For some reason, Active Directory has been the center of many conversations lately.
Based on that, I wanted to share some of the most common tips to maintain a secure and healthy environment.
- Modify default security protocols: Kerberos and NTLMv2 are required for authentication in AD, and operate at higher security levels. On the other hand, NTLM presents significant cyber-security and should be disabled.
- Perform regular audits: Proactively improve security, promptly detect and respond to threats, and simply enable your operations to run without any interruptions
- Disable Clear Text Credential Caching: There are several registry changes available to make sure no passwords are saved in memory or in the registry.
- Have a documented backup and disaster recovery strategy: If you are in this situation, it is most likely because your environment was compromised. Make sure to have fully documented procedures to reduce the downtime.
- Leverage object backups if your data protection software supports it: Being able to restore a single AD object nowadays should be a requirement.
- Automate maintenance and cleanup tasks: All the inactive, unused and disabled accounts need to be constantly removed.
- Schedule regular penetration tests: The goal is to identify any possible attack vector an adversary would use.
- Never grant more permissions than needed: Least-Privilege Administrative Models.
- Implement Prevention, Detection and Response tools: Semperis leads the market here, with Quest not too far behind.
Remember kids… if you stay ready, then you do not need to get ready!
If you think I missed some other tips, please reach out and let me know.
