Page 121 - Cyber Defense eMagazine September 2022
P. 121

2. Adopt trust security

            Consider how best to establish trust in your environment. Within a single forest, all domains trust each
            other, and you can escalate from one compromised domain to all the others. An Active Directory Forest
            can be used to create separate areas of trust and access control. Implementing selective authentication
            forces,  you  to  make  security  decisions  about  who  has  access  rather  than  using  a  “trust  everyone”
            approach. To be successful, keep the following in mind:

               •  Ensure SID filtering is active across all trusts between Active Directory forests.
               •  Consider enabling selective authentication to create a “default deny” trust rather than a “default
                   allow”.



            3. Prioritize backup and recovery


            Backup and recovery plans and processes are essential to implementing a solid recovery plan. Make
            sure that your plan is documented and practice it annually, at least; there is no IT procedure whose
            success depends more upon constant practice than disaster recovery. Time is critical in a crisis, and
            that’s not the time you want to be relying on an outdated process (or worse, your memory) to restore your
            critical systems. Most IT professionals document steps they plan to take during regular maintenance
            windows. Why would you have anything less in place to use when disaster strikes? Doing a dry run also
            helps ensure that you are correctly following the supported backup methods required by services like
            Active Directory. (Pro tip: screenshots are not the thing to use here.) Fixing a faulty process is always
            easier when you are not in crisis mode. Here are some essentials to keep in mind when considering your
            backup and recovery process:

               •  Back up every domain, especially the root.
               •  Back up at least two domain controllers per domain.
               •  Test your backups regularly. This means actually recover AD from them; “backup successful”
                   messages are not tests.
               •  Use supported backup methods. Virtualization checkpoints or snapshots don’t count.
               •  Ensure backups are malware-free.
               •  Don’t forget to keep offline copies of backups. Offline storage is essential to protect your backups
                   from malware and ransomware. Many an attacked organization has found that its online backups
                   were also attacked and disabled.
               •  If administration of your backup application is AD integrated, have a “break glass” emergency
                   access method for when AD is unavailable.














            Cyber Defense eMagazine – September 2022 Edition                                                                                                                                                                                                         121
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
   116   117   118   119   120   121   122   123   124   125   126