Solved

AD change control testing

Posted on 2016-08-15
2
16 Views
Last Modified: 2016-09-03
we wish to do some testing about how well managed our AD is. What we had in mind was to pick a sample of tickets from the helpdesk system to ensure:

Where an AD account was created in the domain - this was properly authorised by the users line manager.
Where a request was logged to add an AD account into a security group - this was properly authorised by the users line manager.

Can you think of any other useful checks in terms of AD changes that should have a proper authorisation, that we can build into our testing? Anything where end users could abuse the process to gain access to information in which they should not be able to. They were the 2 obvious ones but I am open to other ideas.
0
Comment
Question by:pma111
  • 2
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41756545
You are checking for the use case for doer-approver-checker in which the same person cannot be for the doer and approver as well as approver and checker. Likewise to avoid collusion between checker and approver as well as doer and checker. Area for such possibility is mainly on security services handling
-account login/logout for administrator, privileged group
- account policy like password restriction and complexity etc
-audit trail provisioning for policy changes, log archival purge scheme
-security centre support in use of firewall, defender etc
-network defence in use to tcp/ip parameter for DoS defends
-security services provisioning for applocker, dnssec, proxy lockdown,
-common services support like server core adoption for dhcp, dns roles
-end user application support like tampering browser policy config on default page, cipher suite etc
-service account and manage account used in running services
-login security option in enforcement of smartcard, credential option, guest, remote login etc
-interface changes and lockdown like storage media, wifi, MTP connectivity etc
-device sharing via common job services like print job, internet printing etc
-shared resource like shared folder access, profile mobility in term of roaming and folder access

There are specific mapping of above to MS security audit in term of GPO setting, will be handy
https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations
0
 
LVL 62

Expert Comment

by:btan
ID: 41782775
The events and descriptions are provided to oversight the activities.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Rate limit for DNS queries 7 72
domain controllers numbers 4 72
Suggestions on remote printing. 3 29
Why would someone make a DC a member of the administrator's group 6 40
Enterprise Password Manager Suites as well as Local Password managers are covered in this article.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now