Security is a key business operations issue. In most environments a security policy is crafted which prescribes various security mechanisms used to provide protection for valued assets. As an IT administrator or a security officer in any organization, you should view Active Directory as a valued asset in and of itself. Active Directory is the collection of object specific information and all the relationships between those objects that comprises the online digital environment of your corporate network. You should take steps to protect and sustain Active Directory from intentional and unintentional damage from authorized and unauthorized users.
In any and all situations, layered security is the best method to use when planning and designing a security solution. Layered security or defense in depth is the simple concept of placing your valued assets at the center of your environment and building or deploying multiple concentric circles or rings of protection around those assets. Thus, violations to confidentiality, integrity, or availability must overcome numerous security restrictions, precautions, and protections before being able to affect your assets.
From a conceptual point of view, Active Directory should be protected first by a layer of computer based security policies, second by a layer of administrative controls, and third by a layer of physical access controls. The first layer is comprised of domain controller settings, GPO settings, and other security
Designing a secure AD infrastructure is not a simple task. Nor is it an activity that can be adequately described in a single tip. So, over the following weeks I will follow up this introductory tip about the concept of layered security for AD with specific tips on how to secure your environment.
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.
This was first published in August 2006