As the very foundation of your organization’s security, your Active Directory is an extremely high-value organizational IT asset. It is most likely the largest and most critical distributed system in your enterprise. Along with disaster recovery, Active Directory® security is at the top of the list of topics that IT executives worry about protecting in an enterprise computing environment. Active Directory plays a critical role in the IT infrastructure, and ensures the harmony and security of different network resources in a global, interconnected computing environment.
But there’s a lot you can do to enhance your Active Directory security, and you’ve probably already taken some steps. What follows is a list of tips you can use to help you make your Active Directory environment more secure.
Active Directory Security Checklist
The following checklist is provided to help you assess and maintain the security of your Active Directory deployments:
1. Ensure that the logical (forest, domain and trust-relationship) structure of your Active Directory is conceptually secure.
2. Ensure that all Active Directory configuration (e.g. Schema, Replication, FSMOs, Backups) data is sound and secure.
3. Ensure that adequate Active Directory management, security and disaster-recovery plans are in place and implemented.
4. Ensure that adequate physical, system and network security is provided for all Domain Controllers and admin workstations.
5. Ensure that the number of IT personnel who possess unrestricted administrative access in Active Directory is minimal.
6. Ensure that all non-administrative tasks (e.g. password resets) are delegated based on the principal of least privilege.
7. Ensure that IT personnel can audit (assess and verify) all administrative delegations (effective access) in Active Directory.
8. Ensure that auditing mechanisms are in place to capture the enactment of all admin/delegated tasks in Active Directory.
9. Ensure that all applications and tools used by IT personnel are trustworthy (i.e. verifiably safe, reputable and secure).
10. Ensure that security and effective-access audits are performed on a regular basis to consistently ensure security.
There you have it!