Selecting the Right Active Directory Security Reports for Your Business



Similar documents
Find the Who, What, Where and When of Your Active Directory

Installing, Configuring, and Managing a Microsoft Active Directory

Enable Backup and Restore for Group Policy

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Group Policy 21/05/2013

EventTracker: Support to Non English Systems

Group Policy Objects: What are They and How Can They Help Your Firm?

What s New Guide: Version 5.6

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Stellar Active Directory Manager

DriveLock Quick Start Guide

NetWrix USB Blocker Version 3.6 Quick Start Guide

Monitoring Windows Event Logs

The Administrator Shortcut Guide tm. Active Directory Security. Derek Melber, Dave Kearns, and Beth Sheresh

Windows 2008 Server DIRECTIVAS DE GRUPO. Administración SSII

Managing and Maintaining a Microsoft Windows Server 2003 Environment

Can You Recover Active Directory from a Disaster?

Reports, Features and benefits of ManageEngine ADAudit Plus

NetWrix USB Blocker. Version 3.6 Administrator Guide

Keeping Tabs on the Top 5 Critical Changes in Active Directory with Netwrix Auditor

What s New Guide. Active Administrator 6.0

MS 50255B: Managing Windows Environments with Group Policy (4 Days)

How to Audit the 5 Most Important Active Directory Changes

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

White Paper. PCI Guidance: Microsoft Windows Logging

Active Directory Change Notifier Quick Start Guide

LT Auditor Windows Assessment SP1 Installation & Configuration Guide

Reports, Features and benefits of ManageEngine ADAudit Plus

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

How to monitor AD security with MOM

Two Ways to Use Group Policy Delegation

Configure Single Sign on Between Domino and WPS

Intel Entry Storage System SS4200-E Active Directory Implementation and Troubleshooting

Security Assertion Markup Language (SAML) Site Manager Setup

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425

5 Challenges in Active Directory Management and How to Manage Them

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Windows Logging Configuration: Audit Policy Configuration

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Changing Passwords in Cisco Unity 8.x

THE OPEN UNIVERSITY OF TANZANIA

Portland State University Office of Information Technologies Active Directory Standards and Guidelines for Campus Administrators

Password Policy Enforcer

Integrating LANGuardian with Active Directory

MS-50255: Managing, Maintaining, and Securing Your Networks Through Group Policy. Course Objectives. Required Exam(s) Price.

ExecuTrain Course Outline Configuring & Troubleshooting Windows Server 2008 Active Directory Domain Services MOC 6425C 5 Days

Top 10 Security Hardening Settings for Windows Servers and Active Directory

MOC 6419: Configuring, Managing, and Maintaining Windows Server 2008

Windows Server 2008 Active Directory Configuration (Exam )

Create, Link, or Edit a GPO with Active Directory Users and Computers

Installing Active Directory

Outline SSS Configuring and Troubleshooting Windows Server 2008 Active Directory

The Challenges of Administering Active Directory

Configuring and Troubleshooting Windows 2008 Active Directory Domain Services

This module explains how to configure and troubleshoot DNS, including DNS replication and caching.

Specops Command. Installation Guide

Portal User Guide. Customers. Version 1.1. May of 5

Module 8: Implementing Group Policy

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Table of Contents WELCOME TO ADAUDIT PLUS Release Notes... 4 Contact ZOHO Corp... 5 ADAUDIT PLUS TERMINOLOGIES... 7 GETTING STARTED...

ScriptLogic File System Auditor User Guide

User Management Tool 1.6

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Managing Windows Environments with Group Policy

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

6425C - Windows Server 2008 R2 Active Directory Domain Services

Dell Active Administrator 8.0

Administering Group Policy with Group Policy Management Console

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Active Directory 2008 Audit Management Pack Guide for Operations Manager 2007 and Essentials 2010

Configuring, Managing and Maintaining Windows Server 2008 Servers

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

JIJI AUDIT REPORTER FEATURES

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Quick Start Guide. Installation and Setup

THE POWER OF GROUP POLICY

Admin Report Kit for Active Directory

5 Steps to Avoid Network Alert Overload

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Active Directory Integration Guide

The Institute of Internal Auditors Detroit Chapter Presents

GFI White Paper PCI-DSS compliance and GFI Software products

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0

WHY EXTENDING GROUP POLICY MAKES SENSE FOR YOUR WINDOWS ENTERPRISE

How to Install the Active Directory Domain Services (AD DS) Role in Windows Server 2008 R2 and Promote a Server to a Domain Controller

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

Managing Windows Environments with Group Policy 50255D; 5 Days, Instructor-led

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Advanced Audit Policy Configurations for LT Auditor+ Reference Guide

Creating a User Profile for Outlook 2013

Use Enterprise SSO as the Credential Server for Protected Sites

6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

MS-6425C - Configuring Windows Server 2008 Active Directory Domain Services

HDAccess Administrators User Manual. Help Desk Authority 9.0

Monitoring Oracle Enterprise Performance Management System Release Deployments from Oracle Enterprise Manager 12c

Implementing HIPAA Compliance with ScriptLogic

Transcription:

Selecting the Right Active Directory Security Reports for Your Business Avril Salter 1. 8 0 0. 8 1 3. 6 4 1 5 w w w. s c r i p t l o g i c. c o m / s m b I T

2011 ScriptLogic Corporation ALL RIGHTS RESERVED. ScriptLogic, the ScriptLogic logo and Point,Click,Done! are trademarks and registered trademarks of ScriptLogic Corporation in the United States of America and other countries. All other trademarks and registered trademarks are property of their respective owners. 2 Selecting the Right Active Directory Security Reports for Your Business

Business Intelligence (BI), data analytics and security reports In today s highly networked market where even the smallest business can have global reach, it is increasingly important to manage, monitor and analyze who is accessing and is using your computer resources. Active Directory is more than a directory service. It is the tool that allows you to manage and define security policies for who can assess your computer resources. Active Directory holds information on your users, computer resources, and security policies. Deployments can vary from a small business that has a handful of users and computers to large multinational enterprises with thousands of users spread across several global locations. As such, the Active Directory s database records can be on a single computer or spread across several server farms. The data that is contained in Active Directory is an essential part of your security data analytics. Active Directory provides tools for administrators to view the directory s database, to analyze the impact of applying security policies and to log all of the events. However, it is not a data analysis and reporting tool. Most companies therefore implement an analysis and reporting tool to complement their Active Directory deployment. These tools can range from free add-ons that help you filter and generate SQL queries to highly complex tools that can run what if analysis and generate hundreds of different reports. This article is focused on helping you decide which reports are essential to you. The golden rules of report generation Before defining the essential reports, it is worth spending a few moments to define what constitutes a good security report. Regardless of the size of your Active Directory deployment there are three golden rules for creating good security reports. Reports should contain information that is comprehensible and accurate. Reports should tell you if the system is working as your business needs it to work. Reports should provide insights into what is happening such that you can decide on a course of action. By focusing on reports that are accurate, relevant and actionable, you will be able to sort through the hundreds of Active Directory security reports available to find the ones you need to manage your business. Is your documentation up to date? Active Directory allows you to set up Group Policies to manage user access and computer resources. Security settings are defined in Group Policies, These security settings define how users are authenticated on the network and which computer resources they are permitted to use. You can view almost all of your security settings through the Group Policy Management Console (GPMC). Securing your computer resources requires you not only to apply effective Group Policies, but it also requires you to make sure that employees and other users of the network understand the security policies and the importance of complying with these policies. It is therefore essential that Group Policies are documented and shared with users. Therefore the first report that you should generate is a list of all your Group Policies. 3 Selecting the Right Active Directory Security Reports for Your Business

Active Directory allows you to generate a Hypertext Markup Language (HTML) report that shows all of the Group Policy Object (GPO) settings. To create this report in Windows Server 2008 you should go to the Group Policy Management console, select the Domain and the Group Policy Object you are interested in. The report is generated when you select the Settings tab. Figure 1 below provides an example of this report. To print this report simply right click in the view window and select print. Figure 1: Generating a HTML report on your GPO settings. Now that you have a list of your Global Policies it is time to apply the golden rules. Ask yourself the questions, are these the right Global Policies for my business and what do I need to change? If you need to modify or add new GPOs this can be a complex and somewhat daunting process as it can be difficult to determine which users and computers will or will not be impacted by a specific GPO. Active Directory includes a Group Policy Modeling capability that you can use to run what-if analysis. 4 Selecting the Right Active Directory Security Reports for Your Business

Have you reviewed your administrator accounts? It is important to periodically review your administrator accounts. As the name suggests, these are the accounts used by administrator to updates to Active Directory. You need to know who has access to change things on Active Directory. The delegation of tasks that each administrator can do is core to your organizational security. Failure to give the appropriate access to administrators is a more significant security risk than any other potential Active Directory vulnerability. You need a report that shows the administrative accounts and what privileges they have. In other words who can do what? Figure 2 shows the permissions for the default Administrators account. You can access this information by selecting the Active Directory Users and Computers, selecting advanced features in the view menu, and then right clicking properties and the security tab. Although a preferred approach would be to use a reporting tool to generate a report that allows you to compare and contrast permissions allocated to different administrators. Figure 2: Reviewing the privileges assigned to your Administrative Accounts 5 Selecting the Right Active Directory Security Reports for Your Business

When applying the golden rules a great question to ask is are you conforming to best practices in setting up Administrative Accounts? If no, what changes can you make to come closer to these best practices? For example, a best practice for these accounts is to set a Password Policy that require a longer and more complex password to make it more difficult for a hacker to break this password. Are changes conforming to your design? Prior to implementing Active Directory, a best practice is to create a design document that defines the rules for how you will be implementing Active Directory. These rules should include a naming standard for users and computers, a user password policy, and a list of who can create, delete, and manage groups. In addition to guidelines for how domain local, global, and universal groups should be used. Failure to create a design document or to adhere to the design guidelines can make it impossible to implement new policies as the organization evolves and the business needs change. It is important to ensure that this design document is still being followed. For example you may wish to check whether the naming standards are being followed and review newly formed groups to ensure they conform to the written guidelines. These types of reports tend to be quite complex. For example let s say you choose a user naming standard last name, followed by a period and then the first name. To identify user names that do not conform to your naming standard you could search for names missing the period. This is not an easy report script to write. Ideally your reporting tool should enable you to easily run these investigative reports. Are you watching who is accessing your network? Authenticating a user s access to the network and computer resources is at the heart of any Active Directory system. Ideally you should be looking at who is assessing your network resources on a daily basis. Looking at statistics on legitimate user behaviors and potential hackers is an important part of protecting your system. There are two main account security policies, Password Policy and Account Lockout Policy. Once these policies are set they are not typically changed unless your business needs or security risk assessment changes. Figure 3 shows a typical user password policy. 6 Selecting the Right Active Directory Security Reports for Your Business

Figure 3: A typical Password Policy Having made decisions about your Password and Account Lockout Policies, you can now detect abnormal behavior that could indicate that your users are experiencing problems with your security policies or that your network is under attack. Ideally you should have a reporting tool that allows you to rapidly identify data anomalies in your Active Directory system. Examples of data anomalies are a high number of authentication attempts on a specific user accounts or a high number of changed password messages. What are your logs telling you? Security logs provide a history of events. You can configure your security logs to capture Global Policy related events by defining the Audit Policy. Events can include system events such as computer shut downs, policy changes, log-on and account management changes. When you first deploy Active Directory, auditing is turned off. Setting the Audit Policy requires you to select the events that you wish to track. This can be a most challenging decision. If you keep too much data, it will result in significant server overhead and it can make it more difficult for you to quickly see what is happening. If you keep too little data you may not be able to achieve your security goals and meet your regulatory compliance requirements. Figure 4 provides an example of setting an Audit Policy. In this example, the IT staff wanted to be able to detect if the system suffered a dictionary attack, so they set the audit policy to record the number of failed log on attempts but they are not recording the successful log on attempts. 7 Selecting the Right Active Directory Security Reports for Your Business

Figure 4: Illustration of Audit Policy settings Remember that security logs are essential for troubleshooting, but they are also invaluable for analyzing changes to your system over time and investigating security breaches. You also need to decide how long you plan to keep the security logs. You should configure the size of your security logs based on the expected number of logged events over the period you plan to keep the log. Are you ready to define your security reporting needs? Creating reports is an essential part of managing and securing Active Directory. There are several things that do not show up during your day-to-day monitoring activities. Generating accurate, meaningful and actionable reports enables you to keep your documentation up to date, to analyze and see data in a different way over a longer period of time, and to identify patterns. Arm yourself with good security reports and you can be the unspoken hero that takes action before problems actually manifest! 8 Selecting the Right Active Directory Security Reports for Your Business

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information