Active Directory
Security Assessment

Trimarc reviews the security of your Active Directory environment and provides prioritized, actionable recommendations

shields.png

trimarc adsa image

Trimarc focuses on Active Directory (AD) security meaning we are uniquely positioned to assess enterprise Active Directory and Windows platform security. Trimarc develops defensive strategies to combat evolving attack techniques with focus on “defense in depth” defensive layers within the enterprise – while any single defense may fail, there are other compensating factors that provide additional detection and/or mitigation for that area.

Our mission is to identify ways to better help protect organizations from modern threats not effectively stopped by traditional security measures. Successful defense is based on an approach involving three primary components: Detection, Mitigation, and Prevention.

Active Directory Security Assessment Overview

 

Trimarc’s Active Directory security services scan the AD environment shining a light on the dark, forgotten corners and unravels the spider-web of permissions collected over many years. We identify multiple potential AD escalation paths and provide recommendations that are actionable, prioritized, and customized to the environment so they can be implemented more quickly (and phased in over time) to effectively mitigate them. Our reporting methodology and approach provide clear paths to resolution and most of the critical issues we discover in our customer environments are resolved in days to weeks, not years.

"Trimarc performs a comprehensive analysis of the Active Directory security posture."

Trimarc's Active Directory Security Assessment typically discovers more high priority findings than others. Our goal is to discover, identify, and provide feasible, actionable recommendations to get issues fixed.

Key Security Assessment Components:

 

  1. Active Directory forest and domain configuration

  2. Active Directory security misconfigurations

  3. Active Directory trust configuration and security

  4. Active Directory administration groups

  5. Custom security groups with privileged access to Active Directory

  6. Group Policy security configuration

  7. Group Policy Objects (GPOs) settings and permissions

  8. Service Accounts with elevated permissions

  9. Domain Controller configuration and management

  10. Active Directory organizational unit (OU) permissions with a focus on top-level domain OUs.

  11. Identify Domain Controller auditing configuration and provide recommendations

  12. Administrative and security review of Azure AD integration components such as Azure AD Connect (if applicable).

Trimarc makes sense of the Active Directory security puzzle

unsplash photo-1618060932014-4deda4932554.jpeg

Trimarc ADSA Sample Report Outline

  • Active Directory Security Assessment Findings & Recommendations

    • Most significant findings

    • Potential Attack Paths

    • Top Recommended Remediation Items

  • Existing Active Directory Architecture Configuration

    • Forest & Domain Configuration

    • Trusts

    • Authentication

    • Accounts

  • Active Directory Administration, Privileged Groups, Permissions, & Rights

    • Administrative Accounts

    1. Active Directory Administration

    2. Active Directory Administrative Accounts

    3. Default Domain Administrator Account

    4. KRBTGT Domain Kerberos Service Account

    5. Kerberos Delegation

    • Active Directory Delegated Permissions & Rights

    1. Domain Permissions

    2. AdminSDHolder Permissions

    • Privileged Groups

  • Security Controls, Monitoring, and Group Policy Configuration

    • Secure Administrative Host and Configuration

    • Azure Active Directory Integration

    • Group Policy Configuration

  • Domain Controller Security

    • Domain Controller Configuration

    • Read-Only Domain Controllers

  • Appendix: Active Directory Overview

  • Appendix: Recommended Configuration References

  • Appendix: Trimarc Security Recommendations

    • Standard Recommendations

    • Reducing Service Account Rights in Active Directory

    • Delegating Rights with Role Groups

    • Securing and Preventing Lateral Movement with a Host-Based Firewall

    • Securing Administration Recommendations

    • Hardening Active Directory Administration

    • Domain Controller System Encryption

    • Active Directory Security Best Practices

    • Microsoft Active Directory Security Reference Documents

    • Active Directory Security Reference Articles