The importance of a secured active directory for a growing company

others   |   
Published November 3, 2020   |   

One of the most vulnerable spots in the security system comes from unconscious user activity such as weak passwords. That’s why many companies implement Active Directory (AD) to regulate device and users’ authorization password policies, account privileges, and software management. Since it opens the door to all the accesses in the company, its protection should be treated with the highest priority.

The work from home during the pandemic casts a challenge to secure the working environment as staff turnovers, access requests, and managing heavy systems call for effective solutions. It’s especially valid for small and growing companies who just start documenting their security procedures.

So here are some tips to ensure the security of your AD:

Secure user AD access

Protect access with a VPN to exclude the risk of external attacks. Don’t forget to include additional security layers such as 2-factor authentication or one-time-passwords to exclude the risk of successful brute force attacks (using password guessing techniques). Use secure solutions for Active directory file sharing and database management. In addition, set up strong password policies such as enforcing the previous history to prevent password reusing, minimum strength, and age forcing users to regularly change them.

Monitor AD events

One more key protection level is monitoring the activity inside the AD using the in-built security report features. The most interesting things to monitor are the unusual rate of failed logins, logins from uncommon places, application logins and config changes, etc. Once you analyze these logs, it will be easier to detect suspicious activity and quickly take appropriate measures to oust unwanted consequences. According to the stats, it may take almost 6 months to spot a successful breach.

Сonduct an audit on unused accounts

Do not forget to revoke access from any employee who leaves the company right away and regularly check accounts that are no longer in use. They can become an easy target for hackers to expose them. Apart from the security risk it may slow down the system or spoil the report results. The regular cleanup using parameters like last login or actual password age of the account running an automated script on your own or can help you to avoid such incidents.

Take advantage of implementing the least privilege model

In smaller companies, there is a common mistake to set the same default permissions for all the users giving them access to all the data kept in the company. Such practices contain the risk of exposing customers’ sensitive information and contribute to an increase in internal attacks. Also, if such an account is hacked, the consequences can be disastrous. Make sure that you have several user roles granting the minimum accesses to perform daily responsibilities for each role. It’s better to review them only when a person changes the role. It will help to keep the information protected and reduce threats of data leakage.

112 1 1

Source: Varonis

Secure Domain controller

The domain controller serves as a centralized unit of processing all the authentication requests and requires the closest attention. Refrain from installing additional software on it, as well as using multiple user roles for access. If it gets hacked, all your network is exposed, so its security should be ensured by proper data encryption like BitLocker Drive encryption and should be accessible only from the local network.

For sure securing your AD is only one step towards protecting your business from external and internal attacks. A significant amount of work is dedicated to ensuring that you use the latest security patches and regularly update your software. Not even speaking of a powerful firewall, antivirus software, and doing regular backups as it’s a must.  Apart from that, it’s worth raising security awareness among your staff using workshops and lectures so that your employees can recognize phishing, сounteract the social engineering attacks, and report security incidents.