Solved

AD change control testing

Posted on 2016-08-15
2
20 Views
Last Modified: 2016-09-03
we wish to do some testing about how well managed our AD is. What we had in mind was to pick a sample of tickets from the helpdesk system to ensure:

Where an AD account was created in the domain - this was properly authorised by the users line manager.
Where a request was logged to add an AD account into a security group - this was properly authorised by the users line manager.

Can you think of any other useful checks in terms of AD changes that should have a proper authorisation, that we can build into our testing? Anything where end users could abuse the process to gain access to information in which they should not be able to. They were the 2 obvious ones but I am open to other ideas.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41756545
You are checking for the use case for doer-approver-checker in which the same person cannot be for the doer and approver as well as approver and checker. Likewise to avoid collusion between checker and approver as well as doer and checker. Area for such possibility is mainly on security services handling
-account login/logout for administrator, privileged group
- account policy like password restriction and complexity etc
-audit trail provisioning for policy changes, log archival purge scheme
-security centre support in use of firewall, defender etc
-network defence in use to tcp/ip parameter for DoS defends
-security services provisioning for applocker, dnssec, proxy lockdown,
-common services support like server core adoption for dhcp, dns roles
-end user application support like tampering browser policy config on default page, cipher suite etc
-service account and manage account used in running services
-login security option in enforcement of smartcard, credential option, guest, remote login etc
-interface changes and lockdown like storage media, wifi, MTP connectivity etc
-device sharing via common job services like print job, internet printing etc
-shared resource like shared folder access, profile mobility in term of roaming and folder access

There are specific mapping of above to MS security audit in term of GPO setting, will be handy
https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations
0
 
LVL 64

Expert Comment

by:btan
ID: 41782775
The events and descriptions are provided to oversight the activities.
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question