DZone Security Zone
Active Directory (AD) is Microsoft’s identity and access management software that controls which users have access to the systems and resources on a network. It’s a popular target for attackers because getting control of AD allows them to deploy malware, steal sensitive information or do other nasty things in a way that’s very difficult for defenders to detect or block.
Making AD more secure involves fixing security flaws within the environment that allow attackers to get in – but first defenders need to identify what those flaws are. AD’s built-in tooling makes it very difficult to see which users have privileges to which systems and objects. So many security issues, even very dangerous ones, simply go unnoticed.
Read the original article: