ActiveDirSec.Org

The world's most trusted forum on Active Directory Security


Post Info TOPIC: How important is the security of Active Directory, relative to other security threats?


Member

Posts: 7
Date: Jun 20, 2012
How important is the security of Active Directory, relative to other security threats?
Permalink  
 


Hello,

I would like some inputs on how to convey to my management the importance of securing our Active Directory from risks and attacks, relative to the other security initiatives in the company, such as firewall deployments, anti-virus protection, intrusion-detection etc.

My work involves managing parts of an Active Directory, and I run a small team of Windows admins. We have been trying to get some budget approval so we can obtain and deploy some basic protections four our Active Directory, but our management does not seem very inclined or very open to our suggestions. 

I need some help in trying to make a case for why it is equally or potentially more important to protect Active Directory, so that we can get the budget approval for some of the solutions we absolutely need to protect our Active Directory.

I would sincerely appreciate your inputs and thank you for the same.

Thank you.

Kasib.



__________________

One day I too shall have an Aston Martin Mr. Bond!

Ray


Member

Posts: 17
Date: Jun 24, 2012
RE: How important is the security of Active Directory, relative to other security threats?
Permalink  
 


Hello Kasib,

You bring up a very good question - i.e. how important is Active Directory security relative to the security of other aspects of an IT infrastructure, such as network security, anti-virus, intrusion-detection, email security, web security, firewalls, etc. 

Well, I would encourage you to think about the following -

What would happen to the IT infrastructure if the Active Directory were not available or were it to be compromised?

I think when you give due thought to this question, your answers will be reveal itself to you with sufficient clarity.

>Ray.



__________________
One misconfigured 00299570-246d-11d0-a768-00aa006e0529 is all I need.


Member

Posts: 21
Date: Jun 29, 2012
RE: How important is the security of Active Directory, relative to other security threats?
Permalink  
 


Hello Kasib,

The security and well-being of your Active Directory is most important to your organization's security, only because it is the foundation of security, management, access, collaboration and networking.

In fact, it is one of the most important IT assets most organizations have.

The number one reason that Active Directory is so important is because without it, you cannot secure anything. I mean, you need user accounts to authenticate employees, security groups to collectively provision access, group policies to manage security on all computers, and each of these components (i.e. accounts, groups, policies) are all stored in Active Directory.

Should the Active Directory be compromised, any or all of these components could be compromised, and if these components get compromised, all the IT resources they protect could be at risk of compromise.

This is why it is very important to protect Active Directory at all times, and to ensure that you always know who has what access on these components in your Active Directory.

This is something to be taken very seriously.

Good luck to you.

Ishmael.



__________________

There isn't a system that cannot be broken into.



Veteran Member

Posts: 28
Date: Feb 12, 2013
RE: How important is the security of Active Directory, relative to other security threats?
Permalink  
 


Hello Kasib,

As Ray and Ishmael had indicated, the security of your Active Directory is absolutely critical to the security of your organization. Basically, AD is the foundation of security in Windows Server based networks, so if your AD is compromised, the security of the entire network could be in jeopardy.

For instance, all files stored on all file servers, all data stored in all databases, all documents on Sharepoint portals, etc. would all be in jeopardy, and potentially at risk. This is because the Active Directory has a trusted channel with all domain joined machines, and so group policy could be used to compromise all domain joined machines.

In terms of protecting Active Directory, while it is generally a highly self secured component, the key thing is to make sure that you have very few all-powerful domain admins. A good approach here is to delegate everything except the most critical tasks, and minimuze the number of domain admins.

Oh, one other thing, is that when you delegate, make sure that delegations on sensitive objects like admin accounts, groups and all core OUs are properly done based on least-privilege principle. (This can usually be done by performing periodic Active Directory elevated access audits.)

Anyway, the key point it is to ensure that your AD is always secure at all times, because your Windows Server based network is only as secure as is your AD. 

Good luck to you.

Jack.



__________________

We will NEVER forget.

Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me