Active Directory (AD) is the backbone of a Windows Server 2003 or Windows 2000 Server domain infrastructure, providing a channel for security implementation and maintenance in the forest. Secure AD and you have advanced the protection of all forest elements. Ignoring AD security can put your entire infrastructure at risk. Securing AD, however, is not a trivial task. Many Windows security subsystems are integrated with it, and many of them can be used to secure it. The account database, Kerberos authentication protocol, password policy, definition of user rights and system controls, assignment of object permissions—all are contained in or managed with AD. You must also consider the distribution of its elements and the nature of the people who interact with it. AD is not some entity that can be localized on a single machine but spans multiple computers and networks. It presents a broad attack surface and many threats must be evaluated. There are literally hundreds of steps that should be at least considered when designing, implementing, and maintaining AD security. This e-book can help you with that task.
