access to all systems and users managed by AD, according to the CTR. With privileged access, malicious actors can bypass other controls and access systems, including email and file servers, and critical business applications. Malicious actors can also modify AD information to establish persistent access and remotely login to organizations, bypassing multi-factor authentication (MFA) controls.
“Like numerous other networks, Active Directory is used in many Department of Defense and Defense Industrial Base networks as a critical component for managing identities and access,” said Dave Luber, NSA Cybersecurity Director. “This makes it an attractive target for malicious actors to attempt to steal the proverbial ‘keys to the kingdom.’ Taking steps to properly defend AD from these common and advanced techniques will detect and prevent adversary activities and protect sensitive data from determined malicious cyber actors.”
First released by Microsoft in 1999, Active Directory is the most widely used authentication and authorization solution in enterprise Information Technology (IT) networks globally. This guidance addresses the most common techniques used against Active Directory Domain Services, Active Directory Federation Services, and Active Directory Certificate of Services, detailing each technique and how to mitigate it.
Read the full report here.
Visit our full library for more cybersecurity information and technical guidance.
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721