Security Archives - ADSploit

Real Time Event Notifications

Fri, 11 Sep 2009 18:36:21 +0000

IT admins don’t want small problems to snowball into an issue that can cause severe damage to a company’s infrastructure and Active Directory. They need a robust alert mechanism which identifies any threats in REAL TIME. Most IT organizations are unaware of the changes until something breaks. This leads to downtime, loss of productivity, and higher cost. Becoming proactive and more aware is part of the overall IT optimization strategy.
Consider this scenario: An administrative account in Active Directory has been hacked or accessed by someone with malicious intent and you as the administrator of the network are not aware. Logging into an administrative account is an activity that is very critical and ignoring it could result in irreparable damage to your network security.
A reporting solution while outlining what happened and when, will do so after considerable time has passed, when it could be too late to be acted upon. The usual audit solutions will help you outline and analyze who made changes to what- after you’ve discovered the damage. What is needed is a proactive approach to AD security- a product that will let you know Who made What changes When and Where, in REAL TIME. For such a product to work accurately, it cannot and should not rely only on Even Log information. The most reliable info is in Active Directory. The best solution in this case is to pull the data from both. Other changes in Active Directory might not necessarily require an administrators’ intervention, so adequate filtering is also needed.
Unmanaged changes are a problem in every company. They are THE primary cause of outages. If they are not prevented, the company will fail a security audit. However, even planned changes should be monitored to ensure that policies are being followed. Active Directory Change Notifier allows IT administrators to configure (define) alerts for one or more desired Active Directory events. Any alert is then delivered to the mailbox of intended recipients.
Active Directory Change Notifier is a flexible, scalable, easy to use application that will help you with your day-to-day activities. This application is part of our Active Directory solutions that are designed to simplify your IT environment and enable you to work better, faster, and more efficiently.

The post Real Time Event Notifications appeared first on ADSploit.

Administrative Security Risks

Thu, 16 Apr 2009 22:54:45 +0000

IT personnel cannot effectively manage their infrastructure without admin-level access. But with gaining this access comes great responsibility. Most companies do not effectively allocate their resources or implement enough technology tools to prevent information security risks. Often enough the response to countless regulations is to concentrate on building controls against external and internal business users, while ignoring IT administrators who more often than not have access to information well beyond the scope of their jobs. Recent damaging and costly incidents (UBS, City of San Francisco) prove that companies in any vertical industry, and of any size can be affected.

Giving administrators unlimited system authority is a reality for the foreseeable future, especially in SMB organizations that cannot afford Enterprise-level solutions. Traditional controls are ineffective against administrators armed with full access to all resources. Controlling administrative authority risks is key, and protecting the integrity of the company’s Active Directory is paramount- this is recognized as a vital piece of any organization’s security strategy. A domain administrator in an Active Directory forest can gain root access to any other domain (and therefore member system) in the forest.

Having sufficient separation between the AD administrators and other IT personnel has its own special set of challenges. The best ways of meeting these challenges differ according to an organization’s size. Small and midsized organizations often lack dedicated IT security staff. In those organizations, IT professionals are already busy keeping many different technologies operational. Other small or midsized organizations may employ an information security officer but that individual is often a generalist and frequently lacks the time or technical knowledge to manage this process. Large enterprises generally have dedicated staff to ensure this separation, but they end up overloaded by unnecessary fragmentation. Organizations in any one of these situations can benefit from the role delegation available in the Active Directory Manager. This application will allow the creation of specific roles, accessing specific containers, objects or reports within AD- depending on specific job functions. IT users can be assigned to these roles and thus maintain the separation between HelpDesk, system admins, IT generalists, etc. The Active Directory Manager reduces administrative costs by providing a dynamically configured and customized Web-based interface for each job function. IT personnel have access only to the resources necessary to perform their job function and nothing else. Thus a tighter security policy can be implemented- one that will reduce the threat and impact derived from the actions of rogue IT personnel and mitigate the information security risks.

The post Administrative Security Risks appeared first on ADSploit.

Server 2008 Backup

Tue, 07 Oct 2008 00:54:27 +0000

Recently, someone asked about that Windows Server 2008 Backup feature and I wanted to include a quick note about it on the blog as well.
The Windows Server 2008 Backup feature can be installed separately, and has a couple of subsets- Windows Server Backup and Command-line Tools. Through the helpful interface you can run your scheduled backups, but there are some changes worth noting:
-only direct attached storage (disks) with NTFS formatted volumes can be backed up
-you can only select to do a backup for an entire disk volume (even if you choose the Custom backup type). Yeah, it’s an all-or-nothing type of deal
-you can’t pick individual files, folders or Windows system state for backup
-you need to have a different location for your target backup
-you can no longer perform a backup to tape
Windows Server 2008 Backup has many new features and Microsoft does a good job of outlining them in the on-line help- check it out for more on this topic.

The post Server 2008 Backup appeared first on ADSploit.

Retrieving object details from Active Directory

Tue, 07 Oct 2008 00:51:47 +0000

Obtaining any type of info from your Directory Services requires scripting, if you’re using the native tools. There’s an easier and faster way- you can use third party Active Directory solutions like the Active Directory Manager, or Active Directory Reporter.
So let’s compare the two approaches; let’s try to get something simple… say “User” details:
1- Scripting. Ok, we’re not big fans of scripting around here. Still, let’s follow this through, painful as it is:
public void GetUserDetails()
{
try
{
drpUsersList.Items.Clear();
ListItem li =new ListItem(“– Users List –“,””);
drpUsersList.Items.Add(li);
string _path =”LDAP://Your Domain Name”;
_filterAttribute =txtSearchEmployee.Text;
DirectorySearcher dSearch = new DirectorySearcher(_path);
dSearch.Filter = “(&(objectClass=user)(givenName=” + _filterAttribute + “*))”;
foreach(SearchResult sResultSet in dSearch.FindAll())
{
LoginName=GetProperty(sResultSet,”cn”); // Login Name
FirstName=GetProperty(sResultSet,”givenName”); // First Name
MiddleInitials=GetProperty(sResultSet,”initials”);// Middle Name
LastName=GetProperty(sResultSet,”sn”); // Last Name
Company=GetProperty(sResultSet,”company”); // Company
State=GetProperty(sResultSet,”st”); //State
City=GetProperty(sResultSet,”l”); //City
Country=GetProperty(sResultSet,”co”); //Country
Postalcode=GetProperty(sResultSet,”postalCode”); //Postalcode
TelephoneNumber=GetProperty(sResultSet,”telephoneNumber”);
Email=GetProperty(sResultSet,”mail”); //Email
uniqueName = GetProperty(sResultSet,”mailnickname”);
ListItem newitem = new ListItem(uniqueName,uniqueName);
drpUsersList.Items.Add(newitem);
}
}
catch(Exception ex)
{
Response.Write(ex.Message.ToString());
}
}
public static string GetProperty(SearchResult searchResult, string PropertyName)
{
if(searchResult.Properties.Contains(PropertyName))
{
return searchResult.Properties[PropertyName][0].ToString() ;
}
else
{
return string.Empty;
}
}
2- Active Directory Manager/Active Directory Reporter. First off- NO SCRIPTING. Once you log in through the web interface (that’s your bowser), it’s pretty easy to obtain any details about User objects. It’s a 3 step process taking virtually seconds- click on the “Reports Tab/User reports”, click “General Reports” and “All Users”. In the next screen, search for the user you’re looking for, and the Active Directory Manger will display all the User details.
The script in the first example is quite simple. By all accounts, if you want to do anything more involved in AD the script is only going to get more complicated. And we all know the longer the script is, the more chances you have of something going wrong.
In today’s world, you have to simplify your IT– why add more complexity to your environment?

The post Retrieving object details from Active Directory appeared first on ADSploit.

Quick note about Group Policies – Server 2003 vs. Server 2008

Tue, 07 Oct 2008 00:47:13 +0000

A major issue in Server 2003 implementations of Group Policies is the huge amount of space they take up. For each Policy, there’s a corresponding .ADM file. The .ADM file supports only the English language, and it’s also 3.5MB in size. Not much right? When you consider that for each policy you have, there’s a new .ADM file and another 3.5MB, you can see how this can get out of control. For example, let’s say you have 200 policies– that’s 700MB of extra data that you have to back up. Even if you only have 100 policies, that’s still 350MB.
Server 2008 offers a new way of dealing with this issue. In Server 2008 you can use ADMX files, which are based on XML- more lightweight by comparison. With the new ADML files, you now also have multiple language support.
The Active Directory solutions we provide will help with your Group Policies management. Contact us for more information.

The post Quick note about Group Policies – Server 2003 vs. Server 2008 appeared first on ADSploit.

Failed to access IIS metabase

Tue, 07 Oct 2008 00:44:24 +0000

When setting up the Active Directory Manager, some people may encounter issues related to the IIS setup.
The possible cause: When you install IIS AFTER .NET 2.0 framework, the rights of the ASPNET user had not been set correctly.
Suggested resolution: Repair (Uninstall if repair does not work for you) .NET Framework 2.0
You can run the following from the command line to reset the IIS registry settings for aspnet user. In most cases, framework directory for .Net Framework 2.0 resides under C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

Microsoft KB Resources
Contact us for more Active Directory help.

The post Failed to access IIS metabase appeared first on ADSploit.

Identity and access management policies

Tue, 07 Oct 2008 00:40:04 +0000

In many cases, adding personnel accounts and application is tedious, and involves inputting information about a new hire by hand, which could take days in some instances. Even then, some users may not have access to the applications they need, and often will have to log in using a colleague’s name and password while access was requested, cleared and granted. This is a huge security black hole for the enterprise. Implementing identity and access management software is a security process improvement that is essential in today’s corporate environment.
Identity and access management can also play a role in compliance issues. Using the native tools, all the audits involve the manual process of finding out who had access to what? Who authorized that access? When was it authorized? When was the last time they reset their password? Using an identity and access management application like the Active Directory Manager or the Active Directory Reporter will vastly improve and automate your audit process.
You may think a departed employee is gone forever, but if your organization doesn’t have a comprehensive identity and access management plan, you may be in trouble. Disabling user accounts during the employee termination process is a gaping flaw in most companies. Weeks, months and even years after an employee has left you can still see their names and personal information floating around. Compounding this security breach is the fact that in some cases, former employees’ accounts are still active. This access crisis can also happen when an employee changes jobs within the same company, but retains access to applications and information that isn’t appropriate for their new job anymore. If an identity and access management policy is too lax, it can create data loss and security breaches, and if the policy is too strict, employees who need access will simply find a way around it and defy the set policy.
If you’d like to talk more about the identity and access management policies in place at your company, please contact us directly.

The post Identity and access management policies appeared first on ADSploit.

Dashboards

Tue, 07 Oct 2008 00:27:08 +0000

One important feature of our products is the easy to use Dashboard. Fully customizable, it acts as a portal to the product features. Our products are web-based, so with the right set of permissions, you’ll be able to access them from anywhere, at any time.
Below you’ll find a quick overview of the Dashboard’s Home Page, available in our Active Directory Manager. For additional questions, please contact us at info [at] cionsystems.com

The post Dashboards appeared first on ADSploit.