Upload File

Download - Auditing Active Directory

Transcript
Page 1: Auditing Active Directory

Auditing Active Directory

By Art WahlOctober 1, 2014

Presented to the National State Auditors Association

2014 Information Technology Conference

Page 2: Auditing Active Directory

Active directory provides centralized management of network resources.

• Active directory is not the network.• Active directory is not network security.• Active directory does not secure all network resources.

2

Page 3: Auditing Active Directory

Active directory only helps secure those resources defined within the active directory domain. These resources can include:

• Workstations• Servers• Switches and Routers• Printers• Firewalls

3

Page 4: Auditing Active Directory

The computer-level security for each resource includes:

• Users and Groups• Password and Lockout Settings• Auditing and Lockout Settings• Available Services• Patch Level

4

Page 5: Auditing Active Directory

Active directory provides a centralized means to manage:

• Users and Groups• Password and Lockout Settings• Administrative Authorities

5

Page 6: Auditing Active Directory

Active directory runs on the Windows domain controllers.

• Domain controllers have no separate:– Users and Groups– Password and Lockout Policies

6

Page 7: Auditing Active Directory

Domain controllers should be dedicated.

• The domain controller could be compromised if another service is compromised.

• Nondedicated domain controllers can also lead to inappropriate individuals with domain administrative authority.

7

Page 8: Auditing Active Directory

Active directory structure includes forests, trees, and domains.

• Due to a Security Identifier (SID) filtering flaw, any domain admin can assume authority anywhere in the forest:– Enterprise Admins– Schema Admins– Domain Admins– Default Administrators Group

8

Page 9: Auditing Active Directory

Domain trusts allow access to users from trusted domains.

• Two-Way Trusts • One-Way Trusts• Transitive Trusts

9

Page 10: Auditing Active Directory

Administrators from trusted domains could have rogue administrative access.

• SID filtering between the trusted domain is required to prevent administrative access from the trusted domain.

10

Page 11: Auditing Active Directory

Password and lockout policy is usually controlled at the domain level.

• Fine-grain password policies can be defined in the domain.

11

Page 12: Auditing Active Directory

Groups are used to grant rights to objects such as users.

• Organizational units are used to apply policies to or grant administrative authority over objects such as users or computers.

12

Page 13: Auditing Active Directory

Group policy objects are used to apply policies and security settings to the objects in organizational units.

• The Group Policy Results Wizard can be used to generate a report of security settings applied to the domain or individual users:– Password and Lockout Settings– Screen Saver Timeout Settings– Logging Settings– Permissions

13

Page 14: Auditing Active Directory

The advanced security settings for an organizational unit can be used to identify specific permissions over the organizational

units.

• Resetting Passwords• Full Control

14

Page 15: Auditing Active Directory

Questions?

Contact:[email protected]

15

mailto:[email protected]

Top Related

Active Directory and Windows - oracle.com · Active Directory for Name Resolution Overview •Store and resolve Net names through Active Directory –Active Directory is used instead
Active Directory and Windows - oracle.com · Active Directory for Name Resolution Overview •Store and resolve Net names through Active Directory –Active Directory is used instead
Change Auditor Office 365 and Azure Active Directory ... · Office 365 and Azure Active Directory Auditing Overview 5 System overview To audit Office 365 and Azure Active Directory,
Change Auditor Office 365 and Azure Active Directory ... · Office 365 and Azure Active Directory Auditing Overview 5 System overview To audit Office 365 and Azure Active Directory,
whitepaper True Continuous Auditing for Active … Continuous Auditing for Active Directory ... Notes taken from interview with administrator Company documentation regarding security
whitepaper True Continuous Auditing for Active … Continuous Auditing for Active Directory ... Notes taken from interview with administrator Company documentation regarding security
Beyond the MCSE: Active Directory for the Security …...Administration There are several methods for interactive with Active Directory. Active Directory Users & Computers Active Directory
Beyond the MCSE: Active Directory for the Security …...Administration There are several methods for interactive with Active Directory. Active Directory Users & Computers Active Directory
Splunk for Monitoring and Auditing Active Directory
Splunk for Monitoring and Auditing Active Directory
Integrate Active Directory Audit...7 Active Directory Audit Figure 6 9. Click on Apply and then OK. 10. Now the auditing is enabled for Kerberos Authentication Services . 11. In the
Integrate Active Directory Audit...7 Active Directory Audit Figure 6 9. Click on Apply and then OK. 10. Now the auditing is enabled for Kerberos Authentication Services . 11. In the
Active Directory Troubleshooting, Auditing, and Best Practices · Best Practices 2011 Edition. The Definitive Guide to Active Directory Troubleshooting, Auditing, and Best Practices
Active Directory Troubleshooting, Auditing, and Best Practices · Best Practices 2011 Edition. The Definitive Guide to Active Directory Troubleshooting, Auditing, and Best Practices
Active Directory Upgrade - cisco.com · Active Directory Upgrade • MigrateActiveDirectoryandDNS,page1 • UpgradeActiveDirectoryandDNS,page5 Migrate Active Directory and DNS
Active Directory Upgrade - cisco.com · Active Directory Upgrade • MigrateActiveDirectoryandDNS,page1 • UpgradeActiveDirectoryandDNS,page5 Migrate Active Directory and DNS