What to Cover in an Active Directory Security Audit?

An Active Directory Security Audit is important for the overall security and well-being of your IT infrastructure because the Active Directory stores and protects most of the important IT resources that are used to provision and control access - i.e. your user accounts, your groups, your security policies and in fact the accounts of your computers.

It is thus not only important to perform Active Directory security audits on a frequent basis (more on that in a a later post), it is also important to know that to cover in an Active Directory Security Audit. While the list is long, here is a list of some of the top things to look at -

1. Domain Controller Security - How many do you have, how secure are they, Who has access to them? etc.
2. Domain Admin Protection - How many? How are they protected? Who can list them? What tools are they using?
3. Delegated Rights - Who is delegated what access in your Active Directory? Who can do what in your  Active Directory? How do you know that for a fact?
4. Security Auditing - Which administrative tasks are you auditing? How are you collecting your audit logs?
5. Admin Tools - Which admin tools are you using? How safe are they? Who provides them? Are they built in foreign countries or in the US?
6. Directory Access- Who all have read access to your Active Directory? How much can the average user see? What can you hide from the average user (without causing app-compat issues)?

etc. etc.

As mentioned, the complete list is a litte longer, and in following blog entries, I will focus on some specifics and provide details on each of these aspects. For now, I just wanted to share this much with the intention of at least pointing you in the right direction. More to follow shortly.

Thanks,
Marc

Real-world Advice on How to Perform Security Audits in Active Directory

If you're into IT security you already know the importance of periodic security audits.

If you organization runs on Windows Server, you may probably also already know that Active Directory is the central repository of all user and computer accounts which employees use to logon and access IT resources on a daily basis, not to mention the security groups that are used to control access across the enterprise.

I've been performing security audits for years now, and so thought of sharing some helpful real-world advice on how to efficiently perform IT security audits, what to cover in these audits, how frequently to perform these audits and what tools to use to perform your audits.

If I can help a fellow IT admin do a better job at this, I will consider my efforts in this blog a success. Thanks and looking forward to sharing helpful insights with you - adios!

- M