Some years ago, I worked as a software implementation consultant in the public sector. An IT Director pulled me into his office one day to ask about my team’s ERP deployment. After I answered his questions he said, “That all sounds fine. What isn’t so fine is the state of my Active Directory.” He proceeded to show me thousands of stale accounts across agencies, as well as global access rights that could put sensitive budget information at risk.
What he shared has always stayed with me. So I was excited to listen to a webinar on Best Practices for Auditing Active Directory.
The five actionable steps are exactly the advice I wish I had given that IT Director. Fortunately, you’re reading this blog so you can use these steps right away.
Active Directory (AD) auditing is the process of collecting data about your AD objects and attributes—and analyzing and reporting on that data to determine the overall health of your directory. Organizations perform audits 1) to secure AD from attackers who are after credentials and 2) to keep IT operations running smoothly. The order of these two is debatable depending on your role.
By auditing Active Directory, you can reduce security risks by identifying and remediating toxic conditions like deeply nested groups and directly assigned permissions that attackers can exploit to gain access to your network resources. You can also uncover and fix conditions like token bloat and circular nesting that slow down, or hang applications, to improve operational efficiency.
How do you perform an audit?
Active Directory auditing consists of five steps, which help you prioritize your focus areas.
Step one is to scan and map your AD environment to answer questions like:
Once you know what’s in your AD environment, you can start to triage.
Step two is prioritizing efforts based on your findings. Three places organizations often begin are:
Step 3 is gaining support to address priority issues. You can use permissions scans data, for instance, to identify stakeholders based on who has access within Active Directory—as well as who has access to Active Directory objects. For example, you can identify the manager of groups or users who will know why permissions have been set-up a certain way, e.g., delegated admin permissions to perform certain tasks like resetting passwords.
With stakeholders onboard, you can review group memberships and remediate problematic AD conditions. First, remediate privileged access to AD by verifying that the right users are in domain and enterprise admins. This least privilege approach reduces the chance that a rogue admin will abuse privileges by accessing sensitive data or adding an unauthorized user to the group’s membership. Second, involve business owners in group governance to help validate that the right members are in their groups—and that the group overall has access to the resources it needs.
Step five is making the process a continuous cycle. Once you complete your top priorities, you return to step one and repeat the process for your next priority. For example, another focus area might be ensuring AD passwords follow change policies and aren’t stored in memory.
STEALTHbits offers a number of reports you can use to audit Active Directory. Here are some of the most popular reports used by customers:
Use these five steps to begin auditing your Active Directory environment. To take advantage of STEALTHbits AD auditing tools, please check out our Credential and Data Security Assessment or contact us at sales@stealthbits.com. To watch the full webcast, please click here.
Tuula Fai is the Senior Marketing Director of StealthAUDIT at STEALTHbits. For the past 20 years, she has worked in a variety of roles within the software industry, starting as a developer and implementation engineer before moving into product marketing and digital campaigns. Having worked in both customer service and human resources, she is passionate about safeguarding customer and employee data as part of overall security initiatives. She graduated Summa cum Laude from Georgetown with an MBA in marketing and IT, and has won two technology marketing awards. You can find her running and writing in the Rocky Mountains of Colorado.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.
Read more© 2022 Stealthbits Technologies, Inc.
Great post. Thank for Sharing