Five best moments from “Hacking Active Directory” – CISO Series Video Chat

Here are five of our best moments from CISO Series Video Chat “Hacking Active Directory: An hour of critical thinking on securing the ‘keys to the kingdom.’”

Our guests for this discussion were:

Watch the full video

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Tenable

Best Bad Ideas

Congrats to Brian Colt, information security engineer, DASH Financial Technologies for winning this week’s Best Bad Idea.

Other honorable mentions go to:

“Print out copies of your entire AD and distribute it to all employees. That way if AD ever gets compromised, employees have a physical copy to go to look up employee info.” – Fred Gruhn, director, security and compliance, SMG – Service Management Group

“Rename Active Directory as Static Directory.” – Craig Hurter, director security operations, Colorado Governor’s Office of Information Technology

“Give all users Domain Administrators to save money on IT Help Desk costs.” – Jeff Baldwin, cybersecurity architect, Leidos

“Eliminate AD and instead use a physical telephone switchboard and staffed by the CEO’s teenage children as operators.” – Dutch Schwartz, principal security specialist, AWS

“Don’t use any default attributes, put everything in non-standard or extension attributes. That way you’ll just confuse the attackers.” – Matthew Thomson, principal consultant, cybersecurity, Core BTS

Unique Tip

“No users in Enterprise Admins and only 1-2 in Domain Admins. Properly assign/segment permissions. Use a password management/vault system.” – Matthew Thomson, principal consultant, cybersecurity, Core BTS

“Use the Protected Users group for your privileged accounts.” – Jason Dance, systems architect, Greenwich Associates

Quotes from the chatroom

“Automation as much as possible for IAM. HR should manage people and roles.” – Matthew Thomson, principal consultant, cybersecurity, Core BTS