Have you ever felt like you're doing everything you possibly can to make your organization secure only to end up feeling like you missed out on something? Would it be easier if someone gave you a checklist on all the security best practices and options you need to configure for a secure AD? If your answer is yes, this post is for you.
As ADManager Plus is a solution to manage and report on your AD, making sure it is secure naturally ensures your AD isn't vulnerable. ADManager Plus' security hardening capability comes with a score that places your ADManager Plus deployment on a scale based on the product's security settings and options configured in the product. This feature helps you understand the security posture of your ADManager Plus instance and guides you to make it more secure. The higher the score is, the better the security practices in your organization. This feature would be helpful to understand the strength of your cyber security practices and guide you with ways to make it more secure.
Steps to configure security hardening settings in ADManager Plus:
Login to ADManager Plus console and navigate to the Admin tab.
Click Connection listed under General Settings.
Under Security Hardening, you can configure various security settings like,
Enforce HTTPS: Establish a secure connection between the ADManager Plus web-client and the ADManager Plus web server.
Enforce Two-factor Authentication: Add an additional layer of security while logging in to ADManager Plus. For more information on TFA services available in ADManager Plus, refer to this help document.
Change Default Admins Password: Changing the default password and using a strong one will strengthen the password of the Admin account, and ensure it is not compromised.
Enable CAPTCHA: Use CAPTCHA settings after a specific number of invalid login attempts to help mitigate bot-based attacks.
Block Invalid Login Attempts: Block a particular technician's account, once a specific number of consecutive unsuccessful login attempts have been made.
Enforce LDAP SSL: Set up a LDAP over SSL (LDAPS) connection to secure the information exchange between ADManager Plus and the LDAP servers.
Enforce Secure TLS: Ensure older TLS versions are disabled. ADManager Plus supports TLS versions 1.0, 1.1, and 1.2.
As you configure more of the required settings, the security score keeps increasing.
Tune in next week for another quick tip for better identity and access management!