Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-44058 | AD.MP.0004 | SV-56888r1_rule | ECSC-1 | Medium |
Description |
---|
AD admin platforms are used for highly privileged activities. Preventing communications to and from AD admin platforms, except with the domain controllers being managed, protects against an attacker's lateral movement from a compromised platform. Requirements in Firewall and Windows client STIGs restrict inbound communications, however outbound communications must be restricted as well to prevent inadvertent exposure of the privileged credentials used on these platforms. |
STIG | Date |
---|---|
Active Directory Domain Security Technical Implementation Guide (STIG) | 2014-04-01 |
Check Text ( C-49473r3_chk ) |
---|
Verify firewall rules prevent outbound communications from AD admin platforms, except for domain controllers being managed. If outbound communications are allowed between AD admin platforms and any other systems other than domain controllers, this is a finding. |
Fix Text (F-49678r3_fix) |
---|
Maintain firewall rules to prevent outbound communications from AD admin platforms, except with domain controllers being managed. |