Active Directory

Only available on StudyMode
  • Download(s) : 80
  • Published : December 3, 2012
Open Document
Text Preview
E-Guide

Expert guide to secure your Active
Directory
You probably are already aware of the importance of protecting your Active Directory, but that’s just part of the equation when it comes to securing the environment. This expert e-guide from
SearchWindowsServer.com explains the best method to use when planning and designing a security solution. Find out why it is important to also secure Group Policy settings. And discover how managed service accounts boost server security in R2.

Sponsored By:

SearchWindowsServer.com E-Guide
Expert Guide to secure your Active Directory

E-Guide

Expert Guide to secure your Active
Directory
Table of Contents
Active Directory Security Guide
Managed service accounts boost server security in R2
Resources from Dell and Microsoft

Sponsored By:

Page 2 of 10

SearchWindowsServer.com E-Guide
Expert Guide to secure your Active Directory

Active Directory Security Guide
Avoiding Active Directory security breaches
The importance of protecting your Active Directory has already been touched on in reference to DNS security. However, that is just the tip of the iceberg when it comes to maintaining a secure environment.

As far as Active Directory security best practices go, layered security is the best method to use when planning and designing a security solution. Layered security or defense in depth is the simple concept of placing your valued assets at the center of your environment and building or deploying multiple concentric circles or rings of protection around those as sets. Thus, violations to confidentiality, integrity, or availability must overcome numerous security restrictions, precautions, and protections before being able to affect your assets. While Microsoft has increased the default security within Active Directory (especially if you have a Windows Server 2003 Active Directory installation), you still need to consider additional security settings after it is installed.

Securing your domain controllers
One of the first steps you should take involves developing a solid domain controller security policy. Protecting your domain controllers is at the core of protecting your Active Directory investment. Without your domain controllers you won't have your Active Directory network infrastructure. With exposed and unprotected domain controllers you also are at risk for attackers to enumerate shared folders and usernames, giving up valuable information that can be used to further attack the network.

Therefore, it is critical that domain controllers are running and protected in order for the Active Directory environment to remain functioning and stable. To protect domain controllers, you should consider the following areas of security protection: physical access (keeping DCs in a secure location that is only accessible by the IT staff) and network access (protecting DCs from those who might attack your network).

Sponsored By:

Page 3 of 10

SearchWindowsServer.com E-Guide
Expert Guide to secure your Active Directory

As an administrator, you need to be concerned with making sure internal users have proper access and that potential intruders are frustrated in their attempts to compr omise a DC. One danger is for a person to be physically in the room and touch a DC even without any rights granted to them. Thus, if a person has physical access, he or she owns your computer, since physical access grants them control. Keeping DCs in a secure location is a simple way to ensure Active Directory security, but it is often overlooked. As far as network access is concerned, it is important not to give domain admin privileges to someone who isn't skilled enough to handle the job or to someone you 're not sure you can trust. Anyone with the ability to install/modify system files, including services/drivers (such as server operators, backup operators or print operators) owns your computer. There are many ways for this to happen. Naturally, a secure account could...
tracking img