Active Directory 보안 관련

https://adsecurity.org/?p=3377

http://securitywing.com/active-directory-security/

https://msdn.microsoft.com/en-us/library/bb727065.aspx

GPO security

https://technet.microsoft.com/en-us/library/cc960657.aspx

Active Directory Security Checklist

The following checklist is provided to help organizations assess and maintain the security of their Active Directory deployments: 

1. Ensure that the logical (forest, domain and trust-relationship) structure of your Active Directory is conceptually secure

2. Ensure that all Active Directory configuration (e.g. Schema, Replication, FSMOs, Backups) data is sound and secure

3. Ensure that adequate Active Directory management, security and disaster-recovery plans are in place and implemented

4. Ensure that adequate physical, system and network security is provided for all Domain Controllers and admin workstations

5. Ensure that the number of IT personnel who possess unrestricted administrative access in Active Directory is minimal

6. Ensure that all non-critical administrative tasks (e.g. password resets) are delegated based on the principal of least privilege

7. Ensure that IT personnel can audit all administrative delegations (i.e. assess and verify effective access) in Active Directory

8. Ensure that auditing mechanisms are in place to capture the enactment of all admin/delegated tasks in Active Directory

9. Ensure that all applications and tools used by IT personnel are trustworthy (i.e. verifiably safe, reputable and secure)

10. Ensure that security and effective access audits are performed on a regular basis to consistently ensure security

Best_Practices_for_Securing_Active_Directory.pdf