Active Directory Security Assessments

Phase 1: Preparation

Agree the scope of the assessment with the project coordinator. Access to the environment is agreed (remote or on-site), established and tested before starting the process.

The point of contact and the mode of communication/escalation are agreed.

Phase 2: Active Directory Security Audit Activities 

We review your organization’s existing documentation, discuss key aspects with your employees and run manual and automated reviews of the Active Directory configuration and settings.

Achieving this effectively relies on asking key scoping questions, including: 

• How many Active Directory forests and domains will be reviewed?
• How many computer accounts are part of the domains?
• How many domain controllers are configured per Active Directory domain?
• How many user accounts are enabled and disabled as part of the domain?
• How many active trust relationships with other domains and/or forests?
• Describe the network topology (flat, segmented, etc.)
• The assessment is executed remotely within the Active Directory environment and covers:
• Overview of the technical situation.
• Detection of security issues, current misconfigurations, and bad practices.
• Identification of critical systems and privileged domain accounts.
• Identification of hidden Active Directory escalation paths.
• Identification of the most common and effective attack vectors and how best to detect, mitigate, and prevent them.
• Identification of unintended relationships within the Active Directory environment
• Modelling of typical attacker methods and how they apply to the network, identifying the areas of concern and how best to mitigate them.
• Customization of Active Directory security best practices to align with business process and requirements and minimize impact.
• Provide advice on which items in the action plan to prioritize.
• Undertake a group policy security analysis:
  • Review group policy object (GPO) admin rights (i.e., finding edit rights for accounts that are not Active Directory Administrators). 
  • Analyse and compare sets of GPOs for redundant settings, internal inconsistences. 
  • Review GPOs’ documentation.
  • List disabled or unlinked GPOs.
  • Review GPO templates and files for sensitive files (scripts, credentials, etc.).

Phase 3: Reporting

Our expert team delivers a security assessment report outlining the scope of the project, all discovered issues, and key findings and conclusions. We make recommendations including actionable items which enable your organization to mitigate the risks of the identified vulnerabilities, with a plan that allows you to perform tactical remediation to resolve the issues that pose the greatest threat.

Our Active Directory assessment process covers all of the areas shown in the diagram below.