Working with Security

My colleagues and I have been recently working on a security update for a client. This client carried out a penetration test on their systems and the results were interesting reading, and in some cases, enlightening.

I won’t go into details, but I did make several notes during the work. So here is a list of bullet points that any IT admin should be looking out for:

  • Check your password policy. The NCSC recommends a password length of 14 to 22 characters.
  • If you have separate admin accounts on your Active Directory, consider using a Fine-Grained Policy to enforce a stricter policy on those accounts.
  • If you have separate privileged user accounts in Azure, consider changing them to eligible accounts in Privileged Identity Management (PIM) (requires an Azure AD Premium P2 license).
  • Consider linking your AD Passwords to the Azure AD Password Policy. This allows you to blacklist certain words and phrases; and requires the installation of a service on each DC (requires an Azure AD Premium P1 or P2 license).
  • If you have a lot of on-premises servers, chances are you have a lot of local admin passwords being identical. Consider using Local Admin Password System which will allow you to automatically change the passwords for you.
  • Likewise, with on-premises servers, you may be using user accounts as a service principal. If so, either using a Managed Service Account or ensuring an FGP on those accounts.

Those points are the key ones that any IT Security Administrator should be looking for when securing all their servers and systems.

Bibliography:

  • Fine-grained Policies: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/introduction-to-active-directory-administrative-center-enhancements–level-100-
  • Privileged Identity Management: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
  • Azure AD Password Protection: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad
  • Local Admin Password System: https://www.microsoft.com/en-us/download/details.aspx?id=46899

About the author