Active Directory closely monitored by French IT security gendarmes

Later this week, the National Information Systems Security Agency (ANSSI) published a document to assist institutions in their process of securing and organizing Active Directory systems.

The French Agency established by the list of key configuration points that should be checked with more discipline for better supervision and safe environment of the Active Directory.

This article will also interest you: ANSSI takes a closer look at the threat to the aerospace sector

Through this action, the French cybersecurity watchdog clearly demonstrates that he is interested in this computer tool. And it seems that this interest dates back a very long time. Well, that's something that can be understood. Indeed, in a cyberattack, it is one of the most important elements, when it falls into the hands of cyber criminals, the case automatically becomes tough. The National Cyber Security Information Systems Agency itself describes the tool as the "critical security center of Microsoft's information systems." Active directory allows its main feature to manage accounts, permissions and even resources within the computer system. In fact, the introduction to the document published by ANSSI stated: "ANSSI's observations show a critical and recurring lack of maturity on the safety of Active Directory directories. The level of security thus decreases significantly with the time and pace of the manipulation of its objects or administrative actions."

More than fifty faulty or vulnerable points have been listed by the French Agency in its collection. The agency says these are commonly observed flaws. Depending on the severity of the failure, the different points are numbered from 1 to 3. The critical level of failure is 1. Level 3 means that we are facing "a basic level of security that has not been weakened since installation." At each item listed, a very detailed description is proposed, allowing for a better approach to the problem related to the failure. In addition to the description, the agency also makes recommendations to address each vulnerability.

By doing so for scoring, this system will allow to evaluate the security of the Active Directory tool by assigning it ratings starting from 1 to 5. "To get a level, an Active Directory must successfully pass through all the lower level checkpoints. A Level 5 directory has successfully passed all the checkpoints.Anssi noted in his collection.

Since the announcement of its Active Directory Security (ADS) service, the National Information Systems Security Agency has continued to make even more efforts regarding Microsoft's tool. The time moreover that this service and for the moment available only for public structures that have access to the interministerial network of the French state. ANSSI Active Directory Security provides a regular diagnosis of the security status of the digital directory. This diagnosis allows to have an overview of the total security situation related to the directory we have very well a score of 1 to 5 in all aspects.

Now access an unlimited number of passwords: