Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 24
  • Last Modified:

AD change control testing

we wish to do some testing about how well managed our AD is. What we had in mind was to pick a sample of tickets from the helpdesk system to ensure:

Where an AD account was created in the domain - this was properly authorised by the users line manager.
Where a request was logged to add an AD account into a security group - this was properly authorised by the users line manager.

Can you think of any other useful checks in terms of AD changes that should have a proper authorisation, that we can build into our testing? Anything where end users could abuse the process to gain access to information in which they should not be able to. They were the 2 obvious ones but I am open to other ideas.
0
pma111
Asked:
pma111
  • 2
1 Solution
 
btanExec ConsultantCommented:
You are checking for the use case for doer-approver-checker in which the same person cannot be for the doer and approver as well as approver and checker. Likewise to avoid collusion between checker and approver as well as doer and checker. Area for such possibility is mainly on security services handling
-account login/logout for administrator, privileged group
- account policy like password restriction and complexity etc
-audit trail provisioning for policy changes, log archival purge scheme
-security centre support in use of firewall, defender etc
-network defence in use to tcp/ip parameter for DoS defends
-security services provisioning for applocker, dnssec, proxy lockdown,
-common services support like server core adoption for dhcp, dns roles
-end user application support like tampering browser policy config on default page, cipher suite etc
-service account and manage account used in running services
-login security option in enforcement of smartcard, credential option, guest, remote login etc
-interface changes and lockdown like storage media, wifi, MTP connectivity etc
-device sharing via common job services like print job, internet printing etc
-shared resource like shared folder access, profile mobility in term of roaming and folder access

There are specific mapping of above to MS security audit in term of GPO setting, will be handy
https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations
0
 
btanExec ConsultantCommented:
The events and descriptions are provided to oversight the activities.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now