Top 10 Active Directory Security You Must Flow It in Your Company

Active Directory Security

Active Directory is a Microsoft Windows directory proprietary that allows administrators to manage users, computers, printers .. via domain. Active Directory security is important for protect user credentials, sensitive data, software applications, and more from unauthorized access.

1-Disable Local Admin Account 

• Disable the local administrator account on every computers and use your domain individual account instead
• This is a well known account that attackers will try to compromise and often has the same password on every computer

2-Use at least Two Accounts

• Use least privilege model, give permissions to only what is needed.
• Create regular account with no admin rights for logging into your computer to check email, surfing internet, etc.
• Create a secondary account for performing administrative tasks

3-Secure the Domain Admin Account

• Built in domain admins account should only be used for domain setup and recovery
• Set a 20+ character password and lock it in a vault
• No one should no the password or be using this account

4-Keep DCs lean and clean

• Domain controllers should have limited software and roles installed on them
• Use server core, it runs with no GUI
• More software and roles you install it increases the security risk, keep DCs lean and clean

5-Cleanup Old AD Accounts  

• Have a process in place to cleanup old user and computer account from Active Directory 
• View step by step guide to identify and remove old accounts

6-Run Latest Operating System

• Each new version of Windows includes built in security features and enhancements 
• Staying on the latest OS will help to increase overall security  

7-Monitor DHCP Logs

• You need to know what is connecting to your network
• A simple way to identify unauthorized devices is by checking the DHCP logs, look for hostnames that you do not recognize. Systems that do not follow you naming convention should be easy to spot

8-Monitor DNS Logs

• DNS logs can be used to identify malicious DNS lookups 
• You will need to enable the Windows DNS debug logs, steps provided in full post
• Look for odd domains that are random in characters, example edsdgjwxngrqw.3fdsco.com

9-Clean up Domain Admins Group

• Don’t login with a day to day account that is a member of the Domain Admins group
• Stop putting so many accounts in this group 
• If DA access is needed, temporarily add it then remove from DA group 

10-Enable Audit Policy Settings

• Use group policy to set an audit policy on all computers
• Malicious activity often starts on end user devices so it is important to apply the audit policy to all computers.
• See full post for audit policy details