Financial Firm's Server Security: AD Policies Implementation Plan

Verified

Added on 2019/09/16

AI Summary

This assignment outlines the implementation of Active Directory (AD) policies to enhance server security within a financial services company. The primary goal is to secure systems while minimizing disruption to daily workflows. The implementation includes refining the management of administrative privileges across Development and Production environments. Advisor accounts will not be granted local administrative rights to Development servers, while regular accounts will. Production server access is tightly controlled, with only approved personnel having access. The Network Operations Center (NOC) team manages permissions in Production. The assignment emphasizes the importance of change deployments and rollouts, requiring proper authorization and communication. The document also mentions the use of group emails to inform stakeholders about system changes.

Hello, All,
As a growing financial services company, we face multiple challenges in the area of server
security which is an integral part of many guidelines on compliance and auditing. We are,
therefore, refining the way we manage administrative privileges across our Development and
Production environments.
The primary objective is to secure our systems but this needs to be accomplished such that
our normal daily workflow does not get disrupted. During the past several months, IT has
designed, tested and staged our Active Directory Container Policies in order to mitigate
vulnerabilities which are known and visible.
As part of this initiative, we intend to implement the following guidelines with regards to
Local Admin access:
 Advisor accounts will not be granted local administrative rights to Development
servers.
 Advisor accounts will be granted local administrative rights to Production servers
based on job functions and server class.
 Regular (non-advisor) accounts will be granted local administrative rights to
Development servers.
 Regular (non-advisor) accounts will not be granted local administrative rights to
Production servers.
Access to Production servers will be granted to individuals with approved changes,
rollout, or on-call responsibilities.
Approved Domain Admins group will be an exception to the above.
In Production, the NOC team will be responsible for managing all Group and User
permissions for roles such as on-call support, change deployments, and rollouts.
If your team has change deployments or rollouts and requires access to relevant systems,
kindly ask them to contact the NOC team with a valid CCR so that all required access can be
granted to your team.
Our IT shared folder provided additional information about this implementation exercise.
As we modify systems user account access, I will send out group emails to notify all
concerned about the same.
Warm regards,
(YOUR NAME)