From Workstation to Domain Admin: Why Secure Administration isn't Secure and How to Fix it

The presentation discusses the weaknesses in current secure administration practices and provides solutions to better secure the environment.

• Organizations have upgraded their security measures, but have not done much to secure or improve the way that Active Directory is administered.
• The security controls that matter most are the ones that best protect those with the keys to the enterprise, the Active Directory administrators.
• The presentation explores common methods of administration that fail and how attackers can exploit flaws in typical Active Directory administration.
• The solution is to isolate and protect privileged credentials, provide a secure environment for admins to work in, and disrupt the common attack playbook by setting up tripwires and pathways that only authorized personnel can use.

The presenter highlights the issue of having multiple accounts with local admin rights on workstations, which can be a mix of AD accounts and local accounts. This makes it difficult to programmatically identify, monitor, and maintain a configuration without a standard naming convention for administration. The presenter suggests that by proactively managing and maintaining the environment with a standard naming convention, organizations can elevate their security to the next level.

Organizations have been forced to adapt to the new reality: Anyone can be targeted and many can be compromised.This has been the catalyst for many to tighten up operations and revamp ancient security practices. They bought boxes that blink and software that floods the SOC with alerts. Is it enough?The overwhelming answer is: No.The security controls that matter most are the ones that best protect those with the keys to the enterprise, the Active Directory administrators. With this access, an attacker can do anything they want in the environment: access all sensitive data, change access controls and security settings, embed to persist (for years), and often fully manage and control routers, switches, the virtualization platform (VMWare or Microsoft Hyper-V), and increasingly, the cloud platform.Administrators are being dragged into a new paradigm where they have to more securely administer the environment. This involves protecting privileged credentials and limiting access. Again the question is: Are the new ways to securely administer Active Directory enough to protect against attackers? Join me in this session to find out.Some of the areas explored in this talk: * Explore how common methods of administration fail.* Demonstrating how attackers can exploit flaws in typical Active Directory administration.* Highlight common mistakes organizations make when administering Active Directory.* Discuss what's required to protect admins from modern attacks.* Provide the best methods to ensure secure administration and how to get executive, operations, and security team acceptance.