Are you still using legacy usernames like Administrator or admin in your Active Directory? Are you wanting to move your existing Active Directory to the cloud? It is common practice for bad actors to attack these legacy usernames.
If you haven’t heard of RDPSoft, this is a great tool that extends beyond just RDS management, it also includes a lot of built in reports that administrators will find valuable for advanced cloud workspace monitoring. One report they offer shows successful and unsuccessful login attempts into your environment. Not only does it show the usernames, login times and such, it also Geolocates these attempts based on the users IP address. This report was eye opening for me! The first time I ran this against one of my RDS deployments Administrator was the #1 username targeted for malicious login attempts. And these attempts were coming from all over the globe. It wasn’t just a few locations attempting a malicious login, it was numerous countries attempting malicious logins.
If you want to migrate your existing on-premises Active Directory to Azure, that’s great, but you need to “clean up” your legacy Active Directory before you move it to the cloud. So what should you do? Here are a few things that will make migrating to the cloud safer and easier.
- Rename your existing Administrator account to some other name. Something as simple as CloudAdmin would work… But please don’t use that name since I’ve made it public.
- Clean up all the old Group Policies that no longer apply. Do you know how many Active Directories that started with Small Business Server that I’ve seen? Of course, they still have all the old SBS Group Policies even though SBS was removed years ago. While these GPOs probably won’t create additional security exposures, it is a good practice to remove things that aren’t needed any longer. With Group Policies, you don’t have to delete the policies, you can disable them and test to make sure there isn’t a negative impact before actually deleting them. This way if you do still have some legacy dependency, you can identify them before creating a problem.
If you want to truly secure your Active Directory before moving it to the cloud, Microsoft has a Best Practices Guide for Securing Active Directory that would be worth reading.
Microsoft has a whole section on Securing the Built in Administrator accounts as well.
While the section on securing the Built-in Administrator account contains an extensive amount of guidance, the easiest way to quickly secure your Administrator account is to rename it. As the Article mentions, do not change the security settings of the Administrator account in case you need it for a recovery operation, but renaming it immediately takes it out of the line of direct attack.
Of course, there is plenty of guidance on additional efforts you can take to secure your infrastructure, but I’ve been amazed at the number of Active Directories I’ve seen that haven’t taken the simplest steps to reduce their exposure. Please do a little research on some of the fundamental steps you should take to protect your Active Directory before moving it to the cloud.
And if you need any help, feel free to email us at firstname.lastname@example.org.