What are the most common security mistakes made by administrators when setting up and migrating to AD? And what, if the answer is not the same as the previous question, are the things a security analyst should look for when assessing AD?
- In addition to sound, correct knowledge, most failures in security come from providing too much access to domain controllers -- i.e., DCs should not also be DHCP servers, RRAS servers, firewalls, IIS servers -- you get the picture.
- Much security for the database relies on the proper, secure configuration of the computer before it's made a DC. Installation on a secure network, using security baseline recommendations (the Microsoft Security Operations Guide has security template DCs, which lock down many things, including disabling unnecessary services. You can get a copy here.
If you hold a premium Microsoft cert, you can also access my article on securing AD from MCPmag.com.