Thursday, November 18, 2010

Auditing is Important, But Periodic Security Assessments Are Also Important

In the last post we took a look at some of the most important tasks that you should definitely consider auditing in the Active Directory. It is very helpful and vlauable to have the right audit settings in place, and turned on, so tha when these tasks are enacted, you are in the know.

However, it is also important to keep in mind that auditing is primarily a reactive measure, i.e. it informs you about the occurence of an event that has already taken place. While this can certainly be helpful in maintaining security, this is not always true.

Consider for instance a scenario wherein a delegated administrator was able to reset the password of a more powerful administrator. Now suppose you had auditing turned on, an audit event would certainly be generated but by the time you would take notice of it, and figure out that this seemed unusual, that individual could log in as the powerful administrator and do substantial damage and you would not be able to prevent that from happening.

So, in this case, while auditing would help figure out who may have compromised security, the fact is that the damage would have been done, and auditing would not have helped you prevent this security incident.

The point here is that while auditing is important, it is equally important to periodically audit your Active Directory so you can identify and lock-down any excessive administrative grants that could endanger the security of your Active Directory.

By the way, when you are reviewing security grants in Active Directory, please make sure that you review them correctly. What you see in Active Directory permissions is not always what really is. Meaning that just because someone is specified some privileges in some security entry, it does not necessarily mean that that individual would actually have the ablity to carry out that task. This is because there could be other privileges for that user, or some group that he/she is a member of and these other privileges could negate the first privilege.

That's all for now. Thanks, and have a happy Thanksgiving!