What to Cover in an Active Directory Security Audit?

An Active Directory Security Audit is important for the overall security and well-being of your IT infrastructure because the Active Directory stores and protects most of the important IT resources that are used to provision and control access - i.e. your user accounts, your groups, your security policies and in fact the accounts of your computers.

It is thus not only important to perform Active Directory security audits on a frequent basis (more on that in a a later post), it is also important to know that to cover in an Active Directory Security Audit. While the list is long, here is a list of some of the top things to look at -

1. Domain Controller Security - How many do you have, how secure are they, Who has access to them? etc.
2. Domain Admin Protection - How many? How are they protected? Who can list them? What tools are they using?
3. Delegated Rights - Who is delegated what access in your Active Directory? Who can do what in your  Active Directory? How do you know that for a fact?
4. Security Auditing - Which administrative tasks are you auditing? How are you collecting your audit logs?
5. Admin Tools - Which admin tools are you using? How safe are they? Who provides them? Are they built in foreign countries or in the US?
6. Directory Access- Who all have read access to your Active Directory? How much can the average user see? What can you hide from the average user (without causing app-compat issues)?

etc. etc.

As mentioned, the complete list is a litte longer, and in following blog entries, I will focus on some specifics and provide details on each of these aspects. For now, I just wanted to share this much with the intention of at least pointing you in the right direction. More to follow shortly.

Thanks,
Marc