The generation of optimal defense strategies in dynamic adversarial environments is crucial for cybersecurity. Recently, defense approaches based on evolutionary game theory have gained significant ...achievements. However, they would fail when facing complex networks and sophisticated attack strategies, due to the fatal drawbacks of defense strategy generation considering atomic attacks only. To relieve this issue, a generic approach for generating defense strategies using evolutionary game theory is proposed in this paper. Initially, a novel payoff quantification method for network attack-defense games based on attack graphs is designed. Innovatively, two factors concerning the decision-maker's degree of irrationality (DI) and the level of environmental security (LES) are introduced into the replicator dynamics equation to model the impacts on equilibrium solutions. Noting that Active Directory (AD) domain service is one of the most used and representative information security management system in Windows domains, from which attack graphs and paths can be plainly extracted and analyzed. Therefore, it is necessary and imperative to anchor AD to unfold the theoretical analyses and experiments validation based on a real environment. Case studies on a real-world AD network demonstrate that the proposed approach is effective and can generate stable and efficient defense strategies.
Active Directory is a directory service that provides control and integrity with a centralized management and identity management to cyber structures that expand over time and increase the number of ...devices. Protecting user credentials, corporate systems and sensitive data from unauthorized access is one of the basic principles of information security. Security monitoring of active directory environments is usually performed using signature-based detection rules. However, these rules are not always effective and sufficient, especially for attacks that resemble legitimate activities in terms of control. In this study, log correlation techniques are applied to detect lateral movement and kerberoasting attacks. Based on features from the Windows Event Log, various machine learning algorithms were used and evaluated on data from a real active directory environment. It has been implemented as detection rules for practical use on the Splunk platform, which is a Security Information and Event Management (SIEM) software. In the experimental comparison with signature-based approaches, it is observed that the proposed solution improves the detection capabilities and also reduces the number of false alarms for both attack techniques considered.
Despite its name, the small and medium-sized enterprise (SME) sector is colossal in terms of size and revenue. Defined as a business having less than 500 employees and either an annual turnover under ...£87m or a balance sheet under £75m, SMEs in the UK account for 47% of the private sector's total annual turnover, at £1.8 trillion.1 Additionally, SMEs employ 15.7 million people, which is 63% of all private sector jobs.
The small and medium-sized enterprise (SME) sector is colossal in terms of size and revenue. Given the critical role that SMEs play in the UK's economy, breaches can have a major impact.
Keeping this in mind, Sneha Paul of ManageEngine presents six ways to reinforce your SME against cyberthreats. They include analysing logs, managing Active Directory, proactive surveillance, securing the cloud, password management and firewall analysis.
Microsoft developed a hierarchical structure to provide a service related to storing information about objects through a comprehensive listing of objects on the network. Network administrators will ...create and manage users and objects within a given network or network with the specific region which in turn demands to organize the network in a proper way. As a network grows, it is required to organize a large number of users into logical groups and subgroups, while providing access control at each level, which demands use of Active Directory. Microsoft developed a hierarchical structure to provide a service related to storing information about objects through comprehensive listing of objects on the network.
Ransomware has become an increasingly popular type of malware across the past decade and continues to rise in popularity due to its high profitability. Organisations and enterprises have become prime ...targets for ransomware as they are more likely to succumb to ransom demands as part of operating expenses to counter the cost incurred from downtime. Despite the prevalence of ransomware as a threat towards organisations, there is very little information outlining how ransomware affects Windows Server environments, and particularly its proprietary domain services such as Active Directory. Hence, we aim to increase the cyber situational awareness of organisations and corporations that utilise these environments. Dynamic analysis was performed using three ransomware variants to uncover how crypto-ransomware affects Windows Server-specific services and processes. Our work outlines the practical investigation undertaken as WannaCry, TeslaCrypt, and Jigsaw were acquired and tested against several domain services. The findings showed that none of the three variants stopped the processes and decidedly left all domain services untouched. However, although the services remained operational, they became uniquely dysfunctional as ransomware encrypted the files pertaining to those services.
Information Technology revolutionized era offer several tools for creating; organizing; storing and visualization of information in libraries in various perspectives. This paper highlights the ...application of Active Directory in library and information centers. In this context, Active Directory is an extensible directory service that enables managing and storing the detailed information about each network resources efficiently and also used to record the user access count as well as the duration of time spent by the user in the library. It is also used to maintain the institutional User restriction policies in the Server-Client architecture in libraries. This paper explains the steps to deploy the User access and reporting modules, credentials to the user by using the Windows Active Directory and also explores the technical aspect of working architecture, application and its limitation in the libraries.
One of the famous directory services on the market is Active Directory (AD) by Microsoft. It consists of a set of services that work on Windows Server to manage access to networked resources. In this ...paper, an offline assessment is conducted to identify the security threats on an AD in an operational environment. The assessment and open discussion were performed, in which AD issues were first identified. This paper was written from a security auditor’s perspective, with a detailed experience report of the assessment findings and risk mitigation plan. As results, risk issues covered a variety of areas such as operational excellence, privileged computer/user accounts, trusts and forest configuration, operating system security updates, and security compliance manager (SCM) analysis. Lessons learned were also discussed as a guidance for security researchers and practitioners dealing with analogous issues in similar contexts. Such lessons included a remediation plan and formal security policies and procedures.
With the advent of the Internet of Things (IoT) era, the concept of smart office has gradually come true. To facilitate the management, IoT devices often follow authentication mechanisms as windows ...domain used, which would cause severe problems once hackers steal those credentials. This study analyzes the restriction of previous research and proposes a new technique that could cause credential leaks and organizes an attack mechanism to evaluate the most suitable strategy in various scenarios.