Access to Active Directory via LDAP by intruders

G

Grigory Bondarenko2020-04-29 10:49:12

LDAP

Grigory Bondarenko, 2020-04-29 10:49:12

Access to Active Directory via LDAP by intruders - what is the threat?

We deploy the Bitrix corporate portal (box) in the company. We want to integrate it with Active Directory in order to synchronize employee accounts. To do this, you will have to open access to the domain controller on the 3268th port and register in Bitrix the login / password of the account included in the "Domain Users" group. The question is: what threatens a domain controller with hacking Bitrix? What are the attacks on the domain controller through LDAP?
Configuration: Windows Server 2012 R2

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Sasha Odarchuk, 2020-04-29
@yurybx

TS,
use LDAPS for AD&B24 communication.
Release B24 itself into the world only through the necessary ports, and even better through a reverse proxy!

A

akelsey, 2020-04-29
@akelsey

Well, firstly, they get a list of all objects:
* servers with their roles
* users with their logins
Next, the approach will be individual, there will probably be a user with the password "qweasd123" - well, there are further tactical steps - an attack on Exchange if there is, RDP if it is published and so on and so forth.

K

Karpion, 2020-04-29
@Karpion

Well, it depends on the integration scheme. If you copy information to Bitrix (this is how I understand the word "synchronization"), then when hacking Bitrix, you can steal everything that is copied there.
In addition, it is theoretically possible to open Bitrix and plant your own program there, which will intercept the user's login - then it will also be possible to steal the passwords of those who log in.
To begin with, it would be necessary to make Bitix available only in the local network, but not outside. And if you need outside - then through the VPN.
In general, it is strange to deploy a system that can be easily hacked.