Abstract
Directory contains information about various types of objects. They are organized hierarchically into bigger logical units—containers, domains, and forests of domains. From a physical point of view, the Active Directory database includes a set of files, which can be backed up and restored. Directory is tightly integrated with Domain Name Service (DNS). DNS is required on the network for Active Directory to be installed and to function. Active Directories publish their addresses using SVR RRs, where the name of the Active Directory service is mapped to the address of the domain controller (DC) offering the service. Lightweight Directory Access Protocol (LDAP) interfaces into Active Directory provide a good point for network reconnaissance. It is possible to obtain service locations and DC addresses by listing DNS zones or querying for specific names. LDAP (especially when domain runs in a mixed mode) also provides more information about a domain than is generally desirable from the security point of view. There are many cases when features, which are secure when used standalone, when combined produce a vulnerable configuration. Some examples are DHCP servers, which can do a lot of damage to the network if their placing is not well thought out. Replication of Active Directory can also produce a lot of network traffic when incorrectly planned. It also makes configuration errors reproduce throughout whole domain or a forest, sometimes leading to denial of service-type of attacks.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
