• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

IT security under attack: Why are group memberships so crucial?

December 21, 2020
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Releases Azure Firewall Premium in Public Preview

February 26, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

February 25, 2021
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

February 23, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

February 22, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Monday, March 1, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Microsoft To Build New Azure Cloud Data Centers In Greece

    NTT completes Microsoft security project for Indonesian mobile operator

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Innovative solutions for IT workers at home

    How to Sync On-Premise Active Directory Passwords with Office 365 and Google Apps in Real-Time

    Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

    Azure Defender is now available for all IoT and OT devices

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Google and Microsoft ID Group Targeting Security Researchers

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News

IT security under attack: Why are group memberships so crucial?

by AZURE SECURITY NEWS EDITOR
December 21, 2020
in News
0
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Security groups either make or break your IT security. Group memberships are responsible for administrative access in your your network and define access to other privileged resources and data on your domain. Ever wondered how a simple misconfiguration of a group membership could lead to a security incident? This blog elaborates the most common misconfiguration or security loopholes that can cause damage to the sensitive data in your network.

The anatomy of groups and memberships

Group memberships, both in Active Directory and Azure AD are extremely underrated when it comes to security. Memberships are often modified by administrators, help desks, and department managers.

 Here are the various ways by which group memberships can be misconfigured in AD or Azure.

  1. Nested and indirect group memberships

Adding a group as a member of another group is called nesting. For instance, there can be one or more security groups added to the Admin Group. Though the changes to this Admin Group are continuously monitored, it can still cause a security loophole when changes to the Nested Group are not watched.

 Malicious insiders or external attackers can easily add members to the nested or indirect group and gain access to sensitive data, as the Nested Group is a part of the Admin Group. To overcome this challenge, enterprises should adopt a Zero Trust policy to grant only the required level of access to users.

Before we look into the various other ways groups can be misconfigured, let’s take a look at how group membership changes can be audited in AD.

After you enable the required audit policies in AD to audit group memberships, any membership change on any type of group in your AD domain will be audited and recorded in the security tab of the Windows Event Viewer on your Domain controllers (DCs).

 However, monitoring changes to groups is not that simple, because every other security change on the AD domain like changes to permissions, files, and folders along with logon and logoff activities are dumped into the same location (i.e., the security tab of Event Viewer). We have to look through all these security events using the respective Event IDs that denote changes to group modification.

Different events and IDs are recorded based on the scope of groups and operations performed, group creation, permission changes, and membership changes, which makes sorting through group changes extremely tedious and time-consuming.

   2. Groups are more than just security groups

Security groups are the only groups that can dictate access to resources, but there are also various other types of groups in AD and Azure that grant access to other network resources.

  • Security groups across DCs and universal groups: If you own a multi-DC environment, then you may already be aware of these groups. There are default admin groups like DNSadmins, domain admins, and enterprise admins, which allow users to manage various components of your AD domain. Universal groups enable you to define roles or manage resources that span more than one domain.
  • Other platform groups: Any group created by a third-party service can dictate access to that service. For example:
    • On-premises AD groups are used to access Azure resources.
    • Exchange Server group: By default, this group has the right to clear the security log of the domain. Any malicious user who is a member of this group can easily erase the security log of the domain thus eliminating all traces of malicious activities.
    • Exchange Windows Permissions group: Has write DACL control over the domain DNS node. Any user with permissions over the domain DNS node can modify and take control of every object in the domain.

Read more about how permissions on your domain DNS in AD can be exploited here.

 Azure AD security groups and Microsoft 365 groups: Azure AD and Microsoft 365 groups are pivotal to managing resources in Azure AD.

  • Security groups are used to manage members’ and computers’ access to shared resources for a group of users in Azure.
  • Microsoft 365 groups provide collaboration by giving members access to a shared mailbox, calendar, files, SharePoint sites, and more.

 Let’s take a look at group membership auditing in Azure AD.

 Azure AD Audit logs

Just like Windows Event Viewer in on-premises Active Directory, Azure AD also has a central location where audit logs are stored. These audit logs record directory-based changes such as changes to users, groups, and applications.

Fortunately, Azure AD offers more sorting and filtering options compared to on-premises AD. For instance, you can filter security events based on time, operation, and more.

 However, the audit logs don’t offer a bird’s-eye view of security changes. For example, let’s assume you want to find out a list of security groups that were modified in your Azure AD. You will have to open and check every single log to determine which group was modified, which is neither quick nor easy.  Let’s take a look other possible ways to audit security events in Azure AD.

 Microsoft 365 Unified Audit Logs

Microsoft has provided a  solution for the above stated issue via the unified audit log in its Security & Compliance Center. However, this solution isn’t efficient.

As you can see from the image above, the Security & Compliance Center has an audit log search feature that allows you to search and filter audit logs. Sounds great, right? Not exactly! If you want to further analyze the event, the details will be in JSON format when you open it. The only way to analyze this data is to export the JSON log data, and filter it using Microsoft Excel.

As you can see, although the filtering options are significantly better, the auditing and analysis challenges you face in a typical on-premises AD infrastructure also exist in Azure! On top of that, both Azure AD and Microsoft 365 store logs only for a short time period of 30 and 90 days respectively, which makes it difficult to conduct forensic analysis.

Timely capture and analysis of security group membership changes is the need of the hour. Although the native options capture sensitive events on time, the limited sorting and searching capabilities make analyzing these events challenging. Sometimes, detecting a membership change is not enough. Your organization should have a real-time alert mechanism and a mitigation action in place to counter any unauthorized group membership changes.

Reference:https://securityboulevard.com/2020/12/it-security-under-attack-why-are-group-memberships-so-crucial/

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

by AZURE SECURITY NEWS EDITOR
February 26, 2021
0

Microsoft is boosting its industry-cloud solutions with the announcement of three new programs. To help get these new Azure offerings...

Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

by AZURE SECURITY NEWS EDITOR
February 26, 2021
0

 Privacera, the cloud data governance and security leader founded by the creators of Apache Ranger™, today announced a technology partnership...

Innovative solutions for IT workers at home

What is database encryption?

by AZURE SECURITY NEWS EDITOR
February 26, 2021
0

Database encryption protects sensitive information by scrambling the data when it’s stored, or, as it has become popular to say,...

A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

by AZURE SECURITY NEWS EDITOR
February 25, 2021
0

Latest launched research document on Global Cloud Security in Banking Market study of 111 Pages provides detailed analysis with presentable...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In