Active Directory security best practices

Active Directory security best practices

Security is a key business operations issue. In most environments a security policy is crafted which prescribes various security mechanisms used to provide protection for valued assets. As an IT administrator or a security officer in any organization, you should view Active Directory as a valued asset in and of itself. Active Directory is the collection of object specific information and all the relationships between those objects that comprises the online digital environment of your corporate network. You should take steps to protect and sustain Active Directory from intentional and unintentional damage from authorized and unauthorized users.

In any and all situations, layered security is the best method to use when planning and designing a security solution. Layered security or defense in depth is the simple concept of placing your valued assets at the center of your environment and building or deploying multiple concentric circles or rings of protection around those assets. Thus, violations to confidentiality, integrity, or availability must overcome numerous security restrictions, precautions, and protections before being able to affect your assets.

From a conceptual point of view, Active Directory should be protected first by a layer of computer based security policies, second by a layer of administrative controls, and third by a layer of physical access controls. The first layer is comprised of domain controller settings, GPO settings, and other security

    Requires Free Membership to View

    Login

    When you register, my team of editors will also send you the latest expert resources covering pertinent IT topics such as Windows server backup and recovery, server administration, storage management, infrastructure security, virtualization, Hyper-V, Active Directory and Group Policy.

    Cathleen A. Gagne, Senior Editorial Director

    By submitting your registration information to SearchWindowsServer.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchWindowsServer.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

practices as defined by your company's security policy. The second layer consists of secure system management, personnel training and compliance with security best practices. The third layer consists of any and all physical barriers between the outside world and the control security environment of your server room. These controls can include walls, locks, intrusion detectors, gates, guards, security camera, etc.

Designing a secure AD infrastructure is not a simple task. Nor is it an activity that can be adequately described in a single tip. So, over the following weeks I will follow up this introductory tip about the concept of layered security for AD with specific tips on how to secure your environment.

James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.


This was first published in August 2006

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top