What is the Active Directory scan?

Intro

An Active Directory (AD) is a directory service provided by Microsoft operating systems. It enables the network administrator of a company to centralize user and machine authentication, manage permissions, and control access to network resources.

When dealing with a company that has an AD, attackers aim to become the system administrator. By doing so, they gain control over all workstations and servers, allowing them to exploit the attack.

How does it work?

The AD scan uses the PingCastle tool to analyze the insured company's Active Directory configurations and assess their security level. It identifies:

• Outdated objects: systems that are too old or obsolete;

• Overly permissive trust relationships;

• Overly permissive user permissions;

• Anomalies, such as weak password policies.

The scan results highlight potential vulnerabilities, classified into four levels: low, medium, high, and critical. If a vulnerability is detected, the necessary remediation steps are detailed by clicking on each misconfiguration.