It is thus not only important to perform Active Directory security audits on a frequent basis (more on that in a a later post), it is also important to know that to cover in an Active Directory Security Audit. While the list is long, here is a list of some of the top things to look at -
- Domain Controller Security - How many do you have, how secure are they, Who has access to them? etc.
- Domain Admin Protection - How many? How are they protected? Who can list them? What tools are they using?
- Delegated Rights - Who is delegated what access in your Active Directory? Who can do what in your Active Directory? How do you know that for a fact?
- Security Auditing - Which administrative tasks are you auditing? How are you collecting your audit logs?
- Admin Tools - Which admin tools are you using? How safe are they? Who provides them? Are they built in foreign countries or in the US?
- Directory Access- Who all have read access to your Active Directory? How much can the average user see? What can you hide from the average user (without causing app-compat issues)?
As mentioned, the complete list is a litte longer, and in following blog entries, I will focus on some specifics and provide details on each of these aspects. For now, I just wanted to share this much with the intention of at least pointing you in the right direction. More to follow shortly.
Thanks,
Marc