What is the security risk associated with the compromise of the Active Directory?
Hello,
In light of this whole Wikileaks affair, we have been asked to perform a complete security review of the core components of our Windows Server based network.
Before we can do any such review, we obviously need to determine what components of the network to review. Obviously, our firewalls, DNS servers, routers are all on the list, but as we continue to give this more thought, I was thinking that perhaps Active Directory should be on the list as well.
I need to make a case for why Active Directory should be on the list, so I was looking for some helpful points that could help me make this case.
Your suggestions and input most welcome.
Thanks, Will
__________________
I’m sorry, but having a DB9 on the drive and not driving it is a bit like having Keira Knightley in your bed and sleeping on the couch.
The security of the Active Directory is critically important to overall enterprise security, because it is the very heart of the network. If the Active Directory is compromised, everything else will be at risk and exposed to compromise as well.
The need to protect Active Directory is critical, because you can have best network security, physical security, anti-virus, email-scanning, IP-sec etc, but if someone takes your Active Directory, all these above controls are rendered useless and become quite inconsequential.
To give you an idea, here's a situation - imagine if your Active Directory goes down. No one will be able to log on to the network, access any network resources, send any email, nothing. Clients will not be able to find servers, or conenct to them, policies will stop flowing down to computers, so and so forth, Basically your entire network could come to a stand still.
As to how to protect the Active Directory, that's another post, as it takes alot to protect it.
- Geoffrey
__________________
Wherever you go and whatever you do, may the luck of the Irish be there with you.
