Page 121 - Cyber Defense eMagazine September 2022
P. 121
2. Adopt trust security
Consider how best to establish trust in your environment. Within a single forest, all domains trust each
other, and you can escalate from one compromised domain to all the others. An Active Directory Forest
can be used to create separate areas of trust and access control. Implementing selective authentication
forces, you to make security decisions about who has access rather than using a “trust everyone”
approach. To be successful, keep the following in mind:
• Ensure SID filtering is active across all trusts between Active Directory forests.
• Consider enabling selective authentication to create a “default deny” trust rather than a “default
allow”.
3. Prioritize backup and recovery
Backup and recovery plans and processes are essential to implementing a solid recovery plan. Make
sure that your plan is documented and practice it annually, at least; there is no IT procedure whose
success depends more upon constant practice than disaster recovery. Time is critical in a crisis, and
that’s not the time you want to be relying on an outdated process (or worse, your memory) to restore your
critical systems. Most IT professionals document steps they plan to take during regular maintenance
windows. Why would you have anything less in place to use when disaster strikes? Doing a dry run also
helps ensure that you are correctly following the supported backup methods required by services like
Active Directory. (Pro tip: screenshots are not the thing to use here.) Fixing a faulty process is always
easier when you are not in crisis mode. Here are some essentials to keep in mind when considering your
backup and recovery process:
• Back up every domain, especially the root.
• Back up at least two domain controllers per domain.
• Test your backups regularly. This means actually recover AD from them; “backup successful”
messages are not tests.
• Use supported backup methods. Virtualization checkpoints or snapshots don’t count.
• Ensure backups are malware-free.
• Don’t forget to keep offline copies of backups. Offline storage is essential to protect your backups
from malware and ransomware. Many an attacked organization has found that its online backups
were also attacked and disabled.
• If administration of your backup application is AD integrated, have a “break glass” emergency
access method for when AD is unavailable.
Cyber Defense eMagazine – September 2022 Edition 121
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.