Identity Management

Companies are becoming increasingly aware of the current threat situation through the media and news. Protect your identities to ensure IT security in your company and prevent encryption. In most cases, the gateway for attackers is Microsoft's directory service, Active Directory Domain Services (AD DS). Even small measures can significantly improve security in the Active Directory. For example, local administrator passwords can be easily protected with the Microsoft Local Administrator Password Solution (LAPS). Passwords are randomly generated and stored in AD DS and protected by ACLs. Only authorized users have access to the passwords. More security in the AD DS against "Pass the Hash (PTH) or "Pass the Ticket (PTT)" attacks via viruses and Trojans is provided by the Microsoft AD Tier Model. The access model, which has been recommended since 2017, provides for the logical separation of the directory service into different protection classes. This segmentation of the AD DS includes different management levels for Domain Controller (DC) and DC close services, the provided services (fileserver,WEB, SQL, etc.), for the end devices and the users. These levels are managed through dedicated privileged accounts and workstation. This structure is an effective measure against the golden ticket attack and is always associated with the segmentation of the network into VLANs for the different protection classes. Extending the AD Tier Model to an Enterprise Access Model is especially useful when a company has established or wants to establish connectivity to the cloud. The leading AD DS is connected to the Azure Active Directory (Azure AD) and is successively transformed into a zero-trust architecture by security functions from the cloud. We can support you with all of these solutions.