Active directory as the name suggest, if business need to be active then active directory should be actively protected with proper care.
Business vitality depends on AD. each and every details from login info, Email info , relied strongly on AD. As so it’s vital we should maintain a proper hygiene way to secure it from external attacks, since we have a long history of foreign intrudes contaminating, encrpting and erasing info
As the gatekeeper to critical applications and data in 90% of organization’s worldwide, AD has become a prime target for widespread cyberattacks that have crippled businesses and wreaked havoc on governments and non-proﬁt organization
If in case of a disaster happen there should be an escape route to restore it. Key considerations are elobarated
- Minimize Active Directory’s attack surface: Lock down administrative access to the Active Directory service by implementing administrative tiering and secure administrative workstations, apply recommended policies and settings, and scan regularly for misconfigurations – accidental or malicious – that potentially expose your forest to abuse or attack.
- Monitor Active Directory for signs of compromise and roll back unauthorized changes: Enable both basic and advanced auditing and periodically review key events via a centralized console. Monitor object and attribute changes at the directory level and changes shared across domain controllers.
- Implement a scorched-earth recovery strategy in the event of a large-scale compromise: Widespread encryption of your network, including Active Directory, requires a solid, highly automated recovery strategy that includes offline backups for all your infrastructure components as well as the ability to restoring from backup s without reintroducing any malware that might be on them.