Identity and access management

/0 Comments/in , /by

Access control is often discussed as part of identity and access management (IAM). This is a market that has grown during the past few years thanks to more and more organizations wanting to satisfy compliance requirements. Better access control is needed- not just for compliance, but also to address vulnerabilities and safeguard against malicious acts. For example- on January 24, 2008, a rogue trader at Société Générale in France placed $7.2 billion in fraudulent trades. He had built up positions worth more than $73 billion—more than the bank’s estimated market value of $50 billion. How could such massive fraud occur at the second-largest bank in France? “Very clearly, some internal control procedures didn’t work,” said Christine Lagarde, France’s Finance Minister, after the investigation. A couple of more examples: More than $12 was million lost when an administrator planted logic bombs that destroyed critical programs at Omega Engineering. $2.5 million of intellectual property was lost when an administrative assistant at “Steven E. Hutchins Architects” deleted seven years’ worth of architectural drawings. She used her own credentials to access the server where the drawings were stored.
Every company has to identify all the sensitive data in the organization and regularly audit access to it. Without that, there is no way to know just how much the company has already lost to insider attacks or how much will potentially be lost.The 2007 E-Crime Watch Survey reports that “unauthorized access to/use of corporate information, systems or networks was the most common insider crime. In several cases, having a role distribution policy in place would have prevented the malicious acts. Consider the access to the network and to user accounts, where junior-level administrators have access to the network and to user accounts, so they can reset passwords, restart servers, and perform other administrative tasks. Or the superuser accounts that can bypass system controls to access or destroy sensitive information. Or the unauthorized access to an application using a stolen password to a privileged account.
Having solid procedures in place can prevent events that can have disastruous consequences. “It is important that organizations are proactive in their approach to mitigating insider threats,” says Dawn Cappelli, Senior Member of the Technical Staff at CERT. CionSystems’ Active Directory management suite can help. Real-time notifications, in-depth reporting, granular password management tools and role-based delegation will help control insider access and mitigate risk.

Configuring Wireless settings with Group Policy

/0 Comments/in , /by

Active Directory can be used to manage Wireless configurations and can really help remote users leverage wireless. I recently read a great article about this on TechRepublic and although Derek is using the GPMC, other third party applications like the Active Directory Manager can be used for Group Policy creation and management.

Managing disk capacity

/0 Comments/in , /by

It is difficult for an IT administrator to keep a constant vigil on the available disk space for their file and print servers. This becomes critical if the servers host Exchange and SQL because running out of disk space can cause Exchange and other database-dependent application to fail. Email is a business-critical application, and anything affecting its performance has an immediate, and most times severe effect on the enterprise. Let’s face it, users go through their allocated disk quota very quickly and if you’re not paying attention it’ll get out of hand and cause lost productivity and an increase in the cost of doing business.

In a recent case, a customers had a process where the IT administrator spent one full day (every Friday) to collect the storage information from each file/print server, Exchange, SQL and others. They were interested in 2 specific metrics: disk size and available disk space- and they wanted it mapped to a weekly usage chart. This process helped them plan and control their usage, as well as avoid downtime ensuring enough capacity for the business-critical applications. As time passed, doing all these tasks manually became cumbersome, time consuming and very expensive. The IT departments started lagging when addressing business needs in a timely fashion. They needed help and started investigating third party management solutions to aid them in collecting this data.

After evaluating and purchasing our Active Directory Manager for this and other related tasks, their IT administrator was able to set up and schedule a report showing the specific information they were looking for. The disk storage report of each server is now distributed without the IT admin having to spend any time capturing and collating the data. They are now able to save time and operate more efficiently.