1 / 15

Auditing Active Directory

Auditing Active Directory. Presented to the National State Auditors Association 2014 Information Technology Conference. By Art Wahl October 1, 2014. Active directory provides centralized management of network resources. Active directory is not the network.

melodie-black
Download Presentation

Auditing Active Directory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference By Art Wahl October 1, 2014

  2. Active directory provides centralized management of network resources. • Active directory is not the network. • Active directory is not network security. • Active directory does not secure all network resources. 2

  3. Active directory only helps secure those resources defined within the active directory domain. These resources can include: • Workstations • Servers • Switches and Routers • Printers • Firewalls 3

  4. The computer-level security for each resource includes: • Users and Groups • Password and Lockout Settings • Auditing and Lockout Settings • Available Services • Patch Level 4

  5. Active directory provides a centralized means to manage: • Users and Groups • Password and Lockout Settings • Administrative Authorities 5

  6. Active directory runs on the Windows domain controllers. • Domain controllers have no separate: • Users and Groups • Password and Lockout Policies 6

  7. Domain controllers should be dedicated. • The domain controller could be compromised if another service is compromised. • Nondedicated domain controllers can also lead to inappropriate individuals with domain administrative authority. 7

  8. Active directory structure includes forests, trees, and domains. • Due to a Security Identifier (SID) filtering flaw, any domain admin can assume authority anywhere in the forest: • Enterprise Admins • Schema Admins • Domain Admins • Default Administrators Group 8

  9. Domain trusts allow access to users from trusted domains. • Two-Way Trusts • One-Way Trusts • Transitive Trusts 9

  10. Administrators from trusted domains could have rogue administrative access. • SID filtering between the trusted domain is required to prevent administrative access from the trusted domain. 10

  11. Password and lockout policy is usually controlled at the domain level. Fine-grain password policies can be defined in the domain. 11

  12. Groups are used to grant rights to objects such as users. • Organizational units are used to apply policies to or grant administrative authority over objects such as users or computers. 12

  13. Group policy objects are used to apply policies and security settings to the objects in organizational units. • The Group Policy Results Wizard can be used to generate a report of security settings applied to the domain or individual users: • Password and Lockout Settings • Screen Saver Timeout Settings • Logging Settings • Permissions 13

  14. The advanced security settings for an organizational unit can be used to identify specific permissions over the organizational units. • Resetting Passwords • Full Control 14

  15. Questions? Contact: artwahl@aud.state.fl.us 15

More Related