Today, I'd like to share 10 elemental, essential and in fact paramount cyber security questions that every organization in the world should have answers to. They are directly related to the Trillion $ question I posed to Microsoft earlier this week.
(Quick Note: As I indicated last week, sometime this week, I will be respectfully taking Microsoft to Active Directory Security School. This post is not the one that takes them to school. Along the lines of yesterday's Trillion $ Q post, this post also helps set the stage for that post. That post will be titled "Defending Active Directory Against Cyberattacks", and will be out this week.)
Here they are -
1. Exactly who has the Replication Get Changes All extended right effectively granted in the domain root's ACL?
2. Exactly who can change the security permissions in the ACL on the domain root object?
3. Exactly who can reset the password* of all default and custom administrative (privileged) user accounts?
4. Exactly who can modify the membership of all default and custom administrative (privileged) security groups?
5. Exactly who can manage the contents of the Systems container and the Configuration and Schema partitions?
6. Exactly who can change the security permissions in the ACL of the AdminSDHolder object?
7. Exactly who can modify the default Domain Controllers Policy or link a GPO to the Domain Controllers OU?
8. Exactly who can establish and/or manage cross forest trusts, or trusts to external domains?
9. Exactly who can reset the password* of all executive accounts (e.g. Chairman, CEO, CIO, CFO, CISO etc.)?
10. Exactly who can create, control (i.e. manage and/or delegate management of) and delete vital Active Directory content, such as all (valuable) domain user and computer accounts, security groups, organizational units etc.?
* If Smart cards are in use, exactly who can disable the use of Smart cards on these domain user accounts?
Not only are these 10 elemental cyber security questions directly related to Active Directory security, they directly impact and are imperative to foundational cyber security of 1000s of business and government organizations in 150+ countries worldwide.
They are imperative to foundational cyber security because anyone who can enact these tasks could instantly gain command and control over the entire organization's security. For details, after Nov 01, please visit - www.paramountdefenses.com/blog/
Incidentally, to be able to answer any and each of these 10 elemental and essential cyber security 101 questions, organizations require the ability to perform just one technical process. So, here's another trillion $ question - What is that one process?
The answer to this trillion question is coming soon, right here on this blog, later this week. (Stay tuned.)
Oh, and if any cyber security company on the planet (including but not limited to Microsoft, Amazon, IBM, Google, Cisco, EMC, Dell, Centrify, Palo Alto Networks, FireEye, CyberArk, BeyondTrust, Leiberman Software, Checkpoint Software, CrowdStrike, Palantir Technologies, Kasperky Labs, Tripwire, HP, EY, PwC, DarkTrace, Lockheed Martin, BAE Systems, Tanium, BAH etc. etc.) has a clue as to the answer AND can help the world accurately answer these 10 basic, essential questions, let me know.
Organizations that do NOT have answers to these basic 10 cyber security 101 questions CANNOT be considered secure today.
Best wishes,
Sanjay