ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

More documents

Recommendations

Info

Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency E. Access Requirements: Other Party (NetBIOS\FQDN) Access Requirements MEFN19 \ MEFN19.USN.MIL - NORTH users access personnel files in the MEFN19 domain. - MEFN users access inventory files in the NORTH domain. UNI91 - UNI91 (Solaris) users access inventory files in the NORTH domain. B.2.1.2 Example Trust Relationship Documentation - Forest Root Domain The following example documents trust relationships for a forest root domain that has established a bidirectional forest trust with another forest and an incoming forest trust with a DMZ-based forest. AD Trust Relationship Documentation A. Domain NetBIOS name:_VCFN______ Verified:_Jan 2006_ Fully Qualified Domain Name:__VCFN.DISA.MIL_____________ B. Classification:_Unclass____ C. MAC:_II_ Confidentiality:_Sensitive__ D. Trusts Defined: Type Other Party (NetBIOS\FQDN) MAC Classif. Direction Transitive Selective Forest AOFN21 \ AOFN21.DISA.MIL II Unclass Both N/A Yes Yes Forest VCDMZF \ VCDMZF.DISA.MIL II Unclass Incoming N/A N/A N/A E. Access Requirements: Other Party (NetBIOS\FQDN) Access Requirements AOFN21 \ AOFN21.DISA.MIL - VCFN users access Target Practice application hosted in AOFN21 forest. - AOFN21 users access color laser printers in VCFN forest. VCDMZF \ VCDMZF.DISA.MIL - VCDMZF is a DMZ forest that may be accessed by VCFN administrators. UNCLASSIFIED Auth SID Filtering B-4
Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency APPENDIX C: VMS PROCESS GUIDANCE This appendix provides guidance for entering and accessing the asset information in VMS for the items covered by the Checklist. There are three review subjects covered in the Checklist: - Active Directory Implementation - This subject covers checks for AD Domain Controllers, AD Domains, and the AD Forest that make up an implementation of Active Directory. - Synchronization\Maintenance Application - This subject covers checks for an individual installation of an application used to perform synchronization or maintenance on one or more Active Directory implementations. - ADAM - This subject covers checks for an individual installation of ADAM as a directory service. To understand how to access the VMS data, it is helpful to know how the data is organized. The following table summarizes this VMS data organization. Review Subject Items Included VMS VMS Asset Data Organization Asset Type Active Directory AD Domain Controller Windows server OS Asset Posture Computing Implementation with Domain Controller Role AD Domain Active Directory Domain Asset Non-Computing AD Forest Active Directory Forest Asset Non-Computing Synch\Maint Application Synch\Maint Application Synch\Maint App Asset Posture Computing ADAM ADAM Instance ADAM Instance Asset Posture Computing Note: The path used to access asset data in the VMS application depends on the assigned role of the user: - System Administrators (SAs) use the Asset Finding Maint. item on the VMS menu, select the Assets / Findings item, and navigate to assets under the By Location branch. - Reviewers use the Asset Finding Maint. item on the VMS menu, select the Assets / Findings item, and navigate to assets under the Visit branch. Because this is the significant detail in which the procedures vary between SAs and Reviewers, a single set of procedures is defined here and variations are noted where relevant. C.1 AD Implementation Data - AD Domain Controller, AD Domain, AD Forest AD implementation data is expressed in VMS through three categories: - The AD Domain Controller category is not explicitly defined in VMS. Rather, to take advantage of the existing VMS data, the asset data for AD Domain Controllers is stored under assets that are defined with a Windows server OS Asset Posture and the Domain Controller Role. - AD Domain asset data is stored though the definition of an “Active Directory Domain” Non-Computing asset in VMS. - AD Forest asset data is stored though the definition of an “Active Directory Forest” Non-Computing asset in VMS. UNCLASSIFIED C-1
Page 1 and 2:
ACTIVE DIRECTORY SECURITY CHECKLIST
Page 3 and 4:
Active Directory Checklist, V1R1.2
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74: Active Directory Checklist, V1R1.2
Page 123: Active Directory Checklist, V1R1.2
show all

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?