Active Directory Security Checklist

1 Limit the use of Domain Admins and other Privileged Groups

Members of Domain Admins and other privileged groups are very powerful. They can have access to the entire domain, all systems, all data, computers, laptops, and so on.

It is recommended to have no day to day user accounts in the Domain Admins group, the only exception is the default Domain Administrator account.

 

2 Use at least two Accounts

You should use a regular account with no administrator rights for day-to- day tasks like checking email, browsing the internet and so on. Use a secondary account when you need to perform admin tasks. Use the least privilege model, give permissions to only what is needed.

 

3 Secure the Domain Administrator Account

The built-in administrator account should only be used for domain setup and recovery. Set a 20+ character password on it and lock the password in a vault. No one should know the password or be using this account

 

4 Disable Local Administrator Account

Disable the local administrator account on all computers and use your individual domain account instead. The local admin is a well-known account that attackers will try to compromise and often has the same password on every computer.

 

5 Use LAPS (Local Administrator Password Solution)

If you are unable to disable the local administrator account, then use Microsoft LAPS. This will set a random unique password on all computers. The password is stored in Active Directory.

 

6 Use a Secure Workstation for administrator tasks

Use a dedicated secure workstation for performing administrative tasks. The secure admin workstation should not have internet access or be used for checking email. Login into this workstation with your admin account not your regular account.

 

7 Enable Audit Policy Settings

Use group policy to set an audit policy on all computers. Malicious activity often starts on end user devices, so it is important that auditing is enabled on all computers.

 

8 Monitor AD Events for Compromise

Monitor changes to privileged groups, spike in bad password attempts, account lockouts, use of administrator accounts and other abnormal behavior.

 

9 Use Long Passwords

If your company policy allows it, set the minimum password length to 15 characters. This is often driven by various compliance requirements.

 

10 Use Descriptive Security Groups

Avoid naming security groups with random or meaningless names. It is not easy tracking down where or how groups are used and better naming conventions can help. Example, N-Drive-HR-RW

 

11 Cleanup inactive user and computer accounts

Have a process in place to find and disable stale/unused active directory computer and user accounts.

 

12 Remove Users from the Local Administrator Group

Regular users should not have local administrator rights on computers. This makes it easy for attackers to install malicious files and compromise a network. Use PowerShell or a 3rd party tool to inventory who has local administrator rights.

 

13 Do not install additional software on domain controllers

Domain controllers should have very limited software and roles installed on them. More software you install the bigger the security risk. These are the most important servers in your domain so keep them secure by limiting what is running on them.

 

14 Patch & Vulnerability Scanning

Attackers are quick to exploit known vulnerability’s, you need to continuously scan and patch systems. Make sure you are patching 3rd party programs and upgrading or removing software that is no longer supported.

 

15 Use Secure DNS Services to block malicious traffic

You can easily block malicious traffic by using a secure DNS service such as QUAD9 or OpenDNS.

 

16 Run Supported Operating System

Keep systems on the latest operating system will help to increase overall security. Each new version of Windows includes new built-in security features and enhancements.

 

17 Use Two Factor Authentication

It is easy for attackers to compromise accounts, which can allow remote unauthorized access. Two factor authentication should be used for all remote access.

 

18 Monitor DHCP Logs

You need to know what is connecting to your network. A simple way to check this is by looking at the DHCP logs, look for hostnames that you do not recognize. If you have a naming convention it should be easy to identify unauthorized devices.

 

19 Monitor DNS Logs

DNS logs can be used to identify malicious DNS lookups. You will need to enable the windows DNS debug logs; steps are provided in full post. DNS logging is also provided on next gen firewalls. DNS lookups for random domain names are a good sign of malicious traffic on your network. Example, efdvessdtgsdg.3dfxo.com

 

20 Use ADFS & Azure Security

Take advantage of the latest ADFS & Azure security features. Microsoft continues to develop and provide security enhancements to both services.

 

21 Use Office 365 Secure Score

Secure score analyzes your office 365 tenant and provides a score based on your settings. It provides a list of issues and recommended actions to fix. May require a subscription.

 

22 Have a recovery plan

Have a response plan on how to handle a cyber-attack. 

 

23 Document Delegation to Active Directory

Delegation and AD permissions can easily get out of control. Document these permissions or use PowerShell to create a report and review regularly.

 

24 Lock Down Service Accounts

Service accounts are used to run executables, tasks, services, authentication and so on. These accounts are often set with passwords that never expire and are granted more permissions than needed. See full post for a list of tips for locking down service accounts. A better option is to use Managed service accounts

 

25 Use Secure Baselines

Default installs are not secure, use secure benchmarks and baselines to secure default settings. These settings can be deployed with group policy. Microsoft Security Compliance Toolkit and CIS SecureSuite provide baseline templates and tools.

 

26 Enable Windows Firewall

Use group policy to deploy and control the windows firewall on all computers in your organization. The firewall can control incoming/outgoing traffic to your systems.

 

27 Use application whitelisting

With application whitelisting you can block unwanted programs from running. There are third party programs that offer these features, Windows Enterprise also has this feature.

 

28 Block PowerShell for regular users

Viruses will often use PowerShell to execute commands on computers. Most of the time regular users do not need to execute PowerShell. You can control who has permissions to run PowerShell with Group Policy. 

     

                 

     

    

 

𝐓𝐡𝐞 7-𝐋𝐚𝐲𝐞𝐫 𝐨𝐟 𝐎𝐒𝐈 𝐌𝐨𝐝𝐞𝐥

 

12 AI Tools to try in 2023

12 AI Tools to try in 2023

ChatGPT Solves Anthing - https://chat.openai.com

WriteSonic Writes Anything - https://lnkd.in/dbKtMMaE

midjourney Generates Art - https://lnkd.in/d7GnGvHK

Replit Generates Code - https://lnkd.in/dN-KjHEG

synthesiaIO Generates Video - https://synthesia.io

Soundraw Generates Music - https://soundraw.io

Fliki Generates Tiktoks - https://fliki.ai

Starry Generates Avatars - https://lnkd.in/dh_VCdFN

SlidesAI.io Generates PPT - https://slidesai.io

Remini Edit Pictures - https://remini.ai

pictoryai Edit Videos - https://pictory.ai

wordtune Summarize Notes - https://wordtune.com

10 Insane AI tools you cannot miss in 2023

 

10 Insane AI tools you cannot miss in 2023: 

 

1. https://Lovo.ai - AI Voice Generator

 

2. https://lightpdf.com/chatdoc - chat with any PDF

 

3. https://Quillbot.com - Sentence enhancer

 

4. https://Tldv.io - AI Meeting Assistant

 

5. https://Perplexity.ai - Use AI while browsing

 

6. https://Kickresume.com - AI Resume Builder

 

7. https://Blaze.today - Write 10x faster

 

8. https://10web.io - AI website builder

 

9. https://Chatpdf.com - Chat with any PDF

 

10. https://Sheetplus.ai - Write excel formulas with AI

Register for Office 365

 To register for Office 365, you can follow the steps below:

 Visit the Office 365 website: Open your web browser and go to the Office 365 website at www.office365.com.

 Choose a plan: Office 365 offers different plans depending on your needs, such as Business, Enterprise, Education, or Home. Learn about the available plans and choose the plan that best meets your needs.

 Click "Buy Now" or "Sign Up": Once you have selected the plan you want, click the "Buy Now" or "Sign Up" button associated with that plan.

 Select the number of users and subscription details: specify the number of users you want to include in your Office 365 subscription. You have the option to choose between monthly and annual billing, as well as select additional features or add-ons that are available for the selected plan.

 Enter contact and billing information: Enter your contact information, including your name, email address, and phone number. Also enter the billing information you need, such as your credit card information or other accepted payment methods.

 Review and confirm your order: Review the details of your order, including the subscription plan, number of users, pricing, and any additional services or features you have selected. Make sure all the information is correct and meets your requirements.

 Complete the purchase: If everything looks correct, complete the purchase. Follow the instructions on the website to complete the payment and finish the registration process. You may receive a confirmation email with the details of your Office 365 subscription.

 Set up your Office 365 account: After you complete your purchase, you'll need to set up your Office 365 account. This usually involves creating a unique username and password, configuring security settings, and verifying your email address.

 Accessing Office 365 services: Once your account is set up, you can access Office 365 services and applications by signing in to your account. You can access web-based applications such as Microsoft Outlook, Word, Excel, PowerPoint, and others, as well as download and install desktop applications on your computer if included in your subscription.

Remember to keep your Office 365 account information secure and follow best practices for account management, such as enabling two-factor authentication and updating passwords regularly.

RAID

 RAID the abbreviation RAID stands for Redundant Array of Independent Discs and is a technology used to combine multiple physical hard discs into a single logical unit to improve data storage performance and reliability, or both. Configurations are commonly used in server environments and high capacity storage systems. There are different RAID levels or configurations, each offering different benefits and trade-offs. Here are some commonly used RAID levels:

 RAID 0 (striping): RAID 0 distributes data across multiple drives without redundancy. It improves performance by striping the data on the drives and allows parallel read/write operations. However, RAID 0 does not provide fault tolerance, i.e. if one drive fails, all data may be lost.

 RAID 1 (Mirror): RAID 1 uses two drives to create an exact copy (mirror) of the data. Each drive contains the same data, providing redundancy and improved data availability. If one drive fails, the other drive can continue to function and provide data. However, RAID 1 reduces the total storage capacity by 50% due to mirroring.

 RAID 5 (Striping with parity): RAID at 5, the data is distributed across multiple drives and provided with parity information for fault tolerance. The parity information allows the system to recover data if a drive fails. RAID 5 requires at least three drives and provides a good balance between performance, capacity utilisation and fault tolerance.

 RAID 6 (Double Parity Striping): RAID 6 is similar to RAID 5, but with double parity, meaning it can tolerate the failure of two drives simultaneously. RAID 6 requires at least four drives and offers higher fault tolerance than RAID 5. However, more storage space is needed for the additional parity information.

 RAID 10 (combination of mirroring and striping): RAID 10 combines the advantages of RAID 1 and RAID 0. It creates mirrored drive pairs and then distributes the data to the mirrored pairs. RAID 10 offers high performance and fault tolerance, but requires at least four drives. It offers better data security than RAID 5 or RAID 6, but at the cost of lower usable capacity due to mirroring.

 RAID 50 and RAID 60: RAID 50 and RAID 60 are combinations of RAID 5/6 with striping. They are used in larger storage systems that require high performance and fault tolerance across multiple drive sets. RAID 50 uses RAID 5 sets, while RAID 60 uses RAID 6 sets. Both offer a good balance between performance and fault tolerance.

Please note that RAID is a hardware or software based technology and the specific implementation and features may vary depending on the RAID controller or software. RAID Configurations can be implemented with specific RAID controllers or software-based RAID solutions provided by the operating system or storage management software.