How can I prevent a user on the domain from launching a denial-of-service attack against Active Directory by scripting bad password attempts against every user in the domain?
Asked
Active
Viewed 27 times
0
-
Not a duplicate because I am asking about internal users, not external. – Entbark Jun 18 '14 at 16:01
-
The attack vector is the same and as such the methodologies to mitigate are as well. Whether a person be at their desk trying to log in or on a WAN via webmail the authentication still needs to be facilitated by a domain controller. – DKNUCKLES Jun 18 '14 at 16:07
-
The answers to that question may not (and do not seem to) apply here. Two-factor authentication may be OK for webmail, but doesn't work as well for thousands of users logging onto their PCs. OWA Guard doesn't apply here. We don't have a firewall for internal-only traffic to my knowledge. – Entbark Jun 18 '14 at 16:15
-
1RSA SecurID has been implemented on massive networks for years and has proven it can scale well. Your domain controllers have software based firewalls and their rules can be modified with powershell – DKNUCKLES Jun 18 '14 at 16:17