Azure Active Directory (Azure AD) – A cloud-based identity and access management service.
- Helps organizations manage users, groups, and access to applications.
- Provides secure authentication, authorization, and identity management across cloud and on-premises resources.
¶ Azure Active Directory Domain Services (Azure AD DS)
- Cloud-based implementation of traditional domain services.
- Provides domain join, group policy, Kerberos/NTLM authentication without deploying domain controllers in the cloud.
- A method of authenticating to multiple applications or resources with one set of credentials.
- Improves security by reducing password fatigue and limiting credential reuse.
A digital certificate (public key certificate) establishes a cryptographic link between the owner of a public key and their identity.
- Used for authentication and encryption during secure communications.
- Verifies a website’s legitimacy when connecting to a webserver (e.g., HTTPS).
- Contains:
- Metadata about the certificate holder
- Identity information
- Public key information
- Digital signature from the issuing Certificate Authority
Non-repudiation – Ensures that an entity cannot deny the authenticity of their digital signature or message.
- An entity entrusted to issue certificates.
- Acts as a trusted third party for both the certificate owner and relying parties.
- Security depends heavily on the credibility and trustworthiness of the CA.
- A third-party entity authorized by a CA to verify user requests for digital certificates.
- Validates identity information and forwards verified requests to the CA for issuance.
Privileged accounts are user accounts with elevated permissions beyond standard users.
- Allow significant changes to systems (e.g., modifying configurations).
- Best Practices:
- Uniquely named with an admin identifier
- Closely monitored and audited
- Service accounts should not allow interactive login
- High-level access must be tightly controlled
- Passwords rarely change (risk factor) → should use managed solutions like Privileged Access Management (PAM)
- Common targets for attackers
¶ Domain Administrator
- Highest-level Active Directory account.
- Full control of the AD domain, data, and devices.
- Should only be used when absolutely necessary.
Ransomware – Malware that encrypts user data and demands payment for decryption.
Infection Vectors:
- Malicious email attachments/links (phishing)
- Compromised websites
- Exposed Remote Desktop Protocol (RDP)
- Drive-by downloads
Attack Lifecycle:
- Infection
- Execution
- Encryption of files/data
- Ransom demand displayed
- Payout and possible (but not guaranteed) recovery
Impacts:
- Financial loss
- Data loss
- Reputational damage
- Legal liabilities
- Operational disruptions
- Local Computer – Certificates available system-wide, managed by administrators.
- Current User – Certificates available only to the logged-in user.