Active Directory and insider threats

Having identified that password sharing is a gateway to internal threats, a great security risk that is rampant in UK and US organisations, what are IT professionals doing to attempt to tackle the issue?

Microsoft Active Directory’s internal security loopholes

Active Directory (AD) is the directory service included with most Windows Server operating systems, for Windows domain networks. In a Windows environment, an AD domain controller authenticates and authorises all user and computer logins.

It is very widely used; our research found that AD is used by 87% of organisations over 50 employees in size. Unfortunately, AD is not particularly well set up to tackle insider threats or password sharing.

It lacks the ability to do any of the following –

Limit or prevent concurrent logins: Users are far less likely to share their network password if they know they cannot get access while another user is using it.
Manage access restrictions: Using AD in isolation it is practically very difficult for the administrator to set rules and restrictions around when and how users access the network.
Real time monitoring: It is also virtually impossible to get a clear picture of the who, when and where of user network access.

Ultimately, using AD alone, even if IT administrators have a security policy to try and combat insider threats, it is likely to be difficult to enforce.

“Active Directory provides basic user security, checking that credentials supplied match stored user profiles and then opening up access to resources. Authenticating those credentials is another matter; for this organisations need to turn to stronger authentication techniques to ensure a user really is who they say they are.”

Bob Tarzey Analyst and Director, Quocirca