Most organizations nowadays rely on one or more active directory domain(s), and having weaknesses in your active directory can endanger your whole organization.
Active Directory provides a wide range of functionalities to your organization such as authentication, authorization, DNS, etc. It somehow contains the keys to the kingdom and acts as the hub that links modern networking systems, including cloud resources with integration into Azure Active Directory Services. Take this into consideration and you will quickly understand the need for protecting your active directory to reduce the risk of credentials/identity theft and to protect the access to your critical systems holding sensitive data.

On paper, securing your active directory might be considered a complex task. However, fortunately, there are some tools to help you on that journey.

In this article, I will present one tool, called PingCastle, without going into all the technical details and without providing you with recommendations to fill the gaps discovered by this tool. The idea is just to help you demystify this activity 😉 Please also note that making the recommended changes might introduce some risks and that if you are not sure what the tool recommends or how to mitigate something, then you must liaise with a subject matter expert… but at least you will have a better view on your security posture.

Plan

The planning phase for the audit of your active directory is not that difficult, but you must make sure that you involve the right profiles from your organization and that the project is well known, and that you have a sponsor for that. This is important mainly because the report that the tool will generate becomes a sensitive document that contains the weaknesses of your system, and also because, depending on the findings, different people in the organization will be involved in remediation.

  • Key questions:
  • Who are the stakeholders?
  • Target scope (e.g. all domains, one domain) and the responsible
  • How we plan the remediations?
  • Frequency of the audit?

Now Let’s Assess Your AD

First things first: head over to Download – PingCastle, download and extract the zip. In this zip file, you can find the PingCastle.exe that you can now run and follow the prompts. Note that you don’t need administrative privileges for running this tool, but you may get a few false positives if you have removed/denied domain user’s permissions on things like GPOs. To solve this potential issue, just grant you read permissions on the object that the tool complains about and re-run it. But please do not use Domain Admin privileges for such activity.

Within a couple of minutes, you will get an HTML report generated, as simple as that. now the fun begins.

VSAN from StarWind eliminates any need for physical shared storage just by mirroring internal flash and storage resources between hypervisor servers. Furthermore, the solution can be run on the off-the-shelf hardware. Such design allows VSAN from StarWind to not only achieve high performance and efficient hardware utilization but also reduce operational and capital expenses.
Find out more about ➡ VSAN from StarWind

Analyze

As I said, the “fun” begins: You just open the report and start your journey towards remediation (yes, I’m pretty sure that you will have findings😉). For that, you need to start looking at the findings, understand what they mean and how to mitigate them, and the impact the mitigation might have on your business (again, make sure that you understand the consequence of implementing any change to such a critical component).

Figure - Report Summary

Figure – Report Summary

For each finding area, there are specific details, and that’s where you must spend most of your time: You don’t run an audit to see green flags, you run an audit to make sure that you understand the risk you take with the current setup that you have in place.

For each finding, you should create a task to build your remedial action plan, and ideally with each finding the risk associated should be assessed.

Figure - Example finding details

Figure – Example finding details

Summary

It will most probably be a long journey but the objective is to make progress, understand the risks you’re facing, have a better view of your organization’s security posture, and improve as you go. Such exercise will definitely enhance your security posture on one hand and help you define a better process for later on the other.

Views All Time
3
Views Today
5
Back to blog
The following two tabs change content below.
Benoit Voirin
Benoit Voirin
Benoit Voirin is a freelance Cyber Security consultant with 10 years of experience in Cyber Strategy, infrastructure project management and IT System Engineering. Benoit has a wild range of skills in cyber security strategy and technical domains gained by working on vast and challenging projects in multiple domains and sectors. He is certified ISO 27001 Lead Implementer, Cloud Security Knowledge (from Cloud Security Alliance), Prince 2 and ITIL.