Senior Consultant | Risk Advisory Services
With the current state of the world in 2020, more companies than ever before have needed to leverage technology resources to continue their operations with employees working remotely. With that has brought an increase in activity of malicious actors and cyber-attacks on companies in all industries, and certainly more conversations about Cybersecurity. One of these conversations in your organization should be around the security of Active Directory (AD). Because AD is central to authorizing users, access, and applications that are used throughout an organization, a compromise, especially one that isn’t caught early, can quickly lead to widespread fallout which could be difficult to recover from. These five items can help you mitigate that risk.
Use a Secure Active Directory Admin Workstation
This is a dedicated system that should only be used to perform administrative tasks with a privileged account. This device shouldn’t be connected to the internet and should not have productivity tools or high-risk applications that aren’t required for the secure admin role.
Perform Active Directory Access Reviews
Make sure you are reviewing administrative access and superuser access annually at a minimum. That access should only be granted to those employees who absolutely need it to perform their job function. You should also be doing some type of access review for non-administrative users to ensure that if access isn’t being used or an employee has left the organization, that access has been removed or disabled. In the case of larger organizations where this can be more difficult, we recommend implementing a process to detect and remove accounts that have been inactive for a determined time period. Ninety days is a common benchmark for this.
Active Directory Password Policy
A good place of reference when implementing your password policy is the National Institute of Standards and Technology (NIST) 800-63 password guidelines. These guidelines were published in 2017 and updated in 2019. This list of ideal requirements includes, but is not limited to, having a minimum of eight (8) characters with a suggested maximum of 64 characters, ability to use special characters (e.g. @!?&), the restriction of specific phrases (like an email or username), restriction of dictionary words, and the restriction of repetitive or sequential characters (e.g. 1234, 1111, abcd).
Active Directory Vulnerability Management
It’s important to identify and remediate vulnerabilities as quickly as possible. Malicious actors are quick to exploit known vulnerabilities so it’s important to perform regular vulnerability scans (at least once a month) and perform remediation in a timely manner. Additionally, make sure you are deploying automatic updates to operating systems and other third-party software. It’s also important that your organization is identifying software that is no longer being supported and update it.
Have Incident Response and Active Directory Disaster Recovery Plans
As of 2018 almost 70% of businesses had experienced a cyber-attack, with over half of them experiencing a breach. Even if your organization is doing everything right, one employee clicking on a phishing email can bring your operations to a halt and cost millions of dollars to recover from. It’s more important than ever to be prepared if your network gets compromised in order to limit damage, recovery time and costs. A few things these plans should include is identifying response teams and leaders, communication procedures, prioritized servers, and plans for training. The plans should also be tested at least annually. This includes testing your data backups to ensure that the data being retained is usable and reliable.
If you are interested in improving your organization’s cybersecurity surrounding Active Directory, our Risk Advisory Services team can work with you. Our internal consultants will conduct an examination of your organization to identify weak areas. We can recommend the appropriate level of control for your organization and develop systems to monitor, assess and update those controls.