ACTIVE CERTIFICATE SERVICES (PKI) ANALYSIS

 
cc.png
 

Active Directory Certificate Services (PKI) Analysis

Verify the actual security of your Active Directory Certificate Services solution

Improsec performs an Active Directory (AD) Certificate Services Analysis to assess the current configuration, as well as the procedural and technical controls, that harden the environment to withstand - or reduce - the impact of a cyber intrusion of your Microsoftbased PKI solution. Potential impacts of such an intrusion may lead to lack of trust in both existing and new certificates, and hence a potential breach of integrity and/or confidentiality in your enterprise.

The analysis provides an overview of misconfigurations and/or insufficient missing defensive measures.


Value

  • Verify the actual security of your AD Certificate Services solution

  • See how the current configuration of AD Certificate Services compares against industry best practices

  • Get recommendations on how to improve the configuration of AD Certificate Services


Product

The deliverable of the analysis is a written report containing the following:

  • A non-technical section with an Executive Summary for management and decision makers

  • A technical section including a prioritized list of observations in both procedural and technical aspects, as well as tangible recommendations to mitigate and reduce the impact of a cyber intrusion and optimize the security posture of the AD Certificate Services environment


Method

Our analysis is based on Microsoft’s best practices, combined with our knowledge and experience, and will be conducted from a domain-joined Windows computer that is provided by you. Our technical tests require information to be extracted from Domain Controllers and Certificate Authorities. We provide the scripts to be executed, the output of which enables us to gain a deep understanding of your AD Certificate Services environment.

Improsec will analyse areas such as physical and logical design of your AD Certificate Services, security configuration and delegation, algorithms, logging and alerting, monitoring and backup/restore/disaster recovery capabilities.

In addition to our technical analysis and assessment, we also interview relevant parties from your business, or your designated third-parties, to gain deeper knowledge of the procedures and policies in place, and how well they are implemented in daily operations.

Involvement

The delivery requires minimal involvement of your technical staff.


 
 
 
 

Download full description as PDF file