Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Microsoft ATA and discovering unsecure LDAP

Copper Contributor

Good day everyone,

 

I am wanting to gain a better understanding of how ATA plays a role in some of its functions.  Presently on the network we've had ATA alerting the SysAdmins that generic LDAP has been used and to switch to secure LDAP.  What I'm starting to notice is that the devices are falling off of the list after people are changing to port 636 and selecting SSL despite actually obtaining a certificate to go along with it.  

 

Am I incorrect in thinking that this is literally sending clear-text data over a port that is used for secure encrypted data?  Next time I'm in the office I will have the opportunity to run Wireshark and see if this is indeed the case but I wanted to have an open discussion about this.  I'm assuming that ATA is just checking what port is in use and reporting accordingly and doesn't do any sort of deep dive into the security piece of whether the data is actually secure/encrypted or not.  

1 Reply

@Internexus Just to be clear - This is the SA you are getting?

https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide#sensitive-accou...


If yes, this is using deep packet inspection , not just a port check...