AD Security Checklist

AD_Security_Checklist

1 Limit the use of Domain Admins and other Privileged Groups

Members of Domain Admins and other privileged groups are very powerful. They can have access to the entire domain, all systems, all data, computers, laptops, and so on.

It is recommended to have no day to day user accounts in the Domain Admins group, the only exception is the default Domain Administrator account.

2 Use at least two Accounts

You should use a regular account with no administrator rights for day-to-day tasks like checking email, browsing the internet and so on. Use a secondary account when you need to perform admin tasks. Use the least privilege model, give permissions to only what is needed.

3 Secure the Domain Administrator Account

The built-in administrator account should only be used for domain setup and recovery. Set a 20+ character password on it and lock the password in a vault. No one should know the password or be using this account

4 Disable Local Administrator Account

Disable the local administrator account on all computers and use your individual domain account instead. The local admin is a well-known account that attackers will try to compromise and often has the same password on every computer. See #5 if this is not possible.

5 Use LAPS (Local Administrator Password Solution)

If you are unable to disable the local administrator account, then use Microsoft LAPS. This will set a random unique password on all computers. The password is stored in Active Directory.

6 Use a Secure Workstation for administrator tasks

Use a dedicated secure workstation for performing administrative tasks. The secure admin workstation should not have internet access or be used for checking email. Login into this workstation with your admin account not your regular account.

7 Enable Audit Policy Settings

Use group policy to set an audit policy on all computers. Malicious activity often starts on end user devices, so it is important that auditing is enabled on all computers.

8 Monitor AD Events for Compromise

Monitor changes to privileged groups, spike in bad password attempts, account lockouts, use of administrator accounts and other abnormal behavior. Recommended Tool: Security Event Log Manager

9 Use Long Passwords

If your company policy allows it, set the minimum password length to 15 characters. This is often driven by various compliance requirements.

10 Use Descriptive Security Groups

Avoid naming security groups with random or meaningless names. It is not easy tracking down where or how groups are used and better naming conventions can help. Example, N-Drive-HR-RW.

AD_Security_ChecklistDownload
Facebook
Twitter
LinkedIn
Pinterest
Constanza Rodriguez

Constanza Rodriguez

All Posts »

Leave a Reply

Your email address will not be published. Required fields are marked *

Top Recommended Posts

81 Siem Very important Use Cases for your SOC by SPLUNK
81 Siem Very important Use Cases for your SOC by SPLUNK
Better Connected
Better Connected
6 Cloud Security Basics that every CISO, CIO AND CTO should know by InstaSafe.
6 Cloud Security Basics that every CISO, CIO AND CTO should know by InstaSafe.
Cybersecurity Maritime Threats Risks
Cybersecurity Maritime Threats Risks
Applying Zero Trust Principles to Enterprise Mobility
Applying Zero Trust Principles to Enterprise Mobility
Cybersecurity of AI (Artificial intelligence) and standarisation by enisa and European Union Agency for Cybersecurity
Cybersecurity of AI (Artificial intelligence) and standarisation by enisa and European Union Agency for Cybersecurity
2023 SONICWALL CYBER THREAT REPORT – Charting Cybercrime´s Shifting Frontlines
2023 SONICWALL CYBER THREAT REPORT – Charting Cybercrime´s Shifting Frontlines
On the Board of Directors ? Beware of these 6 common Cybersecurity Myths by SentinelOne
On the Board of Directors ? Beware of these 6 common Cybersecurity Myths by SentinelOne
SAST vs DAST vs SCA – Which Security Testing Methodology is Right for You by Practical DevSecOps
SAST vs DAST vs SCA – Which Security Testing Methodology is Right for You by...
Introduction to Malware Analysis for Beginners by LetsDefend
Introduction to Malware Analysis for Beginners by LetsDefend