Presentation is loading. Please wait.

Presentation is loading. Please wait.

Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.

Similar presentations


Presentation on theme: "Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference."— Presentation transcript:

1 Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference

2 Active directory provides centralized management of network resources. Active directory is not the network. Active directory is not network security. Active directory does not secure all network resources. 2

3 Active directory only helps secure those resources defined within the active directory domain. These resources can include: Workstations Servers Switches and Routers Printers Firewalls 3

4 The computer-level security for each resource includes: Users and Groups Password and Lockout Settings Auditing and Lockout Settings Available Services Patch Level 4

5 Active directory provides a centralized means to manage: Users and Groups Password and Lockout Settings Administrative Authorities 5

6 Active directory runs on the Windows domain controllers. Domain controllers have no separate: – Users and Groups – Password and Lockout Policies 6

7 Domain controllers should be dedicated. The domain controller could be compromised if another service is compromised. Nondedicated domain controllers can also lead to inappropriate individuals with domain administrative authority. 7

8 Active directory structure includes forests, trees, and domains. Due to a Security Identifier (SID) filtering flaw, any domain admin can assume authority anywhere in the forest: – Enterprise Admins – Schema Admins – Domain Admins – Default Administrators Group 8

9 Domain trusts allow access to users from trusted domains. Two-Way Trusts One-Way Trusts Transitive Trusts 9

10 Administrators from trusted domains could have rogue administrative access. SID filtering between the trusted domain is required to prevent administrative access from the trusted domain. 10

11 Password and lockout policy is usually controlled at the domain level. Fine-grain password policies can be defined in the domain. 11

12 Groups are used to grant rights to objects such as users. Organizational units are used to apply policies to or grant administrative authority over objects such as users or computers. 12

13 Group policy objects are used to apply policies and security settings to the objects in organizational units. The Group Policy Results Wizard can be used to generate a report of security settings applied to the domain or individual users: – Password and Lockout Settings – Screen Saver Timeout Settings – Logging Settings – Permissions 13

14 The advanced security settings for an organizational unit can be used to identify specific permissions over the organizational units. Resetting Passwords Full Control 14

15 Questions? Contact: 15


Download ppt "Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference."

Similar presentations


Ads by Google