Active Directory is the foundation of authentication and authorization in your IT environment, so you need to know how to keep it secure. That’s why Netwrix is happy to support a 7 Minute Security podcast about the fundamentals of Active Directory security. In this episode, Brian Johnson, the president of 7 Minute Security and an information security consultant, explains the three most common issues that put Active Directory in danger. Here’s a quick preview:
Pitfall #1: Lack of physical security
Most organizations are still failing to ensure a very basic thing — the physical security of their domain controllers. In particular, while the domain controllers at their main office might be protected by layers of cameras, motion detectors and red lasers worthy of Fort Knox, all too often the DCs at branch offices —which hold copies of some very important data — sit under the receptionist’s desk with no physical security controls at all. In fact, the receptionist might take long lunch breaks, during which time the lobby is empty and the front door is unlocked.
Pitfall #2: Use of privileged credentials for daily tasks
In most organizations, members of the Domain Admins group are allowed to use their admin accounts for day-to-day things like surfing the web and checking email. That’s really dangerous — if a user with elevated privileges clicks even one wrong link, it can have serious consequences for the whole company.
Pitfall #3: Common username format
The third key weakness in AD security is using a common format for usernames. If you stick to one of the two typical username structures, either firstname.lastname@company.com or firstinitial.lastname@company.com, you’re making it very easy for hackers to launch attacks against your accounts.
Is your organization committing one — or more — of these mistakes? If so, you should start reviewing your AD security strategy right now. To learn how to avoid the pitfalls described here, listen to the podcast episode below:
Original source: https://7ms.us/7ms-329-active-directory-security-101/
