Detection and Prevention of Attacks on Active Directory Using SIEM

Capítulo de livro

Detection and Prevention of Attacks on Active Directory Using SIEM

2020; Springer Nature; Linguagem: Inglês

10.1007/978-981-15-7062-9_53

ISSN

2190-3026

Autores

S. Muthuraj, M. Sethumadhavan, P. P. Amritha, R Santhya,

Tópico(s)

Context-Aware Activity Recognition Systems

Resumo

Active Directory is widely used in organizations to administer windows user accounts and related IT resources. It acts as centralized management to control windows based network. Attackers are focusing on compromising Active Directory Domain Services in order to take over the whole domain network. In this paper, we have studied about the detection of known attacks targeting on domain services from attacker end using SIEM and hence suggested prevention methods. SIEM's are widely used in many organizations by security analysts to monitor their network using event logs. The detection rules were designed and implemented in Splunk. The evaluations of rules and attacks are performed in a virtual environment. The proposed preventive measures will be able to resist against known attacks on active directory.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Detection and Prevention of Attacks on Active Directory Using SIEM