Over the years, STEALTHbits has picked up a few strategies for tightening up and hardening AD security. Here are a few tips they would like to share with you – they’re sure your prospects would appreciate them too:

Clean up stale objects – By reducing the number of stale objects in AD, the attack surface can also be reduced by eliminating objects that can be exploited by a hacker

Don’t use complex passwords – Complex passwords are better than simple, easily guessed passwords, but not as good as complex easy to remember passphrases like Boat2open!Friday

Don’t let employees have admin accounts on their workstations – If an attacker compromises a workstation, having local admin access will make lateral movement easy. Most end users do not need to install additional software on their machines, and therefore, do not need admin permissions

Lock down service accounts – Service accounts are frequently targeted by hackers due to their elevated privileges. Take a look at them and restrict their permission as much as possible

Eliminate permanent membership in security groups – Make all membership in important security groups like Enterprise Admin, Schema Admin and Domain Admin temporary. A breach to one of these will seriously compromise an organization


Interested in learning more? Read the full blog post here for a detailed write up on each of these tips as well as one bonus tip!


Leading Value Added Distributor
across the Gulf Region

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Powered by DraculApp © All Rights Reserved
All product names, logos, and brands are property of their respective owners. All company, product and service names in this website are for identification purposes only.

Share This