Active Directory Security Review

Active Directory reviews are critical because of the role Active Directory plays in an environment and because they allow us to identify vulnerabilities that cannot be detected through network testing. This includes issues such as permissive file access controls, unnecessary accounts, unnecessary local services enabled, improper logging settings, and insecure server management practices.

Given the nature of network based testing, such issues will fail to be illuminated through network scans alone. Thus server configuration assessments provide the most efficient mechanism to comprehensively review the security of your most critical systems. Security concerns in your operational environment are identified by analyzing the operating system and designated applications. Administrative and technical controls are checked, weaknesses and gaps are identified and compared to best practices, and finally, specific countermeasures are recommended.

In order to accomplish the reviews, Praetorian uses a multi-step process to assess the security of the targeted servers. Throughout the process, Praetorian compares your servers' configurations against a security baseline created from established public guidelines such as those provided Microsoft, the National Institute of Standards and Technology (NIST), and our consultants' experience.

Methodology for Active Directory Reviews

Praetorian's Active Directory review evaluates the security associated with the architecture and implementation of Windows servers and workstations. The review focuses on both Windows stand-alone environments as well as different elements of active directory for those Windows systems under domain control. This includes the administrative boundaries of the forest structure, domain controller hardening, policy settings, account administration, and DNS security. Active Directory reviews are important because this technology often provides the primary mechanism for identification and authentication within the network environment. Failures to secure it appropriately can result in the unauthorized disclosure, alteration or loss of sensitive information whose confidentiality and integrity can be central to the organization's success.

Praetorian's approach reflects a combination of Microsoft's best practices recommendations and Praetorian's experience acquired through numerous security assessments. Praetorian conducts interviews with system administrators and also works with those administrators to manually review and verify certain aspects of the configuration. The discussion includes a review of the architecture to understand what is in place and what business requirements shaped its design.

What You Get

Upon completion of the assessment Praetorian shall provide a single electronic report deliverable. The report will provide an analysis of the current state of the assessed security controls. The analysis will identify areas that need to be resolved in order to achieve an adequate level of security. The detailed contents of the deliverable are described below.

The report deliverable will include the following high level sections in a format suitable for management:

  • Purpose of the engagement including project's scope and approach
  • Positive security controls that were identified
  • Tactical resolutions to immediately reduce risk in the environment
  • Strategic recommendations for preventing similar issues from recurring
  • An industry comparison based on consultancy experience and results from similar previous engagements

The report deliverable will also include the following in-depth analysis and recommendations for technical staff to understand the underlying risks and recommendations:

  • A technical description and classification of each vulnerability
  • Anatomy of exploitation including steps taken and proof in the form of screenshots
  • Business or technical risk inherent in the vulnerability
  • Vulnerability classification that describes the risk level as a function of vulnerability impact and ease of exploitation
  • Technical description of how to mitigate the vulnerability

Ready to get started?

Contact us at 1 (800) 675-5152 to get started with your Active Directory Review needs, or request a callback by submitting the form below.