Ask the Expert

Perform a Windows Active Directory security configuration assessment

According to a recent article, an audit of the Department of Homeland Security's Microsoft Windows Active Directory at its headquarters revealed that its implementation failed to fully comply with the department's security guidelines. How can you verify the security configurations of systems when adding to or expanding Active Directory in order to avoid this mistake?

    Requires Free Membership to View

The quick answer is to have a quality assurance group that does security audits on any application or service added to the infrastructure. In reality it's a matter of defining a security strategy and the appropriate testing standards that can be applied to any service being implemented. A good start is to test the application against the Open Web Application Security Project (OWASP) Top 10 application risks. This list identifies the most common deficiencies found in application deployments.

In addition, you should work with your compliance and security organizations to include other tests based on your organization's requirements: For example you might need to do a PCI self-assessment if the application in question handles credit card information, or a HIPAA review if you deal with health care info. There isn't a one-size-fits-all Windows Active Directory security configuration assessment, but between OWASP and your security team, you should have a good list to build from.

This was first published in July 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: