Download - Auditing Active Directory
![Page 1: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/1.jpg)
Auditing Active Directory
By Art WahlOctober 1, 2014
Presented to the National State Auditors Association
2014 Information Technology Conference
![Page 2: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/2.jpg)
Active directory provides centralized management of network resources.
• Active directory is not the network.• Active directory is not network security.• Active directory does not secure all network resources.
2
![Page 3: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/3.jpg)
Active directory only helps secure those resources defined within the active directory domain. These resources can include:
• Workstations• Servers• Switches and Routers• Printers• Firewalls
3
![Page 4: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/4.jpg)
The computer-level security for each resource includes:
• Users and Groups• Password and Lockout Settings• Auditing and Lockout Settings• Available Services• Patch Level
4
![Page 5: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/5.jpg)
Active directory provides a centralized means to manage:
• Users and Groups• Password and Lockout Settings• Administrative Authorities
5
![Page 6: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/6.jpg)
Active directory runs on the Windows domain controllers.
• Domain controllers have no separate:– Users and Groups– Password and Lockout Policies
6
![Page 7: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/7.jpg)
Domain controllers should be dedicated.
• The domain controller could be compromised if another service is compromised.
• Nondedicated domain controllers can also lead to inappropriate individuals with domain administrative authority.
7
![Page 8: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/8.jpg)
Active directory structure includes forests, trees, and domains.
• Due to a Security Identifier (SID) filtering flaw, any domain admin can assume authority anywhere in the forest:– Enterprise Admins– Schema Admins– Domain Admins– Default Administrators Group
8
![Page 9: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/9.jpg)
Domain trusts allow access to users from trusted domains.
• Two-Way Trusts • One-Way Trusts• Transitive Trusts
9
![Page 10: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/10.jpg)
Administrators from trusted domains could have rogue administrative access.
• SID filtering between the trusted domain is required to prevent administrative access from the trusted domain.
10
![Page 11: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/11.jpg)
Password and lockout policy is usually controlled at the domain level.
• Fine-grain password policies can be defined in the domain.
11
![Page 12: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/12.jpg)
Groups are used to grant rights to objects such as users.
• Organizational units are used to apply policies to or grant administrative authority over objects such as users or computers.
12
![Page 13: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/13.jpg)
Group policy objects are used to apply policies and security settings to the objects in organizational units.
• The Group Policy Results Wizard can be used to generate a report of security settings applied to the domain or individual users:– Password and Lockout Settings– Screen Saver Timeout Settings– Logging Settings– Permissions
13
![Page 14: Auditing Active Directory](https://reader035.vdocument.in/reader035/viewer/2022072016/56813280550346895d991b53/html5/thumbnails/14.jpg)
The advanced security settings for an organizational unit can be used to identify specific permissions over the organizational
units.
• Resetting Passwords• Full Control
14