ActiveDirSec.Org

The world's most trusted forum on Active Directory Security


Post Info TOPIC: What is the security risk associated with the compromise of the Active Directory?


Member

Posts: 17
Date: Dec 14, 2010
What is the security risk associated with the compromise of the Active Directory?
Permalink  
 


Hello,

In light of this whole Wikileaks affair, we have been asked to perform a complete security review of the core components of our Windows Server based network.

Before we can do any such review, we obviously need to determine what components of the network to review. Obviously, our firewalls, DNS servers, routers are all on the list, but as we continue to give this more thought,  I was thinking that perhaps Active Directory should be on the list as well.

I need to make a case for why Active Directory should be on the list, so I was looking for some helpful points that could help me make this case.

Your suggestions and input most welcome.

Thanks,
Will



__________________

I’m sorry, but having a DB9 on the drive and not driving it is a bit like having Keira Knightley in your bed and sleeping on the couch.



Member

Posts: 21
Date: Dec 21, 2010
What is the security risk associated with the compromise of the Active Directory?
Permalink  
 


Will,

The security of the Active Directory is critically important to overall enterprise security, because it is the very heart of the network. If the Active Directory is compromised, everything else will be at risk and exposed to compromise as well.

The need to protect Active Directory is critical, because you can have best network security, physical security, anti-virus, email-scanning, IP-sec etc, but if someone takes your Active Directory, all these above controls are rendered useless and become quite inconsequential.

To give you an idea, here's a situation - imagine if your Active Directory goes down. No one will be able to log on to the network, access any network resources, send any email, nothing. Clients will not be able to find servers, or conenct to them, policies will stop flowing down to computers, so and so forth, Basically your entire network could come to a stand still.

As to how to protect the Active Directory, that's another post, as it takes alot to protect it.

- Geoffrey



__________________

Wherever you go and whatever you do, may the luck of the Irish be there with you.



Member

Posts: 17
Date: Jul 20, 2012
What is the security risk associated with the compromise of the Active Directory?
Permalink  
 


Geoffrey,

Hmm... indeed, if we look at it fro mthe perspective of what could happen if the Active Directory were not to be available, that certainly makes us appreciate the value of protecting our Active Directory.

Speaking of which, I've been following the thread on What is the most serious risk to Active Directory security - very interesting insights.

Thanks again.

Will.



__________________

I’m sorry, but having a DB9 on the drive and not driving it is a bit like having Keira Knightley in your bed and sleeping on the couch.



Veteran Member

Posts: 28
Date: Oct 9, 2013
RE: What is the security risk associated with the compromise of the Active Directory?
Permalink  
 


Will,

Active Directory is the bedrock of security in Windows Server based IT infrastructures, because virtually every aspect of security, from identity management to access management is completely integrated with Active Directory.

As a consequence, ensuring the security, integrity and availability of Active Directory must be a top IT security priority for organizations, because should the Active Directory be compromised or be unavailable, the entire IT ifnrastructure will come to a stand still.

Should the IT infrastructure come to a halt, you can only begin to imagine what the consequences would be on business.

Likewise, should the security of the Active Directory be compromised, or should the accounts of any of its administrative accounts be compromised, virtually everything that is protected by the Active Directory could be easily compromisable.

It is thus vital to ensure that Active Directory is always secure from harm at all times.

Speaking of which, some of the best (most valuable) info on Active Directory Security, including a collection of Microsoft's official security guides, tools, checklists and resources can be found here.

My advice to all organizations would be to ensure that Active Directory Security is a top security and organizational priority.

Jack.



__________________

We will NEVER forget.

Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me