Protecting Your Active Directory Helps Keep Your Data Secure
As cybercrime becomes increasingly sophisticated, more prevalent and more capable of untold damage, organizations (potential targets/victims) are becoming more proactive. Cybersecurity is quickly becoming a top priority and businesses are evolving their Active Directory (AD) ecosystems to be on the offensive when managing cyber risks to avoiding being vulnerable in the wake of its ever-evolving threats. Recently, the DoD imposed additional requirements on defense contractors (and subcontractors) that process, store or transmit defense information. As of December 31, 2017, all Defense contractors and subcontractors, independent of size, that process, store, or transmit covered defense information were required to demonstrate compliance with DFARS Defense Federal Acquisition Regulation, clause 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting Supplement” and NIST (National Institute of Standards and Technology) SP 800-171. Miss any of these and they would not be compliant and if you’re not compliant you are at risk of incurring penalties and losing business with the federal government.
But what about non-government enterprises that aren’t bound by government imposed requirements? The security of their data is just as important and being aware of potential threats to it more than ever before. As daily news reports reveal, no organization with any kind of information technology (IT) infrastructure is immune from attack. In this landscape of ever-increasing risks, these same enterprises should be looking at safeguarding their data in much the same fashion.
Your organization’s Active Directory (AD) is the supreme tool for ensuring compliance. Hence, protecting your AD is now more critical and essential than ever. Your domain controller –a server running Active Directory Domain Services (AD DS)– essentially represents the ”keys to the kingdom”, enabling centralized, secure management of an entire network, regardless of size.
The first step in preventing an attack on the AD is to make sure that you gain visibility/audit-ability into all activities happening in the AD. Be vigilant about managing your delegations. For defense contractors, being compliant under NIST SP 800-171, 3.1.2, means that you “limit information system access to the types of transactions and functions that authorized users are permitted to execute.” Yet, all businesses should be concerned about this and be asking this very question. Who in your organization has control? Who has privileged access? If an attacker can gain access to a privileged account, he has access to useful information from which he can create a blueprint.