ActiveDirSec.Org

The world's most trusted forum on Active Directory Security


Post Info TOPIC: What are the security risks associated with the compromise of a Domain Controller?


Newbie

Posts: 3
Date: May 19, 2013
What are the security risks associated with the compromise of a Domain Controller?
Permalink  
 


Hello,

I would like to get some input on the security risks associated with the compromise of a Domain Controller (DC). We are in the midst of a security review and a question came up about one of our DCs being placed in a remote satellite office in another city.

We recently acquired a small business there, and as a part of the acquisition, had created new AD user accounts for the 100 or so users in that business, and although we are building a larger office in that city, we have temporarily placed a DC in that site (i.e. their current office in that city.)

Ours is a single domain setup, so the 1000 or so accounts for our corporate folks are also in the same AD. We have about 6 DCs in our main location, and they are all placed in our little data-center, and behind 2-factor auth controls, but that one DC in that office seems a bit concerning.

I have been trying to make a case to my management to do something about it, but my managers are mostly old-school network security guys who just think of AD as another service, like SQL, so my requests seem to keep falling on deaf ears.

If there is anything concrete that I can share with them that would help make a good case for providing more security for the DC in that location, it would be super helpful.

Thanks,

Tony



__________________

"These young guys are playing checkers. I'm out there playing chess" - Kobe Bryant



Veteran Member

Posts: 28
Date: May 30, 2013
RE: What are the security risks associated with the compromise of a Domain Controller?
Permalink  
 


Dear Tony,

The importance of protecting your Domain Controllers (DCs) cannot be overstated. DC security is of utmost importance and it is very important to ensure that only highly trustworthy and authorized administrative personnel have unrestricted physical access to domain controllers.

The risk associated with the compromise of a Domain Controller is that if should a DC be compromised your entire Active Directory deployment could potentially be compromised, because the attacker would be able to control the Domain Controller and thereby control the Active Directory service. It is thus very important to ensure that all DCs are always adequately protected.

I could go into details of how someone who has control over a DC could take over the Active Directory but suffice it to say that if you own the DC, you can access, change and delete any data stored in the Active Directory, including admin accounts, groups, passwords, OUs etc.

I would highly encourage you to ensure the highest levels of security for all your DCs. If you have DCs in branch offices or remote locations, please ensure that they are placed in a locked room to which very few people have access.

Best wishes,

Jack.

 



__________________

We will NEVER forget.

Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me