SlideShare a Scribd company logo

Implementing Active Directory and Information Security Audit also VAPT in Financial Sector.

Download as PPTX, PDF
K
KajolPatel17

Active Directory provides centralized management of users, groups, computers and other network resources. It uses protocols like LDAP, DNS and Kerberos. Implementing Active Directory and conducting security audits like VAPT are important for the financial sector to manage access securely and identify vulnerabilities. The document discusses Active Directory components, protocols and attacks like Mimikatz and DCShadow. It also provides solutions like Azure ATP to detect attacks and recommends security best practices like access control policies and disabling unnecessary services.

Technology
1 of 35
ImplementingActive Directory and Information SecurityAudit alsoVAPT in FinancialSector. Prepared By:- Kajol Patel :RSU1808023 Guided By : Dr. Priyanka Sharma
Introduction  Digital world has opened unlimited avenues of opportunity by enabling organizations to conduct business and share information on a global basis. Active Directory Domain provides information about network resource such as users, user’s password, groups, authentication process, network printer and computer and makes the information available to users and administration. Active directory allows administrator to manage centrally all management with the help of group policy.  The presence of an information security audit increases the probability of adopting major security measures and preventing these attacks or lowering the cyber world attacks.  VAPT includes auditing the system for finding vulnerabilities, which may be exist on the system; exploit that vulnerability same as an attacker perspective and produce data which representing the system level risk.
Literature Review  In 2017, S. Sandhya1 et al, Sohini Purkayastha2 et al, Emil Joshua3 et al, Akash Deep4 et al discussing the utilizing the penetration testing approach exploitationWireshark tool and demonstrating that technique. It have additionally survived many tools for penetration testing to unravel security aspects and problems.  In 2016 year, Prashant S. Shinde1 et al, Shrikant B. Ardhapurkar2 et al explained clearly of various aspects and techniques employed in vulnerability assessment and penetration testing. Additionally concentrate area on cyber security threats awareness and importance in organization, monetary sector to stay safe.They conclude that there unit several tools obtainable forVAPT, with new vulnerability evolution existing tools must be upgraded to identify new vulnerabilities and makes them versatile and reliable so new attack signature are often known.
Literature Review  In 2016, Subarna Shakya1Abhijit Gupta2 discussing the audit aspects and challenges on system and Security Audit areas. additionally they seeks clarification from the perceptive the problems or behavior. group actionControls unit such techniques and issues that addressing group action security and focus on risk management and laptop security of the program at intervals the monetary sector and organization.  In 2015, P. C. R.V. Parmi1, discussing and implement the thought of active directory in giant organizations may face to the loss of management over user's resources and knowledge which may lead to serious security threats. Directory which is ready to then create the replication of all domain controllers within the domain. However option to store the DNS info within the AD is not obtain on DNS servers that is not a domain controller.
What isActive Directory ?  Active Directory is Microsoft's version of X.500 recommendations. It 's database and directory service , which maintains the relations ship between resources and enable them to work together. It provide centralized repository for user account information and directory authentication , authorization and assignment of right and permissions.  It store information in hierarchical tree like structure . It depends on two Internet standard one is DNS and other is LDAP. Information in Active directory can be queried by using LDAP protocol and it use Kerberos for authentication.
Active Directory Fig 1: AD structure
Do the Financial Sector Need Active Directory  Active directory is the most commonly used identity management service in the world.  95% of Fortune 1000 companies implement the service in their networks.  If I want to centrally manage access to resources such as printers, users and group.  If I want to control user accounts from one location.  If I have application that rely on Active Directory.  This concepts also used in financial sector and big organisations.
Active Directory Components  Logical Structure  Domains  Organizational units  Trees  Forests  Physical Structure  Sites  Domain controllers
Organizational units Fig 2: OU structure
Forests of Trees Fig 3:Trees structure
Protocols  LDAP Protocol  The requirement of protocols in active directory, First methodology LDAP could be used by users to search and locate a particular object like any system. LDAP makes use all keywords to carry out a search operation.  DNS Protocol  Second methodology DNS that are domain controllers it will store the data of the Active Directory which will then make the replication of all domain controller of the particular domain.
Protocols  Kerberos Mechanism  Kerberos is an authentication method that allows users to log in to an active directory domain. This authentication method provides them with a token, which an identity server can be configured to use as a contract.  So for Kerberos protocol, it’s important to consider what role each participant is authenticating with single particular authentication transaction. Fig 4: Kerberos process Fig 5: Kerberos process
Kerberos implementation
Set SPN(Service Principal Name)  The Kerberos authentication service can use an SPN to authenticate a service.
VAPT Auditing  Information Security Audit. Vulnerability Assessment and Penetration Testing Services (VAPT) ABOUT VAPT. Vulnerability Assessments are a process of identifying, quantifying, and. vulnerabilities in a system.  Steps:  Executive Report – A high level overview of the activity conducted, summary of issues identified, risk ratings and action items.  Technical Report – A detailed report explaining each issue identified, step-by-step POCs for each issue, code and configuration examples to fix the issue and reference links for further details.  Real-Time Online Dashboard – A online portal that allows your teams to monitor the audit progress in real time, take immediate actions for high risk issues, track fixes and closure status, etc.
Vulnerability Analysis  Service Account has Over-permission  In service accounts has kind of account that always provides a lot of privileges and allow services to the superjacent the actual software package. This services running beneath service incorporates a certificate in LSASS (Local security authority subsystem) which might be steal and extracted by the attacker and if the stealing credentials has admin rights then it’ll be simply compromises the whole IT infrastructure.
DCshadow attack onAD  A DCShadow attack on AD and it is design for change the directory using malicious replica of objects. During this attack, DCShadow impersonating the Domain Controller using admin rights and starts a replication process, so that changes made on one DC are synchronizing with other DCs. DCShadow creates the replication of directory Service Remote Protocol and AD Technical specification.  Mimikatz attack perform by the attacker. But it will destroyed whole DC for the active directory.  So In VAPT audit purpose we can not exploit this attack on the domain. Only we have this attack as a vulnerability.
DCshadow attack onAD  An attacker obtains Domain Admin rights and wants to make changes that will not be detected to create persistence.  Using DCShadow (a feature of Mimikatz) the attacker will register the computer it is run from (such as a workstation) as a Domain Controller in Active Directory by making changes to the AD’s Configuration schema and the workstation’s SPN values. Now AD thinks this workstation is a Domain Controller and it is trusted to replicate changes.  A change is crafted by the attacker. The workstation makes this change available to a legitimate Domain Controller through replication.  Replication is triggered by DCShadow and the change is replicated and then committed by a legitimate Domain Controller
DCshadow attack onAD  Eternalblue_doublepulser  EternalBlue Metasploit exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.  This exploit is a combination of two tools “EternalBlue” which is use as backdooring in windows and “DoublePulsar” which is used for injecting dll file with the help of payload.
DCshadow attack onAD Step 2: Get the shell Step 1: Exploit with metasploit
Mimikatz attacks Step 3: load the mimikatz attack Step 4: Perform mimikatz command Step 5: Get the hashes
High-level overview and flowchart:  Mimikatz will execute the DCShadow attack as a three step process: (1) it will set these SPN’s as part of the DCShadow functionality, (2) it will temporarily host the necessary RPC functions required by MS-DRSR process to serve the illegitimate data for outbound replication, and (2) as a last step, Mimikatz will force replication through the RPC Server. Fig 6: Process of Attack
Solution  AdvancedThreat Protection (ATP) to the rescue  The successor to Microsoft ATA, Microsoft’s solution for protecting your Active Directory, is now called Azure ATP. It does not rely on events that get forwarded from your domain controller, but instead uses its own sensors that your install on your DC. This sensor does also capture events, but also looks at network traffic, in memory processes and other new methods get added as detections need them. This is why Azure ATP actually detects (potential) DCShadow attacks.
Solution Step 1: Shows the Attack
Solution Step 2: Shows the user
Solution Step 3: Shows the attack with severity
DNS Configuration
CreateUsers andGroup Policies
Disabled windows defender
Disabled windows defender
Proxy disabled policy
Proxy disabled policy
Conclusion  For existing system, in financial sector there would many vulnerabilities occurred due to access privileges mechanism. So for the best solution is to implement active directory environment and performing information security audit and VAPT for financial sector and it can provides the help from the inside and outside cyber-attacks.
References 1) Implementation in anAdvanced Authentication Method Within Microsoft Active Directory Network Services,by D. J. R. K. Jaroslav Kadlec, 2) http://doece.pcampus.edu.np/index.php/prof-dr-subarna-shakya/ 3) https://www.morganclaypool.com/doi/abs/10.2200/S00240ED1V01 Y200912DMK002 4) https://docs.microsoft.com/en-us/security- updates/SecurityBulletinSummaries/2007/ms07-jul 5) https://www.researchgate.net/publication/335803762_Cyber_Defe nce_A_Hybrid_Approach_for_Information_Gathering_and_Vulner ability_Assessment_of_Web_Application_Cyberdrone 6) https://www.vutbr.cz/vav/projekty/detail/18799 7) http://icil.uniroma2.it/wp-content/uploads/2019/06/The-Support- of-Strategy-Consulting-To-Italian-SMEs-In-Regaining- Competitiveness-in-the-IT-Sector.docx 8) https://ieeexplore.ieee.org/document/8014711/?section=abstract 9) https://www.researchgate.net/publication/254004698_Mitigating_ Program_Security_Vulnerabilities_Approaches_and_Challenges
Implementing Active Directory and Information Security Audit also VAPT in Financial Sector.

Recommended

cloud computing preservity
cloud computing preservitycloud computing preservity
cloud computing preservity
chennuruvishnu
 
Final review presentation
Final review presentationFinal review presentation
Final review presentationRahid Abdul Kalam
 
Towards secure & dependable storage services in cloud computing
Towards secure & dependable storage services in cloud computingTowards secure & dependable storage services in cloud computing
Towards secure & dependable storage services in cloud computingRahid Abdul Kalam
 
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENTINTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
ijccsa
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Chema Alonso
 
111906665 ensuring-distributed-accountability-for-data-sharing-in-the-cloud
111906665 ensuring-distributed-accountability-for-data-sharing-in-the-cloud111906665 ensuring-distributed-accountability-for-data-sharing-in-the-cloud
111906665 ensuring-distributed-accountability-for-data-sharing-in-the-cloudNag Nani
 
Ensuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the CloudEnsuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the Cloud
Suraj Mehta
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 

Recommended

cloud computing preservity
cloud computing preservitycloud computing preservity
cloud computing preservity
chennuruvishnu
 
Final review presentation
Final review presentationFinal review presentation
Final review presentationRahid Abdul Kalam
 
Towards secure & dependable storage services in cloud computing
Towards secure & dependable storage services in cloud computingTowards secure & dependable storage services in cloud computing
Towards secure & dependable storage services in cloud computingRahid Abdul Kalam
 
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENTINTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
INTRUSION DETECTION AND MARKING TRANSACTIONS IN A CLOUD OF DATABASES ENVIRONMENT
ijccsa
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Chema Alonso
 
111906665 ensuring-distributed-accountability-for-data-sharing-in-the-cloud
111906665 ensuring-distributed-accountability-for-data-sharing-in-the-cloud111906665 ensuring-distributed-accountability-for-data-sharing-in-the-cloud
111906665 ensuring-distributed-accountability-for-data-sharing-in-the-cloudNag Nani
 
Ensuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the CloudEnsuring Distributed Accountability in the Cloud
Ensuring Distributed Accountability in the Cloud
Suraj Mehta
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 
Best Practices for Securing Active Directory v2.0
Best Practices for Securing Active Directory v2.0Best Practices for Securing Active Directory v2.0
Best Practices for Securing Active Directory v2.0Danny Wong
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
Towards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudTowards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudsibidlegend
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Security
ijsrd.com
 
Secerno SQLagile datasheet
Secerno SQLagile datasheetSecerno SQLagile datasheet
Secerno SQLagile datasheetPaul Tompsett
 
Debakshi_Chakraborty _CV
Debakshi_Chakraborty _CVDebakshi_Chakraborty _CV
Debakshi_Chakraborty _CVdebakshi chakraborty
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guarantees
Kamal Spring
 
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET Journal
 
Ensuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudEnsuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudGowthami Konakanchi
 
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET Journal
 
Ch18-Software Engineering 9
Ch18-Software Engineering 9Ch18-Software Engineering 9
Ch18-Software Engineering 9Ian Sommerville
 
IRJET - Confidential Image De-Duplication in Cloud Storage
IRJET - Confidential Image De-Duplication in Cloud StorageIRJET - Confidential Image De-Duplication in Cloud Storage
IRJET - Confidential Image De-Duplication in Cloud Storage
IRJET Journal
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Girish Chandra
 
Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)
Jishnu Pradeep
 
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATIONFRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
ijiert bestjournal
 
Oruta project report
Oruta project reportOruta project report
Oruta project report
Manasa Chowdary
 
Double guard synopsis
Double guard synopsisDouble guard synopsis
Double guard synopsis
manju5162
 
Insuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud EnvironmentInsuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud Environment
Editor IJCATR
 
SANS 20 Security Controls
SANS 20 Security ControlsSANS 20 Security Controls
SANS 20 Security ControlsCasey Wimmer
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Model
tom termini
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
IJERD Editor
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
Aryan G
 

More Related Content

What's hot

Best Practices for Securing Active Directory v2.0
Best Practices for Securing Active Directory v2.0Best Practices for Securing Active Directory v2.0
Best Practices for Securing Active Directory v2.0Danny Wong
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
Towards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudTowards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudsibidlegend
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Security
ijsrd.com
 
Secerno SQLagile datasheet
Secerno SQLagile datasheetSecerno SQLagile datasheet
Secerno SQLagile datasheetPaul Tompsett
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guarantees
Kamal Spring
 
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET Journal
 
Ensuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudEnsuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudGowthami Konakanchi
 
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET Journal
 
Ch18-Software Engineering 9
Ch18-Software Engineering 9Ch18-Software Engineering 9
Ch18-Software Engineering 9Ian Sommerville
 
IRJET - Confidential Image De-Duplication in Cloud Storage
IRJET - Confidential Image De-Duplication in Cloud StorageIRJET - Confidential Image De-Duplication in Cloud Storage
IRJET - Confidential Image De-Duplication in Cloud Storage
IRJET Journal
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Girish Chandra
 
Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)
Jishnu Pradeep
 
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATIONFRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
ijiert bestjournal
 
Oruta project report
Oruta project reportOruta project report
Oruta project report
Manasa Chowdary
 
Double guard synopsis
Double guard synopsisDouble guard synopsis
Double guard synopsis
manju5162
 
Insuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud EnvironmentInsuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud Environment
Editor IJCATR
 

What's hot (18)

Best Practices for Securing Active Directory v2.0
Best Practices for Securing Active Directory v2.0Best Practices for Securing Active Directory v2.0
Best Practices for Securing Active Directory v2.0
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
 
Towards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloudTowards secure and dependable storage service in cloud
Towards secure and dependable storage service in cloud
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Security
 
Secerno SQLagile datasheet
Secerno SQLagile datasheetSecerno SQLagile datasheet
Secerno SQLagile datasheet
 
Debakshi_Chakraborty _CV
Debakshi_Chakraborty _CVDebakshi_Chakraborty _CV
Debakshi_Chakraborty _CV
 
Providing user security guarantees
Providing user security guaranteesProviding user security guarantees
Providing user security guarantees
 
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
IRJET- Continuous Auditing Approach to the Cloud Service Addressing Attri...
 
Ensuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudEnsuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloud
 
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
 
Ch18-Software Engineering 9
Ch18-Software Engineering 9Ch18-Software Engineering 9
Ch18-Software Engineering 9
 
IRJET - Confidential Image De-Duplication in Cloud Storage
IRJET - Confidential Image De-Duplication in Cloud StorageIRJET - Confidential Image De-Duplication in Cloud Storage
IRJET - Confidential Image De-Duplication in Cloud Storage
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud Privacy Preserving Public Auditing for Data Storage Security in Cloud
Privacy Preserving Public Auditing for Data Storage Security in Cloud
 
Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)
 
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATIONFRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
 
Oruta project report
Oruta project reportOruta project report
Oruta project report
 
Double guard synopsis
Double guard synopsisDouble guard synopsis
Double guard synopsis
 
Insuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud EnvironmentInsuring Security for Outsourced Data Stored in Cloud Environment
Insuring Security for Outsourced Data Stored in Cloud Environment
 

Similar to Implementing Active Directory and Information Security Audit also VAPT in Financial Sector.

SANS 20 Security Controls
SANS 20 Security ControlsSANS 20 Security Controls
SANS 20 Security ControlsCasey Wimmer
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Model
tom termini
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
IJERD Editor
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
Aryan G
 
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
neirew J
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Robert donald resume iam 1
Robert donald resume iam 1Robert donald resume iam 1
Robert donald resume iam 1
Robert Donald
 
publishable paper
publishable paperpublishable paper
publishable paper
chaitanya451336
 
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET Journal
 
Internship msc cs
Internship msc csInternship msc cs
Internship msc cs
Pooja Bhojwani
 
McAfee CDCR Case Study
McAfee CDCR Case StudyMcAfee CDCR Case Study
McAfee CDCR Case Studyjoepanora
 
IRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET- Security Attacks Detection in Cloud using Machine Learning AlgorithmsIRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET Journal
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
Rahmat Suhatman
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
sarah david
 
Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access method
International Journal of Engineering Inventions www.ijeijournal.com
 
Data Base
Data BaseData Base
Data Base
Susan Tullis
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
sarah david
 
Cloud Resource Management
Cloud Resource ManagementCloud Resource Management
Cloud Resource Management
NASIRSAYYED4
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing
IRJET Journal
 
Indexing Building Evaluation Criteria
Indexing Building Evaluation CriteriaIndexing Building Evaluation Criteria
Indexing Building Evaluation Criteria
IJERA Editor
 

Similar to Implementing Active Directory and Information Security Audit also VAPT in Financial Sector. (20)

SANS 20 Security Controls
SANS 20 Security ControlsSANS 20 Security Controls
SANS 20 Security Controls
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Model
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
Intrusion Detection and Marking Transactions in a Cloud of Databases Environm...
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
Robert donald resume iam 1
Robert donald resume iam 1Robert donald resume iam 1
Robert donald resume iam 1
 
publishable paper
publishable paperpublishable paper
publishable paper
 
IRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in CloudIRJET- Developing an Algorithm to Detect Malware in Cloud
IRJET- Developing an Algorithm to Detect Malware in Cloud
 
Internship msc cs
Internship msc csInternship msc cs
Internship msc cs
 
McAfee CDCR Case Study
McAfee CDCR Case StudyMcAfee CDCR Case Study
McAfee CDCR Case Study
 
IRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET- Security Attacks Detection in Cloud using Machine Learning AlgorithmsIRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
IRJET- Security Attacks Detection in Cloud using Machine Learning Algorithms
 
NSA and PT
NSA and PTNSA and PT
NSA and PT
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access method
 
Data Base
Data BaseData Base
Data Base
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
Cloud Resource Management
Cloud Resource ManagementCloud Resource Management
Cloud Resource Management
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing
 
Indexing Building Evaluation Criteria
Indexing Building Evaluation CriteriaIndexing Building Evaluation Criteria
Indexing Building Evaluation Criteria
 

Recently uploaded

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 

Recently uploaded (20)

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 

Implementing Active Directory and Information Security Audit also VAPT in Financial Sector.

  • 1. ImplementingActive Directory and Information SecurityAudit alsoVAPT in FinancialSector. Prepared By:- Kajol Patel :RSU1808023 Guided By : Dr. Priyanka Sharma
  • 2. Introduction  Digital world has opened unlimited avenues of opportunity by enabling organizations to conduct business and share information on a global basis. Active Directory Domain provides information about network resource such as users, user’s password, groups, authentication process, network printer and computer and makes the information available to users and administration. Active directory allows administrator to manage centrally all management with the help of group policy.  The presence of an information security audit increases the probability of adopting major security measures and preventing these attacks or lowering the cyber world attacks.  VAPT includes auditing the system for finding vulnerabilities, which may be exist on the system; exploit that vulnerability same as an attacker perspective and produce data which representing the system level risk.
  • 3. Literature Review  In 2017, S. Sandhya1 et al, Sohini Purkayastha2 et al, Emil Joshua3 et al, Akash Deep4 et al discussing the utilizing the penetration testing approach exploitationWireshark tool and demonstrating that technique. It have additionally survived many tools for penetration testing to unravel security aspects and problems.  In 2016 year, Prashant S. Shinde1 et al, Shrikant B. Ardhapurkar2 et al explained clearly of various aspects and techniques employed in vulnerability assessment and penetration testing. Additionally concentrate area on cyber security threats awareness and importance in organization, monetary sector to stay safe.They conclude that there unit several tools obtainable forVAPT, with new vulnerability evolution existing tools must be upgraded to identify new vulnerabilities and makes them versatile and reliable so new attack signature are often known.
  • 4. Literature Review  In 2016, Subarna Shakya1Abhijit Gupta2 discussing the audit aspects and challenges on system and Security Audit areas. additionally they seeks clarification from the perceptive the problems or behavior. group actionControls unit such techniques and issues that addressing group action security and focus on risk management and laptop security of the program at intervals the monetary sector and organization.  In 2015, P. C. R.V. Parmi1, discussing and implement the thought of active directory in giant organizations may face to the loss of management over user's resources and knowledge which may lead to serious security threats. Directory which is ready to then create the replication of all domain controllers within the domain. However option to store the DNS info within the AD is not obtain on DNS servers that is not a domain controller.
  • 5. What isActive Directory ?  Active Directory is Microsoft's version of X.500 recommendations. It 's database and directory service , which maintains the relations ship between resources and enable them to work together. It provide centralized repository for user account information and directory authentication , authorization and assignment of right and permissions.  It store information in hierarchical tree like structure . It depends on two Internet standard one is DNS and other is LDAP. Information in Active directory can be queried by using LDAP protocol and it use Kerberos for authentication.
  • 7. Do the Financial Sector Need Active Directory  Active directory is the most commonly used identity management service in the world.  95% of Fortune 1000 companies implement the service in their networks.  If I want to centrally manage access to resources such as printers, users and group.  If I want to control user accounts from one location.  If I have application that rely on Active Directory.  This concepts also used in financial sector and big organisations.
  • 8. Active Directory Components  Logical Structure  Domains  Organizational units  Trees  Forests  Physical Structure  Sites  Domain controllers
  • 11. Protocols  LDAP Protocol  The requirement of protocols in active directory, First methodology LDAP could be used by users to search and locate a particular object like any system. LDAP makes use all keywords to carry out a search operation.  DNS Protocol  Second methodology DNS that are domain controllers it will store the data of the Active Directory which will then make the replication of all domain controller of the particular domain.
  • 12. Protocols  Kerberos Mechanism  Kerberos is an authentication method that allows users to log in to an active directory domain. This authentication method provides them with a token, which an identity server can be configured to use as a contract.  So for Kerberos protocol, it’s important to consider what role each participant is authenticating with single particular authentication transaction. Fig 4: Kerberos process Fig 5: Kerberos process
  • 14. Set SPN(Service Principal Name)  The Kerberos authentication service can use an SPN to authenticate a service.
  • 15. VAPT Auditing  Information Security Audit. Vulnerability Assessment and Penetration Testing Services (VAPT) ABOUT VAPT. Vulnerability Assessments are a process of identifying, quantifying, and. vulnerabilities in a system.  Steps:  Executive Report – A high level overview of the activity conducted, summary of issues identified, risk ratings and action items.  Technical Report – A detailed report explaining each issue identified, step-by-step POCs for each issue, code and configuration examples to fix the issue and reference links for further details.  Real-Time Online Dashboard – A online portal that allows your teams to monitor the audit progress in real time, take immediate actions for high risk issues, track fixes and closure status, etc.
  • 16. Vulnerability Analysis  Service Account has Over-permission  In service accounts has kind of account that always provides a lot of privileges and allow services to the superjacent the actual software package. This services running beneath service incorporates a certificate in LSASS (Local security authority subsystem) which might be steal and extracted by the attacker and if the stealing credentials has admin rights then it’ll be simply compromises the whole IT infrastructure.
  • 17. DCshadow attack onAD  A DCShadow attack on AD and it is design for change the directory using malicious replica of objects. During this attack, DCShadow impersonating the Domain Controller using admin rights and starts a replication process, so that changes made on one DC are synchronizing with other DCs. DCShadow creates the replication of directory Service Remote Protocol and AD Technical specification.  Mimikatz attack perform by the attacker. But it will destroyed whole DC for the active directory.  So In VAPT audit purpose we can not exploit this attack on the domain. Only we have this attack as a vulnerability.
  • 18. DCshadow attack onAD  An attacker obtains Domain Admin rights and wants to make changes that will not be detected to create persistence.  Using DCShadow (a feature of Mimikatz) the attacker will register the computer it is run from (such as a workstation) as a Domain Controller in Active Directory by making changes to the AD’s Configuration schema and the workstation’s SPN values. Now AD thinks this workstation is a Domain Controller and it is trusted to replicate changes.  A change is crafted by the attacker. The workstation makes this change available to a legitimate Domain Controller through replication.  Replication is triggered by DCShadow and the change is replicated and then committed by a legitimate Domain Controller
  • 19. DCshadow attack onAD  Eternalblue_doublepulser  EternalBlue Metasploit exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.  This exploit is a combination of two tools “EternalBlue” which is use as backdooring in windows and “DoublePulsar” which is used for injecting dll file with the help of payload.
  • 20. DCshadow attack onAD Step 2: Get the shell Step 1: Exploit with metasploit
  • 21. Mimikatz attacks Step 3: load the mimikatz attack Step 4: Perform mimikatz command Step 5: Get the hashes
  • 22. High-level overview and flowchart:  Mimikatz will execute the DCShadow attack as a three step process: (1) it will set these SPN’s as part of the DCShadow functionality, (2) it will temporarily host the necessary RPC functions required by MS-DRSR process to serve the illegitimate data for outbound replication, and (2) as a last step, Mimikatz will force replication through the RPC Server. Fig 6: Process of Attack
  • 23. Solution  AdvancedThreat Protection (ATP) to the rescue  The successor to Microsoft ATA, Microsoft’s solution for protecting your Active Directory, is now called Azure ATP. It does not rely on events that get forwarded from your domain controller, but instead uses its own sensors that your install on your DC. This sensor does also capture events, but also looks at network traffic, in memory processes and other new methods get added as detections need them. This is why Azure ATP actually detects (potential) DCShadow attacks.
  • 26. Solution Step 3: Shows the attack with severity
  • 33. Conclusion  For existing system, in financial sector there would many vulnerabilities occurred due to access privileges mechanism. So for the best solution is to implement active directory environment and performing information security audit and VAPT for financial sector and it can provides the help from the inside and outside cyber-attacks.
  • 34. References 1) Implementation in anAdvanced Authentication Method Within Microsoft Active Directory Network Services,by D. J. R. K. Jaroslav Kadlec, 2) http://doece.pcampus.edu.np/index.php/prof-dr-subarna-shakya/ 3) https://www.morganclaypool.com/doi/abs/10.2200/S00240ED1V01 Y200912DMK002 4) https://docs.microsoft.com/en-us/security- updates/SecurityBulletinSummaries/2007/ms07-jul 5) https://www.researchgate.net/publication/335803762_Cyber_Defe nce_A_Hybrid_Approach_for_Information_Gathering_and_Vulner ability_Assessment_of_Web_Application_Cyberdrone 6) https://www.vutbr.cz/vav/projekty/detail/18799 7) http://icil.uniroma2.it/wp-content/uploads/2019/06/The-Support- of-Strategy-Consulting-To-Italian-SMEs-In-Regaining- Competitiveness-in-the-IT-Sector.docx 8) https://ieeexplore.ieee.org/document/8014711/?section=abstract 9) https://www.researchgate.net/publication/254004698_Mitigating_ Program_Security_Vulnerabilities_Approaches_and_Challenges