Securing the Active Directory through breach assessment

Misconfigurations or vulnerabilities in your Active Directory domain can lead to breaches that can be disruptive for your business. You can protect your AD through preemptive measures such as detecting and assessing the AD misconfigurations and vulnerabilities. Use the Symantec Breach Assessment tool to assess breaches or misconfigurations in your AD environment from the HTML report that the tool generates. The tool performs reconnaissance activity just like an attacker by hunting down the admin accounts and by exploiting the exposed accounts. The Breach Assessment tool uses the capability of Symantec's Endpoint Threat Defense for Active Directory product to generate the comprehensive report of the assessment findings.
The Breach Assessment tool requires a
Symantec Endpoint Security
Complete subscription.
To download and run the Breach Assessment tool
  1. Go to the
    Quick Setup
    page of the console and click
    Breach Assessment
    .
  2. In the
    Take the Tour
    step, watch the video on the overview of the Breach Assessment tool and then click
    Next
    ..
  3. In the
    Download Tool
    step, click
    Download
    .
    This downloads the Breach_Assesment_2.0.zip on your device.
  4. Unzip and run the
    BAssess.exe
    executable from any domain computer that is logged in as a domain user.
  5. The tool runs on the device user account's AD domain. After the tool completes the assessment, an HTML breach report is generated in the same directory where the Breach Assessment executable is located.
The HTML report provides the following information:
  • A list of all privileged and service accounts, domain computers, and servers that are in the AD.
  • A list of the domain controllers in the AD and information about the trust relationships between the domain controllers.
  • A notification of the vulnerabilities that exist in your AD domain. For example, vulnerabilities caused by Unsecured LDAP bind, Net Session Recon or allowing Anonymous LDAP or SAM queries.
  • A notification of service accounts in your domain that are vulnerable to Kerberos attacks.
  • You are notified if you are exposed to other attacks such as Local Admin Traversal or if AD sensitive credentials are being stored on endpoints.
  • A notification of any possible backdoors in the AD or powerful unsecured domain objects.
  • You are notified of vulnerabilities such as Possible DNS Response Poisoning using Wildcards or Powerful Unsecured Domain Objects.