企业活动目录域服务安全防护措施研究

Research on Protective Measures of Enterprise Active Direcorty Domain Service

当今,随着信息技术在企业科研生产应用中的不断深入,越来越多的企业采用了集约化的网络架构及统一的管控模式,这种方法优点在于支撑业务高效运行的同时,可快速降低企业资源投入的成本.从网络安全方面来看,原有分散式的IT资产所暴露的安全风险将收敛减少,而关键节点的核心IT资产所面临的安全风险将成倍增加.如何保障企业中核心资产的网络安全,将以现实中企业应用最多的架构模式Windows域环境(活动目录域服务)为例,以攻击者视角,试图将活动目录域服务常见攻击方法进行归类,分析各个环节中各类攻击方法的特点,并针对不同特点的攻击方法,提出一种让企业依据PDCA循环,依次开展域环境加固、流量监测、日志分析及安全检查等全生命周期安全防护措施的思路,以实现降低活动目录域服务安全风险的目的.

Nowadays,with the deepening of information technology in the application of enterprise scientific research and production,more and more enterprises adopt the intensive network architecture and unified management and control mode.The advantage of this method is to support the efficient operation of the business,at the same time,it can reduce the cost of enterprise resource investment quickly.From the perspective of network security,the security risks exposed by the original decentralized IT assets will converge and reduce,while the security risks faced by the core IT assets of key nodes will increase exponentially.Regarding how to ensure the network security of core assets in enterprises,this paper will take Windows domain environment(active directory domain service),which is the most widely used architecture mode in enterprises,as an example.This paper attempts to classify the common attack methods of active directory domain services from the perspective of attackers and analyze the characteristics of various attack methods in each link,then put forward an idea that enterprises can carry out the whole life cycle security protection measures such as domain environment reinforcement,traffic monitoring,log analysis and security inspection in turn according to PDCA cycle,so as to achieve the reduction on the purpose of active directory domain service security risk.