Wednesday, June 30, 2010

What to Cover in an Active Directory Security Audit?

An Active Directory Security Audit is important for the overall security and well-being of your IT infrastructure because the Active Directory stores and protects most of the important IT resources that are used to provision and control access - i.e. your user accounts, your groups, your security policies and in fact the accounts of your computers.

It is thus not only important to perform Active Directory security audits on a frequent basis (more on that in a a later post), it is also important to know that to cover in an Active Directory Security Audit. While the list is long, here is a list of some of the top things to look at -

  1. Domain Controller Security - How many do you have, how secure are they, Who has access to them? etc.
  2. Domain Admin Protection - How many? How are they protected? Who can list them? What tools are they using?
  3. Delegated Rights - Who is delegated what access in your Active Directory? Who can do what in your  Active Directory? How do you know that for a fact?
  4. Security Auditing - Which administrative tasks are you auditing? How are you collecting your audit logs?
  5. Admin Tools - Which admin tools are you using? How safe are they? Who provides them? Are they built in foreign countries or in the US?
  6. Directory Access- Who all have read access to your Active Directory? How much can the average user see? What can you hide from the average user (without causing app-compat issues)?
etc. etc.

As mentioned, the complete list is a litte longer, and in following blog entries, I will focus on some specifics and provide details on each of these aspects. For now, I just wanted to share this much with the intention of at least pointing you in the right direction. More to follow shortly.

Thanks,
Marc

1 comment:

  1. Hi Marc,

    Hope you're doing well. Hey just wanted to let you know about a cool Active Directory Security Audit Tool that I recently reviewed on my blog.

    Its called Gold Finger, and its kind of like a dedicated AD reporting and audit tool that can be used to perform security as well as access audits in AD. (Its got something like 400 inbuilt reports, and there's a Free version as well.)

    Thought you might find it valuable as you seem to be focused on AD audit and reporting. Anyway, please keep an eye out for any other free AD tools you come across, and let me know.

    By the way, I did review the free version of Gold Finger on my blog, incase you want the skinny on it. I have a hunch that you'll like it (a lot :-))

    ReplyDelete