Obtain an accurate understanding of your security and risk posture, while ensuring compliance with industry regulators and information security best practices.
Active Directory reviews are critical because of the role Active Directory plays in an environment and because they allow us to identify vulnerabilities that cannot be detected through network testing. This includes issues such as permissive file access controls, unnecessary accounts, unnecessary local services enabled, improper logging settings, and insecure server management practices.
Given the nature of network based testing, such issues will fail to be illuminated through network scans alone. Thus server configuration assessments provide the most efficient mechanism to comprehensively review the security of your most critical systems. Security concerns in your operational environment are identified by analyzing the operating system and designated applications. Administrative and technical controls are checked, weaknesses and gaps are identified and compared to best practices, and finally, specific countermeasures are recommended.
In order to accomplish the reviews, Praetorian uses a multi-step process to assess the security of the targeted servers. Throughout the process, Praetorian compares your servers' configurations against a security baseline created from established public guidelines such as those provided Microsoft, the National Institute of Standards and Technology (NIST), and our consultants' experience.
Praetorian's Active Directory review evaluates the security associated with the architecture and implementation of Windows servers and workstations. The review focuses on both Windows stand-alone environments as well as different elements of active directory for those Windows systems under domain control. This includes the administrative boundaries of the forest structure, domain controller hardening, policy settings, account administration, and DNS security. Active Directory reviews are important because this technology often provides the primary mechanism for identification and authentication within the network environment. Failures to secure it appropriately can result in the unauthorized disclosure, alteration or loss of sensitive information whose confidentiality and integrity can be central to the organization's success.
Praetorian's approach reflects a combination of Microsoft's best practices recommendations and Praetorian's experience acquired through numerous security assessments. Praetorian conducts interviews with system administrators and also works with those administrators to manually review and verify certain aspects of the configuration. The discussion includes a review of the architecture to understand what is in place and what business requirements shaped its design.
Upon completion of the assessment Praetorian shall provide a single electronic report deliverable. The report will provide an analysis of the current state of the assessed security controls. The analysis will identify areas that need to be resolved in order to achieve an adequate level of security. The detailed contents of the deliverable are described below.
The report deliverable will include the following high level sections in a format suitable for management:
The report deliverable will also include the following in-depth analysis and recommendations for technical staff to understand the underlying risks and recommendations: