THE WHY

An organization’s Active Directory (AD) is often considered the heart of the organization’s information technology. It reaches wide and far across the organization, which is why a secure AD is vital.

Active Directory (AD) has a set of predetermined, default security settings created by Microsoft. These security settings may not be ideal for your organization’s needs. Additionally, these default security settings are well-understood by hackers, who will attempt to exploit gaps and vulnerabilities.

Understanding AD vulnerabilities and implementing security and least privilege access controls is vital to protecting domain accounts and keeping the IT ecosystem safe. Proper visibility, management, reporting, and auditing capabilities can significantly enhance AD security an ensure systems integrity.

THE HOW

Reviewing an organization’s Active Directory can easily become a very complex, unmanageable and chaotic task. This is because such a task can easily become insurmountable when an organization discovers that locking down their Active Directory often opens pandora’s box. Endpoints, PAM, IAM, multiple geographical locations and various software across the organization all affect the best solution to securing the Active Directory.

Nordic Resilience can assist organizations manage this process. By creating a roadmap and raising the security of the Active Directory one task at the time, the overall security level of the organization can be increased.

To best strengthen an organization’s Active Directory, Nordic Resilience uses two frameworks:

  1. The first framework used is Center for Internet Security’s (CIS ) Benchmark guidelines. The exact benchmark guidelines will depend on the organization’s infrastructure. As an example, the following two benchmarks could be used, if the organization primarily utilizes Windows Server 2008 and 2012 in their Active Directory infrastructure:
  • CIS Microsoft Windows Server 2012 R2 Benchmark v2.3.0
  • CIS Microsoft Windows Server 2008 R2 Benchmark v3.1.0

Briefly summarized, the CIS benchmarks related to Active Directory do not include best practice recommendations for topology, groups, organizational units or design. Instead, the benchmarks focus on how Group Policy Objects (GPOs) can strengthen an organization’s Active Directory security.

  1. The second framework used as methodology for our Active Directory assessments is Microsoft’s Best Practice for Securing Active Directory. This framework is developed by Microsoft and contains a set of practical techniques to help IT executives protect an enterprise Active Directory environment. The framework is divided into 10 sections.

Besides the frameworks, Nordic Resilience also draws inspiration from https://adsecurity.org/ by the highly reputable Sean Metcalf. He has collected a vast amount of basic and advanced techniques to test and secure modern Active Directories.

THE DELIVERABLE AND DURATION

At the end of the configuration review of the Active Directory, the organization will receive a single commercial-grade report that will contain a non-technical section for the C-suite members of the organization, as well as a technical section that will provide in-dept details regarding the observations that were made. All observations will be manually scored with a risk-assessment (CVSS or Low/Medium/High/Critical), in order to assist the organization with the priority of remediating each one.

A configuration review of Active Directory usually takes 10 days, but this highly depends on the complexity of the organization and the size of the Active Directory.