Implementation of Security Plan
bjay71
Project3.docxRunning Head: Security Technologies Identified
Project #3: Technology Evaluation
Benson S. John
Practical Applications in Cybersecurity Management & Policy
UMUC
14th April, 2019
Introduction
Bank Solution Inc has gained a tremendous advantage over the past couple of years and have extended its operations to 18 item processing facilities with two data centers. The data center is the greatest asset that holds thousands of customers personal and confidential financial information. Bank Solution Inc is obligated and mandated by Financial Modernization Act of 1999, to protect the privacy of client’s finances (Financial Privacy, 2018). Report from the risk assessment shows that the company’s data center and the entire infrastructure will need state of the art technology that will bluster immerging cyber threat. To implement one of the recommendations, the company will invest in Microsoft Active Directory Domain Services (AD DS) for Windows Server 2016. It is a Microsoft proprietary technology that is used to manage workstations and other network devices and also one of the main features of Windows Server 2016 operating system (OS). It allows system administrators to create groups, manage domains, users, and objects within a network. AD/DS provides the means for keeping or storing directory data and making sure this information is available to users at all times. It stores data about user’s accounts, including passwords, names, phone numbers, and other vital information.
Analysis
Active Directory Domain Services (AD/DS) for windows server 2016 is one the most commonly used services on enterprise networks with an advanced authorization and authentication services including many other capabilities. To effectively implement this new technology, there are key technical terms that each and every system administrator will need to have a full knowledge of. For example, User which represent someone demanding access to a managed resource, Object representing a resource, Attribute- distinguishes or add functionality, Group which is a container used to organize user, object or computer to name a few.
Capabilities
Multi-Factor Authentication/ Conditional Access Control - this is a well-advanced feature in Active Directory Federation Services (ADFS) used to configure requirements authentication strength via multi-factor authentication, user identity, device compliance, group membership. These prerequisites can be configured per-application which gives system admin to configure advanced security for critical asset or applications.
Group membership expiration – This give the system admin to ability to assign temporary admin right. For example, third-party vendor may need certain permission to perform a task, the admin can create a group and then add them to the group with a specific time and date the privilege will expire.
Standards compliance - Active Directory is built on Lightweight Directory Access Protocol (LDAP), it has the capability to integrate with other services for third-party vendors to assimilate their components with Active Directory (“New Active Directory features coming in Windows Server 2016,” n.d.)
Cost
The cost to implement Active directory Domain Services (AD/DS) depends on the type of windows server 2016 Editions. The OS can be purchased and installed on a server or a license can be purchased from Microsoft. As a financial institution that deals with critical information, the company will invest in Microsoft Windows Server Datacenter Edition. This edition is vital for the company’s mission-critical asset that need reliable, secure, quality and effective management infrastructure. The base prince for the edition is $6,155.00 (Windows Server 2016 Editions, Pricing, Availability, Features, 2017).
Operational Infrastructure – authentication services requires 100% uptime and is a critical part of the entire IT operation. This means that the services should be available at all time and any downtime (Unavailable) will prevent user from accessing resources on the network. Because of this, system admins will have to make sure backup plans and redundancy are in place.
Management time – this involved hiring qualified system administrator to manage and up keep the system due to the fact that it requires constant update including patches, configuration and upgrade. With its tremendous capabilities, it requires substantial amount of time to support and as a result, many IT professionals have become an engineer (Bhargava, 2018).
Maintenance Requirements,
End user identity management self-service – system admins are always at their desk responding to calls from users to perform task such as provisioning, resetting passwords or account expires and because of the work load, they are often interrupted from other task to making sure users are functioning. End user self-service is an ideal choice, unfortunately, Active Directory lacks these key capabilities, therefore the work load falls on the administrator
Possible Issues
Migrating servers and applications -one of the difficult task administrator will have to do especially when migrating servers and applications due to the fact that all server application that relies AD may de difficult to migrate and some time impossible to move especially third-party vendor application. Sometime the vendor may not even have a clue or any documentation on how to migrate the application leaving it to the system admin figured it out.
Microsoft designed AD/DS to be used in a single forest therefore any organization that may need two or more schemas or global catalogs must therefore use multiple forests. This increases the workload on the system administrator. In addition, a separate domains and forests cannot be easily combined into one rather, the admin will have to perform hard migration process to move from one forest or domain into the other (Migration Considerations for Active Directory, 2014).
Vulnerabilities
Missed Configured Domain Controllers - AD/DS is very critical as it is the center for authorizing users, granting access within the network and therefore it is a major target for cyber-criminal to exploit if not configured properly. When cyber-criminal access AD/DS by compromising any administrative account or other elevated accounts, they can possibly access, servers, user’s accounts, applications, databases, and other types of data and this will jeopardize the security of the entire Active Directory forest.
Unpatched AD Servers: It is very vital that all server be patched as quickly as possible to resolve any vulnerability to prevent hackers from exploiting unpatched OS, applications, and even firmware on AD servers. Failure to resolve any vulnerability will absolutely give an attacker a critical adequate foothold of the entire infrastructure
Inappropriate Administrative Users and Privileged Access: Inappropriately assigning Domain privilege to IT personnel and other user’s accounts for which they are not supposed to have can be devastating. It is there empirical to assign privilege based on the individual role and does not require superuser privileges or high-level permission (Petters, 2019).
Pros
Centralizes Resource and Security Administration - This is the key advantage of Active Directory. It provides a single point from which system admin can implement, manage and secure network resources and their associated security objects. Bank Solutions, Inc. can easily implement this technology based on its financial or other business model, or the types of services being offered.
Provides a Single Point of Access – AD/DS provides a single point of administration for network resources. It can be configured to or implement to use a single sign-on that allows users to access network resources on servers from any location within the network or domain. To do this, users must be identified and authenticated by AD based on their permission, roles or privilege
Simplifies Resource Location – this gives users the ability to locate network resources such as print, files/folders that are published on the network. Publishing of an object helps users to search AD database for any chosen resource. The search can be done depending on the name, location or description (14 Benefits of a Windows Domain Controller Server, 2018).
Cons
· One of the biggest disadvantages of ADDS is that it is very expensive. The company will need to purchase Windows Server 2016 licenses and a possible hardware or server upgrade to run server operating system
· Very high maintenance costs.
· Any downtime of Active Directory will bring the entire network to its knees.
· It is prone to being hacked.
· Complex and high infrastructure cost
Summary and Conclusions
Financial Privacy. (2018, August 23). Retrieved from https://www.ftc.gov/news-events/media-resources/protecting-consumer-privacy/financial-privacy
New Active Directory features coming in Windows Server 2016. (n.d.). Retrieved from https://searchwindowsserver.techtarget.com/tip/New-Active-Directory-features-coming-in-Windows-Server-2016
Windows Server 2016 Editions, Pricing, Availability, Features. (2017, May 25). Retrieved from https://www.thewindowsclub.com/windows-server-2016-editions
Bhargava, R. (2018, January 03). Hidden Costs of Running Microsoft Active Directory. Retrieved from https://jumpcloud.com/blog/hidden-costs-microsoft-active-directory/
Migration Considerations for Active Directory. (2014, October 24). Retrieved from https://www.gartner.com/doc/2886618/migration-considerations-active-directory
Petters, J. (2019, March 25). Active Directory Security Best Practices | Varonis. Retrieved from https://www.varonis.com/blog/active-directory-security/
14 Benefits of a Windows Domain Controller Server. (2018, June 21). Retrieved from https://bscsg.com/14-benefits-keeping-local-server/
2
