University of Twente Student Theses


Proposing and Deployment of Attractive Azure AD Honeypot With Varying Security Measures To Evaluate Their Performance Against Real Attacks

Khan, Atif Mushtaq (2021) Proposing and Deployment of Attractive Azure AD Honeypot With Varying Security Measures To Evaluate Their Performance Against Real Attacks.

[img] PDF
Abstract:The popularity of Azure Active Directory (Azure AD) which is cloud-based Identity and access management (IAM) solution by Microsoft has been increasing among the companies. Azure AD provides the companies an affordable and easy-to-use service. It can be used as an identity provider for various first and third party applications and to manage the access privileges of the users in an organization. The widespread use of the Azure AD by organizations for identity and access management makes it quite lucrative for the attackers to attack and gain unlawful access to the resources. In addition its innate nature of being a cloud service makes it vulnerable to security and privacy breaches linked to the cloud. The honeypots are systems used to mimic the real system and deceive the attacker into believing that they are real systems. Honeypots are used to assist, detect and analyze attacks done on them. This is done to provide forensic information about the security breaches which can be used to provide the information about the attacks conducted on the system and how they can be prevented. For this master’s thesis, we intend to expand the application of these honeypots to Azure AD. To our knowledge this is the first time honeypots have been used with the Azure AD or cloud based IAM solutions. The honeypot is used to get the attackers to interact with the set-up and see the presence of the real-world threats that loom over the Azure AD. To achieve this goal we deployed an attractive honeypot system with various security measures depicting and representing real-world scenarios. During the thesis, we first established a set of criteria based on the previous researches that define the attractiveness of the honeypot. The proposed planned honeypot system is then evaluated for its attractiveness against those criteria. Using that knowledge we deployed a set of 3 different honeypots with varying security hardening measures to detect the presence of real-world threats. The security measures are chosen based on how the organizations usually configure their Azure AD. The credentials for each of the set-up were leaked for one week each. The analysis revealed the presence of the real-world threats experienced by the organizations, further verifying the attractiveness of the honeypot system. Finally, we compared the honeypots with varying security measures for their effectiveness against the detected threats. This provides us the valuable knowledge of how effective the security measures are against them. It was found that the MFA performed the best and was able to prevent the attacks. The default settings performed the worst and having custom security measures in place was able to perform substantially better than the default settings. We were also able to profile the attackers that inter- acted with the honeypot set-ups and how they interact with the set-up. Additionally, we were also able to point out some of the security flaws and shortcomings in the Azure AD and which remain an easy entry point for malicious users. The thesis helps in establishing the foundation stone for the usage of honeypots in the IAM solutions like Azure AD and pave way for the future researches.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Electrical Engineering MSc (60353)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page