If you haven't performed a formal penetration test of your Windows domain controllers lately, then what better way to get your summer kicked off!? OK, it's not as relaxing as a day at the beach and won't be invigorating like a couple of hours on a personal watercraft, but it may prove to be interesting -- even downright entertaining.
It's all in your perspective
Testing for security weaknesses in domain controllers isn't that much different from testing for security weaknesses in other Windows-based systems. The basic ethical hacking methodology of reconnaissance, enumeration, vulnerability discovery and vulnerability exploitation still applies. The big difference is that your servers may be protected by a firewall and thus not accessible from the public Internet. If you have a public IP bound to your systems or are running any publicly accessible services via network address translation or port forwarding, odds are something will crop up.
The best way to get started on domain controller penetration testing is to scan your systems from the outside to see what can be discovered. I've seen domain controllers supposedly protected by a firewall that turn out to be wide open to the outside world. If you confirm that your domain controllers are not publicly accessible, then the next phase is to see what you can do from the inside -- both as an unauthenticated user who is simply attached to the network as well as an authenticated "standard user" who should only have limited rights (if any) to your domain controllers. This latter step (which is often overlooked) will show you what a rogue insider with the right tools can exploit -- often in a matter of minutes.
When pen testing domain controllers, there are certain tools to use and vulnerabilities to look out for that you may not have thought about in other security testing scenarios. The vulnerabiliti
To continue reading for free, register below or login
To read more you must become a member of SearchEnterpriseDesktop.com
es you'll find may be unique as well because, after all, domain controllers are slightly different beasts given the services they typically run. Depending on your domain controller location and configuration, the possibilities for security flaws are endless.
What to use when
Much of your security testing success depends on the quality of the tools you use. I've outlined some of my favorites in a tip about first-rate security testing tools. Here's a sampling of tools I've used in the past that worked really well for testing Windows domain controllers along with specific vulnerabilities you should test for:
Reconnaissance
Enumeration
Vulnerability discovery
Vulnerability exploitation
If you don't find any security issues with your Windows domain controllers using these methods and tools, you may feel lucky. The likely truth is you haven't looked hard enough. There's almost always something to exploit either as an external hacker or malicious insider. That said, don't feel like you've got to perform every possible test using every possible tool to start with. Penetration testing can be very complex, so build your skills, techniques and toolbox over time. Keep your skills sharp and by this time next year you'll be ready to hack and relax at your favorite summer getaway -- if that's your idea of summer fun.
About the author: Kevin Beaver, CISSP, is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Beaver has written five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, (Wiley) and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com.
