AD Security Audit

OSS performs an Active Directory Security Audit remotely in order to assess known security configuration issues. The ADSA involves running scripts and tools, and manual review of the Active Directory configuration and settings.

The assessment process has three primary phases:

Gathering data from the environment

Interpreting the results

Completing the assessment report.

OSS approaches this process as a partner and is fully committed to provide Active Directory security guidance that makes it more difficult for an attacker to gain access to the “crown jewels” on the network. Furthermore, OSS will model typical attacker methods and how they apply to the network, identifying the areas of concern and how best to mitigate them.

AD Security Audit Benefits

A snapshot of the Active Directory security configuration as a point in time.
Identification of the most common and effective attack vectors and how best to detect, mitigate, and prevent them.
Active Directory security best practices customized to align with business process and requirements and minimize impact.
Active Directory password auditing.
As part of the report’s executive summary, the top security issues are highlighted and described, along with the best method to mitigate/resolve the issues.
All discovered issues are detailed in the report along with effective impact and recommended remediation.
The final section of the document summarizes all of the identified issues along with mitigation/resolution recommendations which can be used to develop a plan of action.

Key Security Assessment Components

Active Directory forest and domain configuration. This includes evaluating the current Domain and Forest functional levels and identification of security enhancements in the current and higher levels.

Active Directory trust configuration and security.

Active Directory security misconfigurations are highlighted and recommended remediation/mitigation is provided.

Active Directory administration groups. This includes Enterprise Admins, Administrators, Domain Admins, custom delegation groups, and others as identified. Groups with logon rights to Domain Controllers are scrutinized and membership is expanded to gain a complete picture of the Active Directory administrators.

Custom security groups with privileged access to Active Directory are discovered and their access rights identified.

Group Policy security configuration for the domain and Domain Controllers.

Permissions for all Group Policy Objects (GPOs) are reviewed and issues with the delegation of GPOs are noted along with recommended remediation.

Service Accounts with elevated permissions. Identification of Kerberos enabled services and their associated service accounts. Special focus on service accounts with domain-level admin rights.

Domain Controller management review including Operating System versions, patching, backup.

Active Directory organizational unit (OU) permissions with a focus on top-level domain OUs.

Additional Active Directory object permissions are reviewed to identify potential “backdoor” access which is not obvious based on group membership.

Analyze domain password policies, to see if they enable users to create secure passwords. Generate reports to identify accounts with password vulnerabilities, including expired passwords, identical passwords, blank passwords, and more

Active Directory Security Audit