Active Directory
• Review the domain controller disk space reports.• Backups of – AD, backup includes capturing system state, information related to AD database, logs, registry, boot files, SYSVOL and other system files.
• Evidence for AD replication is working correctly.
• Snapshot of event logs for persistent errors.
• Is defragmentation is done to increase performance as large directories running for long time can get large and fragmented.
• Proof of integrity of AD DS database files with respect to AD semantics using NTDSUTIL.
• Where password files are kept and who is responsible.
• Is there any formal method exists for adding new users?
• Is there any formal method of notifying the Administrator of staff changes exists, with access levels being amended without delay (particularly if staff are required to leave the organisation)?
• Any formal mechanism exists for changing users / access rights to the files.
• What is the User account/ID lockout due to invalid passwords attempts
• Are the IT Administrator users are also complying with these policies and IS there any generic IDs created in Active Directory?
DNS
• Snap short of DNS Records for obsolete static entries.• Proof of Ensure DNS Scavenging is configured.
• Do we have clean up forwarders
• Have we remove stale zones
• Have we remove WINS dependencies (DNS is fully capable of providing all long and short name resolution services)
• Security Aspects
-Have we allowed only secure dynamic updates for all DNS zones.
-Is AD ACLs is used to secure access control of the DNS Server service.
-Snapshot of Audit Directory Service Access is enabled and what is the setting.
-Determine the parameters to prevent DNS flooding
-Determine the parameters to prevent Cache Poisoning Attacks, Man in the Middle Attacks
-Determine the Security log is maintained for DNS Update
DHCP
-Is there any network architecture diagram for appropriate details-Do we have LAN port assignment are documented.
-Proof of whether legal IP addresses are being used and whether the organization is following a well-organized naming and IP-addressing and sub-networking scheme to prevent duplicate network and host IP addresses.
-Snap short of Audit Logging is enabled on DHCP Server.
-Confirm that the Full disk check enabled in DHCP Server when A set number of server events are logged and When the date changes on the server computer.
-Confirm NAC (Network Access Control) is in place and any unauthorized machine should be authenticated at machine level through NAC
-Snapshot of Static IPs should not be enabled to prevent DoS and spoofing attacks.
-Are we using any kind of MAC filtering
-Proof of DHCP Administrators monitor the configuration changes of the DHCP Servers.
-No Rogue Dynamic Host Configuration Protocol ( DHCP) servers are present on network. run Microsoft's DHCP Server Location
-Are logs for critical DHCP related events check. Is there any proactive monitoring solution for real-time data.
-Do we run offline maintenance against the dhcp.mdb file on a quarterly or half-yearly basis.
-What is the directory path in which the DHCP server stores audit log files.
-What is the maximum size restriction (in megabytes) for the total amount of disk space available for all audit log files created and stored by the DHCP service.
-What is the interval for disk-checking that is used to determine how many times the DHCP server writes audit log events to the log file before checking for available disk space on the server.
-What is the minimum size requirement (in megabytes) for server disk space that is used during disk-checking to determine whether sufficient space exists for the server to continue audit logging.
Certificates & Patches
1. ADFS Certificates for ‘Token Signing’ and ‘token decrypting’2. Windows patch update report to show that all current, relevant patches, service packs and other updates to the operating system of Applications Servers have been applied.
No comments:
Post a Comment