When designing and ultimately deploying any environment, you need to take the time to perform a risk analysis or a threat evaluation. This focused activity will help in guiding your security efforts towards those areas in greatest need of immediate attention. Your security planning process should result in a detailed outline of procedures for dealing with risk mitigation as well as problem resolution.
Risk mitigation or proactive security deals with problems before they are exploited against your environment. It is the task of evaluating your deployment designs, determining the weaknesses, and selecting countermeasures and safeguards to reduce those weaknesses. Problem resolution or reactive security (also known as contingency planning) deals with problems once they occur in a production environment. Problem resolution is an ordered procedure on how to deal with security violations. Problem resolution manages the issues when a threat was not preempted, when a threat is not fully mitigated, and when security mechanisms were not implemented.
The first step toward establishing a security solution for AD is to identify threats to Active Directory. The second step is to identify the sources of those threats. Then the third step is to establish a proactive or reactive strategy for dealing with the threat.
As for identifying threats to Active Directory, there are several. They include:
- Object spoofing
- Bypassing login restrictions to spoof
- a user
- Using stolen credentials
- Data manipulation
- Users performing authorization elevation attacks to gain access to restricted data
- Disabling or interfering with event logging
- Altering a log file
- Violating data confidentiality
- Capturing data in transit
- Using social engineering against users
- Implementing denial of service attacks to exploit software flaws or consume bandwidth
- Running untrusted code
- Users failing to comply with written scurrility policies and best practices
Sources of these and other threats come from at least five different roles or types of people:
- Anonymous users (includes external hackers)
- Authenticated users
- Service administrators
- Data or storage administrators
- People with physical access to systems
Some of the general principles that can be put into practice to provide proactive protection against these threats include:
- Establishing Secure Active Directory Boundaries
- Deploying Secure Domain Controllers
- Strengthening Domain and Domain Controller Policy Settings
- Establishing Secure Administrative Practices
- Securing DNS
Some of the general principles that can be put into practice to provide reactive protection against these threats include:
- Manage and control privileged AD operations
- Monitor and detect potential AD attacks
- Deploy defenses against future repeat of discovered AD attacks
- Recovery and restore AD after an attack
In later tips we'll discuss each of these proactive and reactive means in your efforts to deploy a more secure AD environment.
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.
This was first published in January 2004