AUTHENTICATION METHODS IN ACTIVE DIRECTORY AND THEIR IMPACT ON CORPORATE ENVIRONMENT SECURITY
DOI:
https://doi.org/10.28925/2663-4023.2025.28.807Keywords:
authentication methods, corporate environment protection, threat, vulnerability, cybersecurity, cyberattack, Kerberos, NTLM, cryptographic algorithmsAbstract
The article provides a comparative analysis of NTLM and Kerberos authentication mechanisms in the Active Directory environment, focusing on their architecture, typical vulnerabilities, and impact on the security of corporate IT infrastructure. A critical review of the main threats and attacks on Active Directory authentication methods is provided, providing the main characteristics and mechanisms for achieving the attacker's goal, which is largely associated with the use of outdated protocols such as NTLM, in particular Pass-the-Hash and Relay attacks. Potential risks associated with incorrect Kerberos configuration are considered, including attacks such as Kerberoasting, Golden Ticket, and access delegation. Based on the analysis of authentication methods in Active Directory, taking into account their features, vulnerabilities and current threats, recommendations have been formulated to strengthen the security of the corporate environment in terms of improving authentication policies, abandoning NTLM, implementing modern approaches to protection (strengthening Kerberos protection), implementing the Zero Trust model, using multi-factor authentication, conducting audits and continuous security monitoring, conducting regular penetration testing and Active Directory configuration audits, focusing on training administrators on secure Active Directory configuration and updates in the field of cyber threats. The proposed measures can be used as a basis for increasing the level of security of domain environments in large organizations. It has been proven that Kerberos is a more secure protocol that provides mutual authentication and uses modern cryptographic algorithms, but in case of incorrect configuration, attacks such as Kerberosting, delegation attacks and ticket manipulation are possible. So,. Effective Active Directory configuration requires a comprehensive approach to the security of authentication mechanisms.
Downloads
References
atton, B. (2021). NTLM authentication: What it is and why you should avoid using it. Quest Software. https://blog.quest.com/ntlm-authentication-what-it-is-and-why-you-should-avoid-using-it/
QOMPLX. (2020, May 29). QOMPLX Knowledge: Kerberos delegation attacks explained. QOMPLX. https://www.qomplx.com/blog/qomplx-knowledge-kerberos-delegation-attacks-explained/
Amigorena, F. (2024). Prevent lateral movement with multi-factor authentication (MFA). ISDecisions. https://www.isdecisions.com/en/blog/mfa/how-to-prevent-lateral-movement-with-mfa/
Palko, M. (2023). The evolution of Windows authentication. Windows IT Pro Blog. https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-evolution-of-windows-authentication/ba-p/3926848
Mitchell, D. (2024). Critical risks and performance impact of using NTLM v1 and SMB v1 protocols: Urgent security concerns for legacy systems. Orillia Computer. https://www.orillia-computer.ca/critical-risks-and-performance-impact-of-using-ntlm-v1-and-smb-v1-protocols
Özeren, S. (2024). What Is a Kerberoasting Attack? Automated Security Validation Platform | Picus. https://www.picussecurity.com/resource/blog/kerberoasting-attack-explained-mitre-attack-t1558.003
Steal or Forge Kerberos Tickets: Golden Ticket, Sub-technique T1558.001. Enterprise | MITRE ATT&CK®. (n.d.). MITRE ATT&CK®. https://attack.mitre.org/techniques/T1558/001/
Steal or Forge Kerberos Tickets: Silver Ticket, Sub-technique T1558.002. Enterprise MITRE ATT&CK®. (n.d.). MITRE ATT&CK®. https://attack.mitre.org/techniques/T1558/002/
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Дмитро Рабчун, Світлана Легомінова, Олександр Скрипка
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
