ZERO TRUST CONCEPT FOR ACTIVE DIRECTORY PROTECTION TO DETECT RANSOMWARE
DOI:
https://doi.org/10.28925/2663-4023.2023.22.179190Keywords:
ransomware; unauthorized access; Active Directory; zero-trust architectureAbstract
Abstract. This scientific article explores the approach to protecting Active Directory from threats associated with ransomware, which are becoming increasingly perilous to corporate information systems. The concept of "zero trust" in the context of Active Directory is defined as an approach aimed at eliminating trust from the security framework and constantly verifying the compliance of users and their devices with configured security policies, context, and other parameters. The article delves into methods and tools that enable the implementation of the zero trust concept within the Active Directory environment, including behavior analysis, network traffic monitoring, and the utilization of advanced security rules. The importance of combining event processing technologies and artificial intelligence for automated detection and response to abnormal activity is also investigated. The research findings indicate the potential to enhance the effectiveness of protecting Active Directory from ransomware threats and ensuring the resilience of corporate networks against them. The adoption of the zero trust concept could be a significant step in ensuring cybersecurity and maintaining the reliability of information resources in modern enterprises
Downloads
References
McDonald, G., et al. (2022). Ransomware: Analysing the Impact on Windows Active Directory Domain Services. Sensors, 22, 953. https://doi.org/10.3390/s22030953
Bavendiek, S. (2022). A zero trust security approach with FIDO2, preprint (Version 1) available at Research Square. https://doi.org/10.21203/rs.3.rs-2022891/v1
Stafford, V. (2020). Zero trust architecture. NIST special publication, 800, 207. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
Ward, R., & Beyer, B. (2014). Beyondcorp: A new approach to enterprise security. https://www.usenix.org/system/files/login/articles/login_dec14_02_ward.pdf
Spear, B., Cittadini, L., & Saltonstall, M. (2016). Beyondcorp: The access proxy. https://www.usenix.org/system/files/login/articles/login_winter16_05_cittadini.pdf
Implementing a Zero Trust security model at Microsoft. Microsoft Insider Talk. https://www.microsoft.com/insidetrack/blog/implementing-a-zero-trust-security-model-at-microsoft/
Zhuravchak, D., Dudykevych, V., & Tolkachova, A. (2023). Study of the Structure of the Endpoint Detection and Response Based on the Detection and Fighting of Ransom Virus Attacks. Cyber security: education, science, technology, 3(19), 69–82. https://doi.org/10.28925/2663-4023.2023.19.6982
Zhuravchak, D. (2021). Creating a System for Preventing the Spread of Ransomware Viruses Using the Python Programming Language and the Auditd Utility Based on the Linux Operating System. Cyber security: education, science, technology, 4(12), 108–116. https://doi.org/10.28925/2663-4023.2021.12.108116
D. Zhuravchak, et al. (2021). Ransomware Prevention System Design based on File Symbolic Linking Honeypots, 2021 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), 284–287, https://doi.org/10.1109/IDAACS53288.2021.9660913
Zero trust: What it is, why you need it, and how to get started. Quest Blog. https://blog.quest.com/zero-trust-what-it-is-why-you-need-it-and-how-to-get-started/
Strengthening Active Directory security: 3 best practices for implementing a Zero Trust model. Quest Blog. https://blog.quest.com/strengthening-active-directory-security-3-best-practices-for-implementing-a-zero-trust-model/
Security rapid modernization plan. Microsoft Learn. https://learn.microsoft.com/en-us/security/privileged-access-workstations/security-rapid-modernization-plan
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Даниїл Журавчак, Павло Глущенко , Максим Опанович , Валерій Дудикевич , Андріян Піскозуб
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
