Due to increasing digitization, we are unfortunately also increasingly confronted with serious threats from the Internet. Hacker attacks are becoming more and more imaginative, intelligent and, above all, individual. In the Software Internet Cluster we would like to share our expertise on this topic.
Most IT security measures are easy to implement with little to medium effort, are available free of charge or only involve low costs. It’s all about basic security, which of course can and must be additionally secured with more complex measures. When it comes to IT security, you have to assume that hackers are already active in the system and starting attacks. One speaks of a so-called “zero trust” environment. So you have to be aware that a hacker attack can also be launched from any internal device.
Separation of Power in Active Directory
with Markus Schoas from hs2n Informationstechnologie GmbH
Ing. Markus Schoas – Managing Director of hs2n Informationstechnologie GmbH
Along with Michael Satlow and Markus Huber, Markus Schoas is one of the managing directors of hs2n Informationstechnologie GmbH, which was founded in Carinthia in 2001 and focuses its services on supporting IT Infrastructure, Consulting, Product Development and individual Software Solutions for medium-sized and large companies.
Many years of project experience and a wide range of know-how combined with an innovative and creative approach make hs2n an efficient partner. The focus of the company is also strongly in the area of IT security with its own products such as XEOX, the remote monitoring and management tool, as well as its own application firewall with two-factor authentication.
Measures for the Separation of Powers in the AD
It must be avoided as far as possible that a domain administrator is compromised and the attacker gets hold of the so-called Golden Ticket! The golden ticket is the ultimate entry ticket to all system resources that are integrated into an Active Directory, as it allows the entire domain in a company to be compromised with all the necessary rights. As soon as such a Kerberos ticket gets into the hands of a hacker or hacker organization – it’s a security meltdown!
It must be made more difficult for the attacker to obtain a domain administrator’s password. It has therefore proven itself to reduce such sensitive attack surfaces. For this reason it is advisable that domain administrators can only log on to domain controllers and not to other servers or even clients within the domain.
Checklist
You have any questions or need support with the professional implementation?
We would be glad to forward your request to our IT security experts.
