Tip

Active Directory security best practices

Security is a key business operations issue. In most environments a security policy is crafted which prescribes various security mechanisms used to provide protection for valued assets. As an IT administrator or a security officer in any organization, you should view Active Directory as a valued asset in and of itself. Active Directory is the collection of object specific information and all the relationships between those objects that comprises the online digital environment of your corporate network. You should take steps to protect and sustain Active Directory from intentional and unintentional damage from authorized and unauthorized users.

In any and all situations, layered security is the best method to use when planning and designing a security solution. Layered security or defense in depth is the simple concept of placing your valued assets at the center of your environment and building or deploying multiple concentric circles or rings of protection around those assets. Thus, violations to confidentiality, integrity, or availability must overcome numerous security restrictions, precautions, and protections before being able to affect your assets.

From a conceptual point of view, Active Directory should be protected first by a layer of computer based security policies, second by a layer of administrative controls, and third by a layer of physical access controls. The first layer is comprised of domain controller settings, GPO settings, and other security

Requires Free Membership to View

practices as defined by your company's security policy. The second layer consists of secure system management, personnel training and compliance with security best practices. The third layer consists of any and all physical barriers between the outside world and the control security environment of your server room. These controls can include walls, locks, intrusion detectors, gates, guards, security camera, etc.

Designing a secure AD infrastructure is not a simple task. Nor is it an activity that can be adequately described in a single tip. So, over the following weeks I will follow up this introductory tip about the concept of layered security for AD with specific tips on how to secure your environment.


James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.


This was first published in August 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.