In 2016, a lot of emphasis was put on organizations protecting themselves against external security threats – especially in the light of high profile security breaches, including the FBI and World Anti-Doping Agency. However, most enterprise security executives in 2016 experienced a higher amount of attempted theft or corruption of data from internal sources rather than external ones.
With this in mind, don’t repeat the same mistakes in 2017 that you made last year! Make sure that you adequately secure your Active Directory environment by following the steps laid out in this article.
a.) Control direct access given to users
A high proportion of insider attacks occur as a result of users who have been given inappropriate levels of access. IT administrators often ignore the in-built security mechanisms provided by Microsoft in Windows OS when granting access rights and permissions to users inside or outside the organization.
For maximum security, you need to control the direct physical server access given to your users. You can do this by executing a dedicated security plan along with strict encryption techniques and procedures.
Additionally, three-factor authentication (an authentication that involves three steps – usually the username, password and a biometric trait such as a fingerprint, voice recognition or retina scan) and implementation of virtualization can help to restrict access and improve the security of the Active Directory environment.
b.) Guest Accounts must be disabled
Don’t leave any loopholes that can be exploited by malicious insiders. By disabling guest accounts that are no longer in use you can ensure that users will not be able to gain unauthorized access through them.
How to disable guest accounts –
Step 1 – Go to “Computer” and right click “Manage” to open Server Manager.
Step 2 – In the left pane, go to Roles → Active Directory Domain Services → Active Directory Users and Computers → www.your_domain.com → Users.
Step 3 – Look for the guest account amongst the list of users displayed in the right panel and right click on it to select the option “Disable Account”.
The following confirmation message appears to confirm that the guest account is disabled.
In addition to this, there must be an alert mechanism that notifies IT administrators in real-time whenever someone attempts to login to the server more than two-three times.
c.) Tighten security by imposing stringent password rules
Your IT managers need to choose strong passwords when creating administrator accounts. Enforcing strict password requirements, and ensuring that passwords are regularly changed, reduces the chances of unauthorized users gaining access. These passwords must also be encrypted to further tighten the security mechanism.
d.) Track user activities/events
The only way you can be sure that users are not doing anything malicious with your data is by auditing and monitoring the who, what, when and where of every change made to your critical IT systems. This includes failed logon attempts, reviewing account management policies and tracking object access activities within the premises. To do this, organizations need to establish a regular audit policy that keeps track of user activities/events from on a pro-active and continuous basis.
One problem many organizations come up against is finding the time to maintain these audit policies. Thankfully, third-party solutions, like LepideAuditor for Active Directory, are more cost-effective than ever before and offer comprehensive auditing and reporting features such as the ability to send instant email notifications via real-time alerts.
e.) Mitigate the risks of Open Ports
To mitigate the risks of DDOS attacks, IT administrators must eliminate services that are not necessary from a security standpoint and check for any open ports that could potentially be damaging.
How to check for open ports in Windows Server
To view the complete list of open ports, simply go to “Run”, type “cmd” to open the command line prompt and enter the following command –
The execution of above command will automatically display all the active connections along with the name of the protocol, local IP address, foreign IP address and the state of the connection as shown in the below screenshot.
f.) Limit number of administrators and use distinct administrative accounts
Limiting the number of administrators and using different administrative accounts when performing activities on your Active Directory helps to re-enforce security.
This can be done by using unique naming conventions and different rules for each account. Everything should be kept confidential to ensure that no administrator can abuse their privileges.
g.) Configure IPSec policies in Active Directory
IPSec, short for Internet Protocol Security, uses encryption techniques to ensure secure communications over IP networks. IP security policies can be configured and integrated with Active Directory in order to ensure high-level security during data communication.
With the use of GPOs in AD domains and OUs, you can assign IPsec policies at both the domain level and organizational unit level to ease the Internet Protocol security deployment process.
h.) Protect your Directory Services Restore Mode password
This is an important one! Your Directory Services Restore Mode password might give hackers an opportunity to gain administrative access to your Active Directory. To protect your DSRM password, simply synchronize it with the Active Directory domain administrator account.
Ensuring your Active Directory is secure is a critical part of your overall security plan. It hosts the Active Directory Domain Services database along with essential data and services that help organizations better manage their users, computer applications and IT infrastructure. It is about time organizations take genuine steps towards protecting their Active Directory environment from malicious users intent on corrupting data or completely destroying the database. Implementing the above security tips is the first step towards securing your Active Directory environment. No more excuses!