ActiveDirSec.Org

The world's most trusted forum on Active Directory Security


Post Info TOPIC: Looking for an Active Directory Security Audit Checklist


Member

Posts: 8
Date: Jan 3, 2013
Looking for an Active Directory Security Audit Checklist
Permalink  
 


Hello,

I came across this forum trying to find an Active Directory Security Audit Checklist, as we've been asked by senior management to incorporate AD security audits into our periodic IT audits.

I was wondering if there is any reliable Active Directory Security Checklist that already exists, so we could use it to conduct our own internal audits. I'd hate to have to reinvent this wheel, especially given the time constraints we're under.

We have given some thought to it internally, and have come with the list of usual suspects to cover - Domain Controller Security, Administrative Accounts and Groups Security, Delegation of Administration (i.e. Delegated Access Audit), DNS Security etc. but it would be nice to have a detailed and vetted list of what to cover in an Active Directory Security Audit.

I'm sure this isn't something new, so I'm hoping someone on this forum might certainly be able to either share such a list, or suggest what to cover, or point me in the right direction.

Thanks,

Richard.



__________________

I would trade all my technology for an afternoon with Socrates - Steve Jobs



Member

Posts: 16
Date: Feb 25, 2013
RE: Looking for an Active Directory Security Audit Checklist
Permalink  
 


Hi Richard,

An Active Directory Audit Checklist would certainly be nice to have, and while I don't know of one to point to, here are some things that come to mind that are worth including in an Active Directory Audit -

  1. List of all domain controllers
  2. List of all administrative accounts (e.g. Domain Admins, Enterprise Admins etc.)
  3. List of all delegated admins / admins with elevated access rights in Active Directory
  4. List of all service accounts with elevated access rights in Active Directory
  5. List of all Active Directory administrative groups and their memberships
  6. List of all OUs, GPOs linked to these OUs and delegations made on these OUs
  7. List of all events being audited in Active Directory
  8. Summary of Active Directory content, such as # of accounts by type and status etc.

This is just a small list of things that comes to mind. I am sure that others on the forum can contribute to this list.

Jeremy.



__________________
Driod Rules!


Member

Posts: 18
Date: Feb 28, 2013
Looking for an Active Directory Security Audit Checklist
Permalink  
 


Hi Richard,

Active Directory is a vast technology so it's not easy to put together a checklist to audit Active Directory security so easily. For instance, one has to consider everything from DC security to the security of many of its operational components such as replication, KCC, FSMO roles, etc. as well as important items like unauthorized/excessive delegated access rights in Active Directory.

In my experience I have found that most organizations end up tailoring such checklists on their own, as they have to be customized to their unique environments. It is best to take a generic Active Directory Audit Checklist and customize it to one's needs.

Hopefully this can help you.

Thanks,

Nate



__________________
Today is the tomorrow we worried about yesterday


Member

Posts: 8
Date: Apr 11, 2013
RE: Looking for an Active Directory Security Audit Checklist
Permalink  
 


Thank you Nathan. That was quite helpful. You've actually helped me in more than one way, because I was looking for a tool to perform Active Directory Delegation Audits and happened to chance upon this one while perusing the list. Thanks much!



__________________

I would trade all my technology for an afternoon with Socrates - Steve Jobs



Member

Posts: 21
Date: May 30, 2013
Looking for an Active Directory Security Audit Checklist
Permalink  
 


Richard,

Active Directory deployments are complex in nature, and can range in scope from a small single domain environment restricted to one site, to a multi-forest envrionment, complete with trusts to NT4 domains, spread across 100s of sites.

As a result, it is not easy to establish a single detailed checklist that can be used in every deployment. This is because there might be things that might be applicable to large deployments but not to small deployments, and vice versa.

My advice too would be to get your hands on a good high-level Active Directory security checklist, and then customize it to suit your organization's unique security audit needs, taking into account your resources and objectives.

One such good checklist that I recently came across can be found here.

I hope this helps you fulfill your needs.

Kind regards,

Ishmael



__________________

There isn't a system that cannot be broken into.

Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me