Active Directory Architecture Review
Description
BHIS will perform a security review of the configuration and settings of the Windows Active Directory Architecture.
Objectives
Black Hills Information Security will review the organization’s Active Directory Architecture With a focus on critical vulnerabilities, privacy concerns, and identify potential architecture and group policy improvements. BHIS will recommend modifications to the existing infrastructure that will yield an increase in overall security posture and effectiveness of the Active Directory Environment.
In scope items:
Trust Relationships – This review will focus on the boundary conditions between groups of resources and arbitration of access. Configuration will be reviewed to ensure that implemented controls are as intended by description of the intended policy.
wsure that the active directory is implemented to provide the greatest flexibility while allowing simple security changes to have high impact. Focus will be on separation of duty, classes of computers, and group policy settings hierarchy.
User/Computer Account Management – This review will ensure that user accounts are managed effectively from both a technical and policy perspective. This will include reviewing accounts for usage, setting definitive expiration dates, and provisioning/expiring accounts based on this information.
Sessions and Control Paths - This review will rely on an Active Directory snapshot in time. The dataset will provide BHIS analysts information about accounts, sessions, and Active Directory control paths. This will allow the analysts to formulate an understanding of the session management control processes and administrative relationships across the organization.
Audit Policies - This review will investigate the computer groups structure and map group-level audit policy enforcement. This review will drive better endpoint logging practices in accordance with Microsoft and Information Assurance Directorate guidelines for incident response system auditing.
Group Configuration - This review will include a review of the deployment of best practices for group management. Analysts will review privileged group membership, role based groups implementation, and recommend changes in accordance with formal compliance and best practice standards.
Group Policy – This review will focus on security-based best practices implemented within group policy. Specific policies that will be investigated will include:
● Domain/OU Firewall Policy
● Domain/OU Password Policy
● Computer/User Settings Configuration
● Authentication Security Settings (accepted protocols/signing)
● Group Policy Preferences Review
● Internet Explorer (Zone Mapping, Proxy Settings, etc)
● Software Restriction Policies
● Advanced Mitigation Capabilities
Training Videos
Training videos created by Noah in sharepoint: Training Videos