Active Directory is the foundation of cyber security in Microsoft Windows Server based platforms. Its security is thus mission-critical to organizational and cyber security. In order to ensure its security, organizations perform Active Directory Security Audits on a periodic basis. Such audits provide them the insight they need to ensure that their Active Directory is adequately secure at all times.
While Active Directory security audits are important, it can sometimes be challenging to determine exactly what to cover in the audit. This is primarily because Active Directory is a vast technology and entails numerous components all of which need to be audited. auditing app
Selecting the Type of Audit – Cursory or In-depth
A good starting point when performing an audit is to define the type and scope of the audit, considering the unique requirements of the organization. There are two primary types of audit that can be performed.
A cursory audit is a high-level audit that is performed to obtain high-level insight into the security state of the Active Directory. Such an audit is usually helpful in obtaining high-level insight and identifying key areas that might need detailed attention. For instance, one component of such an audit might involve obtaining high-level insight into the administrative delegation model currently implemented in the Active Directory.
An in-depth audit is a detailed audit that is performed to obtain detailed insight into the security state of the Active Directory. Such an audit is usually helpful in obtaining in-depth insight and identifying weaknesses in specific security settings. For instance, one component of such an audit might involve performing a detailed analysis to security permissions and access rights on all critical objects, such all administrative accounts and groups, or the default domain controllers organizational unit.
Determining the Scope of Audit
The scope of the audit is also important to define because it helps determine exactly what will be covered in the audit. Depending on nature of the audit, an audit can focus on individual areas such as domain controller security, or administrative delegation, or it could be comprehensive in scope and cover all relevant aspects of Active Directory security, a list of which is provided below.
What to Cover in the Audit
Once the type and the scope of the Active Directory Security Audit have been defined, the next step is to identify the areas of Active Directory that will be covered in the audit.