ZERO TRUST CONCEPT FOR ACTIVE DIRECTORY PROTECTION TO DETECT RANSOMWARE

Authors

DOI:

https://doi.org/10.28925/2663-4023.2023.22.179190

Keywords:

ransomware; unauthorized access; Active Directory; zero-trust architecture

Abstract

Abstract. This scientific article explores the approach to protecting Active Directory from threats associated with ransomware, which are becoming increasingly perilous to corporate information systems. The concept of "zero trust" in the context of Active Directory is defined as an approach aimed at eliminating trust from the security framework and constantly verifying the compliance of users and their devices with configured security policies, context, and other parameters. The article delves into methods and tools that enable the implementation of the zero trust concept within the Active Directory environment, including behavior analysis, network traffic monitoring, and the utilization of advanced security rules. The importance of combining event processing technologies and artificial intelligence for automated detection and response to abnormal activity is also investigated. The research findings indicate the potential to enhance the effectiveness of protecting Active Directory from ransomware threats and ensuring the resilience of corporate networks against them. The adoption of the zero trust concept could be a significant step in ensuring cybersecurity and maintaining the reliability of information resources in modern enterprises

Downloads

Download data is not yet available.

References

McDonald, G., et al. (2022). Ransomware: Analysing the Impact on Windows Active Directory Domain Services. Sensors, 22, 953. https://doi.org/10.3390/s22030953

Bavendiek, S. (2022). A zero trust security approach with FIDO2, preprint (Version 1) available at Research Square. https://doi.org/10.21203/rs.3.rs-2022891/v1

Stafford, V. (2020). Zero trust architecture. NIST special publication, 800, 207. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf

Ward, R., & Beyer, B. (2014). Beyondcorp: A new approach to enterprise security. https://www.usenix.org/system/files/login/articles/login_dec14_02_ward.pdf

Spear, B., Cittadini, L., & Saltonstall, M. (2016). Beyondcorp: The access proxy. https://www.usenix.org/system/files/login/articles/login_winter16_05_cittadini.pdf

Implementing a Zero Trust security model at Microsoft. Microsoft Insider Talk. https://www.microsoft.com/insidetrack/blog/implementing-a-zero-trust-security-model-at-microsoft/

Zhuravchak, D., Dudykevych, V., & Tolkachova, A. (2023). Study of the Structure of the Endpoint Detection and Response Based on the Detection and Fighting of Ransom Virus Attacks. Cyber security: education, science, technology, 3(19), 69–82. https://doi.org/10.28925/2663-4023.2023.19.6982

Zhuravchak, D. (2021). Creating a System for Preventing the Spread of Ransomware Viruses Using the Python Programming Language and the Auditd Utility Based on the Linux Operating System. Cyber security: education, science, technology, 4(12), 108–116. https://doi.org/10.28925/2663-4023.2021.12.108116

D. Zhuravchak, et al. (2021). Ransomware Prevention System Design based on File Symbolic Linking Honeypots, 2021 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), 284–287, https://doi.org/10.1109/IDAACS53288.2021.9660913

Zero trust: What it is, why you need it, and how to get started. Quest Blog. https://blog.quest.com/zero-trust-what-it-is-why-you-need-it-and-how-to-get-started/

Strengthening Active Directory security: 3 best practices for implementing a Zero Trust model. Quest Blog. https://blog.quest.com/strengthening-active-directory-security-3-best-practices-for-implementing-a-zero-trust-model/

Security rapid modernization plan. Microsoft Learn. https://learn.microsoft.com/en-us/security/privileged-access-workstations/security-rapid-modernization-plan

Downloads


Abstract views: 305

Published

2023-12-28

How to Cite

Zhuravchak, D., Hlushchenko, P., Opanovych, M., Dudykevych, V., & Piskozub, A. (2023). ZERO TRUST CONCEPT FOR ACTIVE DIRECTORY PROTECTION TO DETECT RANSOMWARE. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 2(22), 179–190. https://doi.org/10.28925/2663-4023.2023.22.179190