Security is finally getting the attention that it deserves with regard to Microsoft Windows & Active Directory environments. We have turned our heads to inappropriate, weak, and soft security settings for too long. The result is that the attackers and malwares are now more successful than ever before. With attacks such as Pass-the-hash, Pass-the-ticket, and other corporate attacks that take advantage of privilege access our company assets are now at risk.
In order to fix our current security issues, we must take action. Unfortunately, the fix for our security situation is not a quick and immediate one. If we consider it took us a long time to get into this situation, it makes sense that the fix is not immediate either.
We don’t believe that the fix is software or an application. This is like putting a band aid on a finger that has been cut off. It might help for the immediate, but in the end the solution must be much more severe and more accurate. If you go with a larger, more intrusive solution, you could go with the “future” solution that Microsoft is suggesting, which is a combination of Just In Time (JIT) and Just Enough Access (JEA) to implement the correct Active Directory design and get a perfect Active Directory Hardening.