Real Time Event Notifications

IT admins don’t want small problems to snowball into an issue that can cause severe damage to a company’s infrastructure and Active Directory. They need a robust alert mechanism which identifies any threats in REAL TIME.  Most IT organizations are unaware of the changes until something breaks. This leads to downtime, loss of productivity, and higher cost. Becoming proactive and more aware is part of the overall IT optimization strategy.
Consider this scenario: An administrative account in Active Directory has been hacked or accessed by someone with malicious intent and you as the administrator of the network are not aware. Logging into an administrative account is an activity that is very critical and ignoring it could result in irreparable damage to your network security.
A reporting solution while outlining what happened and when, will do so after considerable time has passed, when it could be too late to be acted upon. The usual audit solutions will help you outline and analyze who made changes to what- after you’ve discovered the damage. What is needed is a proactive approach to AD security- a product that will let you know Who made What changes When and Where, in REAL TIME.  For such a product to work accurately, it cannot and should not rely only on Even Log information. The most reliable info is in Active Directory. The best solution in this case is to pull the data from both. Other changes in Active Directory might not necessarily require an administrators’ intervention, so adequate filtering is also needed.
Unmanaged changes are a problem in every company. They are THE primary cause of outages. If they are not prevented, the company will fail a security audit. However, even planned changes should be monitored to ensure that policies are being followed. Active Directory Change Notifier allows IT administrators to configure (define) alerts for one or more desired Active Directory events. Any alert is then delivered to the mailbox of intended recipients.
Active Directory Change Notifier is a flexible, scalable, easy to use application that will help you with your day-to-day activities. This application is part of our Active Directory solutions that are designed to simplify your IT environment and enable you to work better, faster, and more efficiently.

Administrative Security Risks

IT personnel cannot effectively manage their infrastructure without admin-level access. But with gaining this access comes great responsibility. Most companies do not effectively allocate their resources or implement enough technology tools to prevent information security risks. Often enough the response to countless regulations is to concentrate on building controls against external and internal business users, while ignoring IT administrators who more often than not have access to information well beyond the scope of their jobs. Recent damaging and costly incidents (UBS, City of San Francisco) prove that companies in any vertical industry, and of any size can be affected.

 

Giving administrators unlimited system authority is a reality for the foreseeable future, especially in SMB organizations that cannot afford Enterprise-level solutions. Traditional controls are ineffective against administrators armed with full access to all resources. Controlling administrative authority risks is key, and protecting the integrity of the company’s Active Directory is paramount- this is recognized as a vital piece of any organization’s security strategy. A domain administrator in an Active Directory forest can gain root access to any other domain (and therefore member system) in the forest.

 

Having sufficient separation between the AD administrators and other IT personnel has its own special set of challenges. The best ways of meeting these challenges differ according to an organization’s size. Small and midsized organizations often lack dedicated IT security staff. In those organizations, IT professionals are already busy keeping many different technologies operational. Other small or midsized organizations may employ an information security officer but that individual is often a generalist and frequently lacks the time or technical knowledge to manage this process. Large enterprises generally have dedicated staff to ensure this separation, but they end up overloaded by unnecessary fragmentation. Organizations in any one of these situations can benefit from the role delegation available in the Active Directory Manager. This application will allow the creation of specific roles, accessing specific containers, objects or reports within AD- depending on specific job functions. IT users can be assigned to these roles and thus maintain the separation between HelpDesk, system admins, IT generalists, etc. The Active Directory Manager reduces administrative costs by providing a dynamically configured and customized Web-based interface for each job function. IT personnel have access only to the resources necessary to perform their job function and nothing else. Thus a tighter security policy can be implemented- one that will reduce the threat and impact derived from the actions of rogue IT personnel and mitigate the information security risks.

Identity and access management

Access control is often discussed as part of identity and access management (IAM). This is a market that has grown during the past few years thanks to more and more organizations wanting to satisfy compliance requirements. Better access control is needed- not just for compliance, but also to address vulnerabilities and safeguard against malicious acts. For example- on January 24, 2008, a rogue trader at Société Générale in France placed $7.2 billion in fraudulent trades. He had built up positions worth more than $73 billion—more than the bank’s estimated market value of $50 billion. How could such massive fraud occur at the second-largest bank in France? “Very clearly, some internal control procedures didn’t work,” said Christine Lagarde, France’s Finance Minister, after the investigation. A couple of more examples: More than $12 was million lost when an administrator planted logic bombs that destroyed critical programs at Omega Engineering. $2.5 million of intellectual property was lost when an administrative assistant at “Steven E. Hutchins Architects” deleted seven years’ worth of architectural drawings. She used her own credentials to access the server where the drawings were stored.
Every company has to identify all the sensitive data in the organization and regularly audit access to it. Without that, there is no way to know just how much the company has already lost to insider attacks or how much will potentially be lost.The 2007 E-Crime Watch Survey reports that “unauthorized access to/use of corporate information, systems or networks was the most common insider crime. In several cases, having a role distribution policy in place would have prevented the malicious acts. Consider the access to the network and to user accounts, where junior-level administrators have access to the network and to user accounts, so they can reset passwords, restart servers, and perform other administrative tasks. Or the superuser accounts that can bypass system controls to access or destroy sensitive information. Or the unauthorized access to an application using a stolen password to a privileged account.
Having solid procedures in place can prevent events that can have disastruous consequences. “It is important that organizations are proactive in their approach to mitigating insider threats,” says Dawn Cappelli, Senior Member of the Technical Staff at CERT. CionSystems’ Active Directory management suite can help. Real-time notifications, in-depth reporting, granular password management tools and role-based delegation will help control insider access and mitigate risk.

Configuring Wireless settings with Group Policy

Active Directory can be used to manage Wireless configurations and can really help remote users leverage wireless. I recently read a great article about this on TechRepublic and although Derek is using the GPMC, other third party applications like the Active Directory Manager can be used for Group Policy creation and management.

Managing disk capacity

It is difficult for an IT administrator to keep a constant vigil on the available disk space for their file and print servers. This becomes critical if the servers host Exchange and SQL because running out of disk space can cause Exchange and other database-dependent application to fail. Email is a business-critical application, and anything affecting its performance has an immediate, and most times severe effect on the enterprise. Let’s face it, users go through their allocated disk quota very quickly and if you’re not paying attention it’ll get out of hand and cause lost productivity and an increase in the cost of doing business.

In a recent case, a customers had a process where the IT administrator spent one full day (every Friday) to collect the storage information from each file/print server, Exchange, SQL and others. They were interested in 2 specific metrics: disk size and available disk space- and they wanted it mapped to a weekly usage chart. This process helped them plan and control their usage, as well as avoid downtime ensuring enough capacity for the business-critical applications. As time passed, doing all these tasks manually became cumbersome, time consuming and very expensive. The IT departments started lagging when addressing business needs in a timely fashion. They needed help and started investigating third party management solutions to aid them in collecting this data.

After evaluating and purchasing our Active Directory Manager for this and other related tasks, their IT administrator was able to set up and schedule a report showing the specific information they were looking for. The disk storage report of each server is now distributed without the IT admin having to spend any time capturing and collating the data. They are now able to save time and operate more efficiently.

Security and Flexibility in the corporate IT environment

IT managers have a tough job ahead of them. Having to keep the company’s workstations and servers secure and at the same time providing a flexible work (technology) environment that will handle exceptions as they come up.  It’s a tall order. The first instinct is to make the workstation so secure that it’s unusable. On the same token, a workstation that’s too flexible is more likely to pose a huge security risk.
A good IT manager can achieve a balance. In the enterprise the policies are usually created in a ‘top-down’ fashion, which basically means that the corporate standards can impose strict protocols. There are many reasons for having these protocols and standards:
– Reduced cost for deployment: standardizing means less work for IT
– Reduced troubleshooting time: IT staff has an easier time figuring out what’s wrong
– Best practices and optimization
Unfortunatelly you can’t have one standard that fits all cases. Additionally, even though corporate sets the standards, those policies are not always followed or implemented uniformly. Some of the reasons for non-compliance are:
– The need for autonomy: shrinking budgets resulting in limited support
– Different demands for flexibility within different departments
– Lack of understanding of corporate protocols
Many IT managers buy into the idea of implementing expensive tools to solve these problems not realizing that an excellent way of establishing control is through Microsoft’s Group Policy that is built into Active Directory. To fully configure the Group Policies that will fulfill both the IT and business requirements, IT managers need third party applications like the Active Directory Manager. The Active Directory Manager makes Group Policy Management a snap by simplifying the process, and ensuring the flexibility and granularity needed.
Ultimatelly, implementing a cost-effective application like the Active Directory Manager will drive efficiency, decrease downtime and ensure compliance with corporate policies and protocols.