Today, we just wanted to take a few moments to shed some light on a paramount area of organizational cyber security.
As you may know, Microsoft Active Directory is the very foundation of IT, cyber security and privileged access worldwide.
Given the foundational role that Active Directory plays in IT, cyber security and privileged access today, its own security i.e. the security afforded to an organization's mission-critical Active Directory deployment is of paramount importance.
Should an organization's foundational Active Directory be compromised, the very foundation and bedrock of its cyber security would have been compromised, and the entirety of its IT resources would be at risk of compromise.
Factually, the compromise of an organization's foundational Active Directory is tantamount to a system-wide compromise.
Active Directory Security
Active Directory Security is the area of cyber security that covers the adequate protection (security and defense) of an organization's foundational Active Directory deployments, and it usually includes the following seven (7) areas -
- Active Directory Logical Structure - Ensuring that Forest, Domain and Trust relationships are logically sound
- Domain Controller Security - Ensuring the adequate physical, system and network security is afforded to all DCs
- Privileged Account Security - Ensuring that all privileged users are accurately identified, reduced and protected
- Delegation of Administration - Ensuring that all access is delegated based on the principle of least privilege
- Active Directory Configuration Security - Ensuring the security of AD Schema, Backups, FSMOs, Replication, etc.
- Secure Administrative Practices - Ensuring admin-workstations, alt admin-accounts, trustworthy-tooling etc.
- Active Directory Threat Intelligence (to actively detect attacks against AD) and Active Directory Auditing
Active Directory Security must be a top organizational cyber security priority today because it has a direct bearing on the organization's foundational security, and thus directly impacts the foundational security of the entirety of its IT resources.
Recommended Reading
Active Directory Security is a vast subject and its adequate protection requires that organizations possess a sufficient understanding of its attack surface, and all of its components, so here's some recommended reading to get started -
- Begin with this simple Active Directory Security - An Executive Summary to understand its paramount importance.
- Next, use this simple, effective Active Directory Security Checklist to identify what areas to provide coverage for.
- Finally, use this Microsoft guide titled Best Practices for Securing Active Directory for prescriptive guidance.
Finally, you may want to review these this.
Highest Priority
It is a less known fact that virtually all major cyber security breaches including JP Morgan, Sony Hack, Target, Snowden, OPM Breach, Anthem, Avast etc., all involved the compromise/misuse of a single Active Directory privileged user account.
Consequently, the accurate identification of privileged users in Active Directory is of the highest (paramount) importance, because as evidenced above, the compromise of a single Active Directory privileged user could result in a colossal breach.
Unfortunately Microsoft's guidance on this paramount area of Active Directory Security seems insufficient and light, so we highly recommend that organizations refer to this guidance - How to Correctly Audit Privileged Access in Active Directory.
Summary
In summary, as the bedrock of an organization's IT, cyber security and privileged access, today Active Directory Security is paramount to cyber and organizational security, and thus must be an organization's highest cyber security priority.
We recommend that all organizations to learn more about and adequately implement Active Directory Security.
Best wishes,
Sanjay.
No comments:
Post a Comment