Corporate Intranet
An internal enterprise application with Active Directory integration, SharePoint, and custom line-of-business applications. This model focuses on Windows-based threats and lateral movement risks.
Network Architecture
This on-premises architecture relies heavily on Active Directory for authentication. The Identity Tier is the most critical - compromise here means full domain control.
Crown Jewel: Active Directory
Active Directory is the most valuable target in Windows environments. It controls authentication for all users, computers, and services. An attacker who compromises a Domain Admin account has complete control over the entire network. This is why the Identity Tier requires the highest level of protection.
Corporate Network
Employee workstations and VPN users. First line of attack.
Application Tier
Business applications that users interact with daily.
Identity Tier
AD and ADFS - the keys to the kingdom.